Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] filters are working incorrectly for Isolated agent status under alert flyout #123193

Closed
ghost opened this issue Jan 18, 2022 · 11 comments
Closed

[Security Solution] filters are working incorrectly for Isolated agent status under alert flyout #123193

ghost opened this issue Jan 18, 2022 · 11 comments
Assignees
@janmonschke
Labels
bug Fixes for quality problems that affect the customer experience fixed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Investigations Security Solution Investigations Team Team:Threat Hunting Security Solution Threat Hunting Team v8.3.0

Comments

@ghost
Copy link

ghost commented Jan 18, 2022

Describe the bug
filters are working incorrectly for Isolated agent status under alert flyout

Build Details:

Version: 8.0.0 Snapshot
Build:49040
Commit: 155e06787e48de9a8de4345d86a826e95edf32ec

Browser Details:
N/A

Preconditions

  1. Kibana should be running on 8.0.0 snapshot
  2. Endpoint should be installed
  3. Alerts should be generated

Steps to Reproduce

  1. Navigate to Alerts table under security
  2. Click on view details icon on any alerts
  3. Click on Take action and click on isolate host.
  4. Apply the filter in and filter out from isolated status
  5. Observe that filter in and filter out functionality is working incorrect

Actual Result
Hover actions are showing for Isolated agent status under alert flyout

Expected Result
filter in and filter out functionality should be working correctly for Isolated agent status under alert flyout

What's Working

  • N/A

What's Not Working

  • This issue is also occurring for agent status filter

Screen-Shot

Alerts.-.flyout.mp4
@ghost ghost added bug Fixes for quality problems that affect the customer experience triage_needed v8.0.0 impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Jan 18, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@ghost ghost assigned ghost and michaelolo24 and unassigned ghost Jan 18, 2022
@MadameSheema MadameSheema added Team:Threat Hunting:Investigations Security Solution Investigations Team and removed triage_needed v8.0.0 labels Jan 18, 2022
@michaelolo24 michaelolo24 removed their assignment Jan 18, 2022
@michaelolo24
Copy link
Contributor

I've asked @kevinlog 's team to help us take a look into this as we're not sure exactly what the value should filter on

@MindyRS MindyRS added the Team:Threat Hunting Security Solution Threat Hunting Team label Feb 23, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@janmonschke janmonschke mentioned this issue Apr 12, 2022
Closed
@janmonschke
Copy link
Contributor

This issue has been fixed in #130042 and should be part of the next BC

@ghost
Copy link
Author

ghost commented Apr 14, 2022

Hi Team,

We have validated this issue on 8.2.0 BC3 and observed that issue is Still Occurring 🔴

Please find below the testing details:

Build Details:

Version : 8.2.0 BC3
Build : 51885
Commit : 2ea6dc82752506d6f7aa34bda747f99c6fbfd152

Screencast

isolate.mp4

Thanks!!

@MadameSheema
Copy link
Member

@janmonschke can you please take a look at the above when you have the chance?

@janmonschke janmonschke self-assigned this Apr 14, 2022
@janmonschke
Copy link
Contributor

Ah yes, this appears to be an edge-case for isolated agents. I'll investigate!

@janmonschke
Copy link
Contributor

Since the fix will have an impact to a lot of places where the Agent status field is shown, we decided not to squeeze this into 8.2 but to work on it for 8.3 and take some time to make sure that the field behaves correctly in other contexts.

@janmonschke janmonschke mentioned this issue May 20, 2022
Merged
@janmonschke
Copy link
Contributor

The fix for this just landed in main 🎉 #132586

@ghost
Copy link
Author

ghost commented May 30, 2022

Hi @janmonschke,

We have Validated this issue on 8.3.0 SNAPSHOT and observed that issue is Fixed 🟢

Filters are not showing for Isolated Agent

Please find the below testing details:

Build Details:

Branch: 8.3.0 SNAPSHOT
Build: 53035
Commit : c993ff2a4fa10898d5a6e15aeb1d0848534ae48e

Screencast

filters.mp4

Hence, We are closing this ticket and marking as QA Validated

Thanks!!

@ghost ghost added the QA:Validated Issue has been validated by QA label May 30, 2022
@ghost ghost closed this as completed May 30, 2022
@ghost
Copy link
Author

ghost commented Jun 3, 2022

Hi @janmonschke,

We have validated this issue on 8.3.0 BC2 and observed that issue is now Fixed.

Filters are not showing for Isolated Agent

Please find below the testing details:

Build Details:

Version : 8.3.0 BC2
Build : 53231
Commit : 25476b531ba9f32292bde85508d342aa5e1c29eb

Screenshots
image

cc: @MadameSheema

Thanks!!

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@janmonschke janmonschke

Labels
bug Fixes for quality problems that affect the customer experience fixed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Investigations Security Solution Investigations Team Team:Threat Hunting Security Solution Threat Hunting Team v8.3.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@janmonschke @MindyRS @elasticmachine @michaelolo24 @MadameSheema