New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution][Timeline] #181122
Comments
Pinging @elastic/security-solution (Team: SecuritySolution) |
Pinging @elastic/security-threat-hunting (Team:Threat Hunting) |
Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations) |
Thanks for opening this issue @stevengoossensB ! We'll take a look into why this inconsistency is happening, thanks! |
@stevengoossensB thanks for opening this ticket! In order to help here we would need some more information. Could you answer the following questions when you get a chance:
Thanks! |
|
@stevengoossensB thanks for the details. At the moment I'm unable to reproduce the issue locally, on I'm pinging the rule management team to see if they have an idea. We'll get back to you as soon as we know more! |
@PhilippeOberti Thanks, let me know if you need any more detail... btw, maybe it wasn't clear from the message, but the prefered behavior would be to have all of the exclusions always excluded when pivoting toward the timeline. Without that, too much irrelevant data is shown to analysts. |
Agreed on the preferred behavior! |
Summary
Timeline does not include the
NOT Exceptions
filter, depending on where it's launched from the quick button next to the alert.Steps to reproduce:
NOT Exceptions
filter, showing all excluded eventsNOT Exceptions
filter, hiding all excluded eventsExpected behavior
Both ways to access the timeline have the same behavior, including the
NOT Exceptions
filterThe text was updated successfully, but these errors were encountered: