[Security Solution] [Timeline] The Alert (kibana.alert.reason
) renderer is always enabled in Timeline, even when the Alerts
category is disabled
#181745
Labels
bug
Fixes for quality problems that affect the customer experience
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Team:Threat Hunting:Investigations
Security Solution Investigations Team
[Security Solution] [Timeline] The Alert (
kibana.alert.reason
) renderer is always enabled in Timeline, even when theAlerts
category is disabledThe Alert Renderer is an interactive version of the
kibana.alert.reason
field. It ensures every alert has a "fallback" row renderer, because some alerts won't be rendered by the more specialized renderers, e.g. netflow, audit, etc.It's possible to disable all other row renderers in Timeline, but it's not possible to disable the Alert (
kibana.alert.reason
) renderer.There is already a (legacy) category named
Alerts
inCustomize Event Renderers
modal, shown in the screenshot below:however the Alert (
kibana.alert.reason
) renderer is still displayed for alerts, even when theAlerts
category is unchecked. The setting does not take effect because theAlerts
category does not include the (fallback) (kibana.alert.reason
) renderer.Kibana/Elasticsearch Stack version:
main
/v8.15.0
Functional Area (e.g. Endpoint management, timelines, resolver, etc.):
Timeline
Steps to reproduce:
Investigate in timeline
row-level action for an alertExpected results
Click the settings gear to display the
Customize Event Renderers
modalClick the
Disable all
buttonExpected result
Customize Event Renderers
modalExpected result
Actual result
The text was updated successfully, but these errors were encountered: