[Internal]: Alerts closing reason #2810
Description
Description
What: we are adding the ability for users to specify a closing reason when they close an alert.
When: this feature will be shipped and GA in 9.2
This feature is something other SIEM system already have and has been missing in Kibana. Users have been using tags so far to compensate, but it's time we provide them a proper solution.
This will allows users to specify a reason for closing an alert (optional). If they specify one, a new field will be populated in the alerts document: kibana.alert.workflow_reason.
Users can filter and sort by this new field.
If the user decides to re-open the alert, the field will be removed from the document.
Resources
PR: elastic/kibana#226590
Issue: elastic/kibana#225977
Which documentation set does this change impact?
Elastic On-Prem and Cloud (all)
Feature differences
The features do not difference between the environments
What release is this request related to?
9.2
Serverless release
Not clear yet - we are still waiting for the final list of reasons from the PM. Once that comes in we will merge and it will be available in serverless the week after
Collaboration model
The documentation team
Point of contact.
Main contact: @NicholasPeretti
Stakeholders: @paulewing