Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Enabling,Disabling Include building block alerts checkbox, On group by alerts table Navigates UI to alert charts. #150832

Closed
Tracked by #152134
sukhwindersingh-qasource opened this issue Feb 10, 2023 · 5 comments · Fixed by #152235
Closed
Tracked by #152134

[Security Solution] Enabling,Disabling Include building block alerts checkbox, On group by alerts table Navigates UI to alert charts. #150832

sukhwindersingh-qasource opened this issue Feb 10, 2023 · 5 comments · Fixed by #152235
Assignees
@stephmilovic
Labels
bug Fixes for quality problems that affect the customer experience fixed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Explore Team:Threat Hunting Security Solution Threat Hunting Team v8.7.0

Comments

@sukhwindersingh-qasource
Copy link

Describe the bug:
Enabling,Disabling Include building block alerts checkbox, On group by alerts table Navigates UI to alert charts.

Build Details:

VERSION: 8.7.0
BUILD: 60614
COMMIT: d3b239d76aa04f073836f6100782134ac86887e2

Preconditions

  • Kibana should be running.
  • One Host should be present on kibana.
  • Create two rules with the Following details
  • Rule 1 : Custom query as - process.name : *
  • Rule 2 : Custom query as - process.name : * and enabling Mark all generated alerts as "building block" alerts check box.

Steps to Reproduce

  • Navigate to Security
  • Now navigate to alerts tab.
  • Select Group alerts by Host name.
  • Now open the group alert table.
  • Enable,Disable Include building block alerts checkbox

Actual Result
Enabling,Disabling Include building block alerts checkbox, On group by alerts table Navigates UI to alert charts.

Expected Result
Enabling,Disabling Include building block alerts checkbox, On group by alerts table, UI should remains as it is and group by alerts table remain in open state.

Alerts.-.Kibana.-.Google.Chrome.2023-02-10.13-06-08.mp4

Screen-Recording

Alerts.-.Kibana.-.Google.Chrome.2023-02-10.13-06-42.mp4
@sukhwindersingh-qasource sukhwindersingh-qasource added bug Fixes for quality problems that affect the customer experience triage_needed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Feb 10, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@sukhwindersingh-qasource
Copy link
Author

@karanbirsingh-qasource Please review this.

@MadameSheema MadameSheema added Team:Threat Hunting Security Solution Threat Hunting Team Team:Threat Hunting:Explore labels Feb 16, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@stephmilovic
Copy link
Contributor

stephmilovic commented Feb 23, 2023
edited

Not sure how we should handle this... @YulNaumenko I noticed something else. If I have a alerts grouped by rule name, and all of the rule's alerts are building block, when the checkbox is toggled off, this rule group disappears. I can get it back by checking the building block back on in a different rule group. How should we handle this, it's a bit weird. cc: @paulewing

uhoh.mov

PS - this video was taken on main, where building block alert highlighting is broken due to an unrelated change

Also this can get you in a weird state if you only have one rule and it is building block. Toggle it off, all groups disappear and query empty. You have no way to toggle it back on unless you add a new rule to bring a group back and toggle it back on. This video sort of demonstrates that, but luckily in this scenario we have other rules we can use to bring it back:

uhoh2.mov

This was referenced Feb 24, 2023
Closed
Merged
@stephmilovic stephmilovic reopened this Feb 28, 2023
@sukhwindersingh-qasource
Copy link
Author

Hi @MadameSheema

We have validated this issue on 8.7.0 BC4 build and observed that issue is not occurring, It is Fixed. ✔️

Please find the below Testing Details:

Build info

VERSION: 8.7.0
BUILD: 60949
COMMIT: de22cd9361a0dbf429f9648d3c7b7c45aa862e90

Screen-Recording

Alerts.-.Kibana.Mozilla.Firefox.2023-03-02.13-28-22.mp4

Hence, We are Closing this issue and marking it as QA Validated!!
Thanks!!

@sukhwindersingh-qasource sukhwindersingh-qasource added the QA:Validated Issue has been validated by QA label Mar 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stephmilovic stephmilovic

Labels
bug Fixes for quality problems that affect the customer experience fixed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Explore Team:Threat Hunting Security Solution Threat Hunting Team v8.7.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Security solution] Alert Grouping - fix loading issues stephmilovic/kibana
6 participants
@stephmilovic @elasticmachine @MadameSheema @YulNaumenko @karanbirsingh-qasource @sukhwindersingh-qasource