[Security][Gap Fill][9.3 & Serverless]: Docs recent additions for gap fill feature #4403
+39
−20
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
✅ Vale Linting ResultsNo issues found on modified lines! |
Contributor
🔍 Preview links for changed docs |
…-content into issue-3969-gaps-pt1
benironside
approved these changes
Dec 19, 2025
Contributor
benironside
left a comment
benironside
left a comment
There was a problem hiding this comment.
I like the edits, structurally it makes sense and I only found a couple minor edits to suggest.
|
|
||
| ::::{tip} | ||
| :applies_to:{stack: ga 9.3, serverless: ga} | ||
| Use the **Gap fill status** filter in the Rules table to find rules with the gap status you specify. |
Contributor
There was a problem hiding this comment.
Suggested change
| Use the **Gap fill status** filter in the Rules table to find rules with the gap status you specify. | |
| Use the **Gap fill status** filter in the Rules table to find rules with the specified gap status. |
| ``` | ||
|
|
||
| Gaps in rule executions are periods of time where a rule didn’t run. They can be caused by various disruptions, including system updates, rule failures, or simply turning off a rule. Addressing gaps is essential for maintaining consistent coverage and avoiding missed alerts. | ||
| Use the information in the Gaps table to assess the scope and severity of rule execution gaps. To control what's shown in the table, you can filter the table by gap status, select a time range for viewing gap data, and sort multiple columns. {applies_to}`stack: ga 9.3` Fill all gaps for the rule by clicking **Fill all gaps**. |
Contributor
There was a problem hiding this comment.
Suggested change
| Use the information in the Gaps table to assess the scope and severity of rule execution gaps. To control what's shown in the table, you can filter the table by gap status, select a time range for viewing gap data, and sort multiple columns. {applies_to}`stack: ga 9.3` Fill all gaps for the rule by clicking **Fill all gaps**. | |
| Use the information in the Gaps table to assess the scope and severity of rule execution gaps. To control what's shown in the table, you can filter the table by gap status, select a time range for viewing gap data, and sort multiple columns. | |
| {applies_to}`stack: ga 9.3` Fill all gaps for the rule by clicking **Fill all gaps**. |
Brandon shared a best practice with me recently which is to not have applies to labels be inline. I think this makes it a bit more clear what the applies to... applies to 
nkhristinin
reviewed
Dec 22, 2025
|
|
||
| * {applies_to}`stack: ga 9.0` **Only rules with gaps**: Filters the Rules table to only display rules with unfilled or partially filled gaps. | ||
| * {applies_to}`stack: ga 9.1` **Only rules with unfilled gaps**: Filters the Rules table to only display rules with unfilled gaps. Note that the filter excludes rules with gaps that are being filled. | ||
| The **Rule Monitoring** tab provides a starting point for understanding and remediating gaps in rule executions, which are periods of time where a rule didn’t run. Gaps can be caused by various disruptions, including system updates, rule failures, or simply turning off a rule. Addressing gaps is essential for maintaining consistent coverage and avoiding missed alerts. |
There was a problem hiding this comment.
rule failures - can't cause a gap at the moment
| Within the Rules table, several columns provide additional gap data: | ||
|
|
||
| * **Last Gap (if any)**: Shows how long the most recent gap for a particular rule lasted. | ||
| * **Unfilled gaps duration**: Shows whether a rule still has gaps and provides a total sum of the remaining unfilled or partially filled gaps. The total sum can change based on the selected time range. If a rule has no gaps, the columns display a dash (`––`). |
There was a problem hiding this comment.
The total sum can change based on the selected time range.
it's 90 days also
|
|
||
| * **Last Gap (if any)**: Shows how long the most recent gap for a particular rule lasted. | ||
| * **Unfilled gaps duration**: Shows whether a rule still has gaps and provides a total sum of the remaining unfilled or partially filled gaps. The total sum can change based on the selected time range. If a rule has no gaps, the columns display a dash (`––`). | ||
| * {applies_to}`stack: ga 9.3`{applies_to}`serverless: ga`**Gap fill status**: Shows the status of the rule's gaps. If a rule has any unfilled gaps, the gap status is `Unfilled`. If all gaps for the rule are being are being filled, the status is `In progress`. Once all gaps have been filled, the status changes `Filled`. |
There was a problem hiding this comment.
If all gaps for the rule are being are being filled, the status is
In progress.
I think we should worded this section more clearly to show how this status works, because it's not entirely correct now.
IF any gap is unfilled THEN show Unfilled
ELSE IF any gaps are being filled THEN SHOW In progress
ELSE show Filled
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Contributes to #3969 by documenting the following UI changes that have been released in Serverless:
Note that within the "Rule Monitoring" section, content about rule gaps has been moved under a new sub-section titled "Find rule execution gaps" and the information has been slightly re-organized to show when certain functionality is available.
Generative AI disclosure