[8.12] [ESS][Pt. Duex] Adding value list file size constraints to UI docs (backport #5001) (#5250)

mergify[bot] · nastasha-solomon · web-flow · commit 50e4a39d4213 · 2024-05-20T17:42:08.000-04:00
* First draft * Input from Yara * Update docs/detections/value-list-exceptions.asciidoc * Update docs/detections/value-list-exceptions.asciidoc * Remove duplicated content (cherry picked from commit 2e9f4b1) Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
diff --git a/docs/detections/value-list-exceptions.asciidoc b/docs/detections/value-list-exceptions.asciidoc
@@ -17,11 +17,12 @@ TIP: You can also use a value list as the <<indicator-value-lists,indicator matc
 [float]
 [[manage-value-lists]]
 === Create value lists
-When creating a value list for a rule exception, be mindful of the list's size and data type. In general, all rule types support value list exceptions, but there are some limitations for especially large lists or certain data types. The following value list types can _only_ be used with custom query, machine learning, and indicator match rule types:
+When you create a value list for a rule exception, be mindful of the list's size and data type. All rule types support value list exceptions, but extremely large lists or certain data types have limitations. 
 
-* Keyword or IP address lists with more than 65,536 values
-* IP range lists with more than 200 dash notation values (for example, `127.0.0.1-127.0.0.4` is one value) or more than 65,536 CIDR notation values
-* Text data type lists of any size
+Custom query, machine learning, and indicator match rules support the following value list types and sizes:
+
+* **Keywords** or **IP addresses** list types with more than 65,536 values
+* **IP ranges** list type with over 200 dash notation values (for example, `127.0.0.1-127.0.0.4` is one value) or more than 65,536 CIDR notation values
 
 To create a value list:
 
@@ -34,6 +35,8 @@ act as delimiters.
 * All values in the file must be of the same {es} type.
 
 * Wildcards are not supported in value lists. Values must be literal values.
+
+* The maximum accepted file size is 9 million bytes.
 =========================
 
 . Go to *Rules* -> *Detection rules (SIEM)*.
