Elastic Security known issues
Known issues are significant defects or limitations that may impact your implementation. These issues are actively being worked on and will be addressed in a future release. Review the Elastic Security known issues to help you make informed decisions, such as upgrading to a new version.
Duplicate alerts can be produced from manually running threshold rules
Elastic Stack versions: 9.0.0
On November 12, 2024, it was discovered that manually running threshold rules could produce duplicate alerts if the date range was already covered by a scheduled rule execution.
Manually running custom query rules with suppression could suppress more alerts than expected
Elastic Stack versions: 9.0.0
On November 12, 2024, it was discovered that manually running a custom query rule with suppression could incorrectly inflate the number of suppressed alerts.