From ab6b85de295e9491be187174dd404dc867829bdd Mon Sep 17 00:00:00 2001
From: galex505 <173912747+galex505@users.noreply.github.com>
Date: Tue, 13 Aug 2024 10:06:45 +0200
Subject: [PATCH] chore: clarify Regex baselining

---
 baselining/case-creation1.rst | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/baselining/case-creation1.rst b/baselining/case-creation1.rst
index ea61869..a51f24e 100644
--- a/baselining/case-creation1.rst
+++ b/baselining/case-creation1.rst
@@ -182,7 +182,10 @@ removed from the log management view.
 
 .. warning:: 
    It is recommended to use regular expressions only rarely and with
-   caution. This feature can severely impact the performance of the system.
+   caution. This feature can severely impact the performance of the system. Regex from cases will be applied to every single event on import.
+
+Elasticsearch uses Apache Lucene's regular expression engine to parse these queries. Please take a look at the Elasticsearch manual for further information about the regular expression syntax:  
+https://www.elastic.co/guide/en/elasticsearch/reference/current/regexp-syntax.html
 
 ChatGPT Integration
 ^^^^^^^^^^^^^^^^^^^
@@ -281,4 +284,4 @@ bottom.
 .. figure:: ../images/cockpit_event-anon-rule.png
    :alt: Event Anonymization Rule
 
-   Event Anonymization Rule
\ No newline at end of file
+   Event Anonymization Rule