[Redo][8.2] Highlight that rule exceptions are case-sensitive (#4839)

nastasha-solomon · web-flow · commit 9d67ba5cba40 · 2024-02-20T11:51:21.000-05:00
* Creating backport

* Update docs/detections/detections-ui-exceptions.asciidoc
diff --git a/docs/detections/detections-ui-exceptions.asciidoc b/docs/detections/detections-ui-exceptions.asciidoc
@@ -123,10 +123,10 @@ the exception prevents the rule from generating alerts when the
 +
 [IMPORTANT]
 ============
+* Rule exceptions are case-sensitive, which means that any character that's entered as an uppercase or lowercase letter will be treated as such. In the event you _don't_ want a field evaluated as case-sensitive, some ECS fields have a `.caseless` version that you can use.
 * You can use nested conditions. However, this is only required for
 <<nested-field-list, these fields>>. For all other fields, nested conditions
 should not be used.
-
 * Wildcards are not supported in rule exceptions or value lists. Values must be literal values.
 ============
 +
@@ -196,6 +196,8 @@ The *Add Endpoint Exception* flyout opens, from either the rule details page or
 image::images/endpoint-add-exp.png[]
 . If required, modify the conditions.
 +
+IMPORTANT: Rule exceptions are case-sensitive, which means that any character that's entered as an uppercase or lowercase letter will be treated as such. In the event you _don't_ want a field evaluated as case-sensitive, some ECS fields have a `.caseless` version that you can use.
++
 NOTE: See <<ex-nested-conditions>> for more information on when nested conditions are required.
 
 . You can select any of the following:

Original file line number	Diff line number	Diff line change
`@@ -123,10 +123,10 @@ the exception prevents the rule from generating alerts when the`
`123`	`123`	`+`
`124`	`124`	`[IMPORTANT]`
`125`	`125`	`============`
	`126`	+* Rule exceptions are case-sensitive, which means that any character that's entered as an uppercase or lowercase letter will be treated as such. In the event you _don't_ want a field evaluated as case-sensitive, some ECS fields have a `.caseless` version that you can use.
`126`	`127`	`* You can use nested conditions. However, this is only required for`
`127`	`128`	`<<nested-field-list, these fields>>. For all other fields, nested conditions`
`128`	`129`	`should not be used.`
`129`		`-`
`130`	`130`	`* Wildcards are not supported in rule exceptions or value lists. Values must be literal values.`
`131`	`131`	`============`
`132`	`132`	`+`
`@@ -196,6 +196,8 @@ The Add Endpoint Exception flyout opens, from either the rule details page or`
`196`	`196`	`image::images/endpoint-add-exp.png[]`
`197`	`197`	`. If required, modify the conditions.`
`198`	`198`	`+`
	`199`	+IMPORTANT: Rule exceptions are case-sensitive, which means that any character that's entered as an uppercase or lowercase letter will be treated as such. In the event you _don't_ want a field evaluated as case-sensitive, some ECS fields have a `.caseless` version that you can use.
	`200`	`++`
`199`	`201`	`NOTE: See <<ex-nested-conditions>> for more information on when nested conditions are required.`
`200`	`202`
`201`	`203`	`. You can select any of the following:`