Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bulk merge alerts into case lose description's alert #1065

Closed
torsolaso opened this issue Jul 19, 2019 · 6 comments

Comments

@torsolaso
Copy link

commented Jul 19, 2019

Request Type

Bug

Work Environment

Question Answer
OS version (server) Ubuntu,
TheHive version / git hash 3.3.0-RC6

Problem Description

Hi,

we deteted that when you select various alerts and merge them into a new case you lose all the descriptions. This would not be a problem if you could continue making the preview but how it is working now you can't access to alert description neither in the case nor in the alert

Steps to Reproduce

  1. select multiple alerts
  2. Merge in a case
  3. Go to Case description and see how it is empty
  4. Try to return to alert preview and observe how you can't access to alert description
@nadouani nadouani added the bug label Jul 19, 2019
@nadouani

This comment has been minimized.

Copy link
Contributor

commented Jul 19, 2019

This is in fact a bad user experience. Thanks for catching it.

@nadouani

This comment has been minimized.

Copy link
Contributor

commented Jul 19, 2019

That said, the issue with merging the descriptions is that, if you have 100 alerts with the same or big descriptions, it will be unreadable.

We probably need to allow viewing the already imported alerts, in a readonly manner.

@nadouani nadouani added this to the 3.4.0 milestone Jul 19, 2019
@ag-michael

This comment has been minimized.

Copy link

commented Jul 19, 2019

@nadouani Maybe if there is an 'Alerts' section (much like 'tasks' and 'observables' section) for each case where you can scroll through and expand to view alerts, that might solve some this? If so, when importing alerts, I'd like the option to select whether or not the alert description will be set as the case description , if selected only the latest alert's description is used.

@torsolaso torsolaso changed the title bulk merge anterts into case lose description's alert bulk merge alerts into case lose description's alert Jul 22, 2019
@crackytsi

This comment has been minimized.

Copy link

commented Jul 30, 2019

I'm also a little unhappy that importing an alert to a case modifies the Case description by concatenating all descriptions.
For my opinion it would be better to be able to just view the imported alerts and do not update the description of the case at all. You can easily modify it by some text, that represents the full case not just the combination of all indivudual alerts ;)

@veeral-patel

This comment has been minimized.

Copy link

commented Aug 7, 2019

@ag-michael I think this is the right approach!

nadouani added a commit that referenced this issue Aug 30, 2019
@nadouani

This comment has been minimized.

Copy link
Contributor

commented Aug 30, 2019

The solution we have opted for is to allow users to preview the alerts related to a case, without putting the descriptions or every alert into the cases description, because if you merge 100 alerts into the same case, it will result on unusable case description

@nadouani nadouani closed this Aug 30, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
6 participants
You can’t perform that action at this time.