Updates manual run docs (#6800) (#6812)

mergify[bot] · nastasha-solomon · web-flow · commit ea8736faa1ba · 2025-05-01T15:00:25.000-04:00
* First draft * Re-adds the beta tag * update screenshot * Update docs/detections/rules-ui-monitor.asciidoc * Update docs/detections/rules-ui-monitor.asciidoc Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com> * consistency --------- Co-authored-by: Janeen Mikell Roberts <57149392+jmikell821@users.noreply.github.com> (cherry picked from commit a5d83de) Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
diff --git a/docs/detections/images/manual-rule-run-table.png b/docs/detections/images/manual-rule-run-table.png
diff --git a/docs/detections/rules-ui-manage.asciidoc b/docs/detections/rules-ui-manage.asciidoc
@@ -111,7 +111,7 @@ NOTE: When duplicating a rule with exceptions, you can choose to duplicate the r
 
 beta::[]
 
-Manually run enabled rules for a specified period of time for testing purposes or additional rule coverage. 
+Manually run enabled rules for a specified period of time to deliberately test them or provide additional rule coverage.
 
 IMPORTANT: Before manually running rules, make sure you properly understand and plan for rule dependencies. Incorrect scheduling can lead to inconsistent rule results.
 
@@ -121,20 +121,21 @@ IMPORTANT: Before manually running rules, make sure you properly understand and
 * Select all the rules you want to manually run, select the **Bulk actions** menu, then select **Manual run**.
 . Specify when the manual run starts and ends. The default selection is the current day starting three hours in the past. The rule will search for events during the selected time range.
 . Click **Run** to manually run the rule.
-+
-NOTE: Manual runs can produce multiple rule executions. This is determined by the manual run's time range and the rule's execution schedule.
 
-The manual run's details are shown in the <<manual-runs-table,Manual runs>> table on the *Execution results* tab. Changes you make to the manual run or rule settings will display in the Manual runs table after the current run completes.
+The rule will run over the time range that you selected. Go to the <<manual-runs-table>> on the **Execution results** tab to track the manual rule executions. 
 
 [NOTE] 
 =====
 Be mindful of the following:
 
-* Rule actions are not activated during manual runs. 
+* <<rule-notifications,Rule actions>> are not activated during the manual runs.
+* Any changes that you make to the manual run or rule settings will display in the Manual runs table after the current run completes.
 * Except for threshold rules, duplicate alerts aren't created if you manually run a rule during a time range that was already covered by a scheduled run.
-* Manual runs are executed with low priority and limited concurrency, meaning they might take longer to complete. This can be especially apparent for rules requiring multiple executions.
+* Manually running a custom query rule with suppression may incorrectly inflate the number of suppressed alerts.
+
 =====
 
+
 [float]
 [[snooze-rule-actions]]
 === Snooze rule actions
diff --git a/docs/detections/rules-ui-monitor.asciidoc b/docs/detections/rules-ui-monitor.asciidoc
@@ -62,35 +62,34 @@ Use these controls to filter what's included in the logs table:
 
 * The *Show metrics columns* toggle includes more or less data in the table, pertaining to the timing of each rule execution.
 
-* The *Actions* column allows you to show alerts generated from a given rule execution. Click the filter icon (image:images/filter-icon.png[Filter icon,18,17]) to create a global search filter based on the rule execution's ID value. This replaces any previously applied filters, changes the global date and time range to 24 hours before and after the rule execution, and displays a confirmation notification. You can revert this action by clicking *Restore previous filters* in the notification.
 
 [float]
 [[manual-runs-table]]
 ==== Manual runs table
 
 beta::[]
 
-Each manual run can produce multiple rule executions, depending on the time range of the run and the rule's execution schedule. These details are shown in the Manual runs table.
+You can <<manually-run-rules,manually run>> enabled rules for a specified period of time to deliberately test them or provide additional rule coverage. Each manual run can produce multiple rule executions, depending on the time range of the run and the rule's execution schedule. 
 
-To access the table, navigate to the detection rules page, click the rule's name to open its details, then scroll down and select the **Execution results** tab. Scroll down again to find the Manual runs table. 
+NOTE: Manual runs are given lower priority and limited concurrency, meaning they might take longer to complete. This can be especially apparent for rules requiring multiple executions.
 
-To stop an active run, go to the appropriate row and click **Stop run** in the **Actions** column. Completed rule executions for each manual run are logged in the Execution log table.
+The Manual runs table tracks manual rule executions. To access the table, navigate to the detection rules page, click the rule's name to open its details, then scroll down and select the **Execution results** tab. Scroll down again to find the Manual runs table.  
 
-[role="screenshot"]
-image::images/manual-rule-run-table.png[Manual rule runs table on the rule execution results tab]
-
-The Manual runs table displays important details such as:
+The Manual runs table provides important details such as:
 
+* The total number of rule executions that the manual run will produce and how many are failing, pending, running, and completed.
+* When the manual run started and the time range that it will cover.
++
+NOTE: To stop an active run, go to the appropriate row in the table and click **Stop run** in the **Actions** column. Completed rule executions for each manual run are logged in the Execution log table.
++
 * The status of each manual run:
-** **Pending**: The rule is not yet running. 
-** **Running**: The rule is executing during the time range you specified. Some rules, such as indicator match rules, can take longer to run.
-** **Error**: The rule's configuration is preventing it from running correctly. For example, the rule's conditions cannot be validated.
+** `Pending`: The rule is not yet running. 
+** `Running`: The rule is running during the time range you specified. Some rule types, such as indicator match rules, can take longer to run.
+** `Error`: The rule's configuration is preventing it from running correctly. For example, the rule's conditions cannot be validated.
 
-* When a manual run started and the time in which it will run
-
-* The number of rule executions that are failing, pending, running, and completed for a manual run
+[role="screenshot"]
+image::images/manual-rule-run-table.png[Manual rule runs table on the rule execution results tab]
 
-* The total number of rule executions that are occurring for a manual run
 
 [float]
 [[troubleshoot-signals]]
