Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] No value is displaying for rule.reference field under alerts details #116260

Open
ghost opened this issue Oct 26, 2021 · 7 comments
Open

[Security Solution] No value is displaying for rule.reference field under alerts details #116260

ghost opened this issue Oct 26, 2021 · 7 comments
Assignees
@michaelolo24
Labels
bug Fixes for quality problems that affect the customer experience impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Investigations Security Solution Investigations Team Team:Threat Hunting Security Solution Threat Hunting Team

Comments

@ghost
Copy link

ghost commented Oct 26, 2021
edited by MadameSheema
Loading

Describe the bug
No value is displaying for rule.reference field under alerts details

Build Details:
Version:7.16.0 BC1
Build: 45504
COMMIT: 9231d80

Browser Details:
N/A

Preconditions

  1. Kibana should be running.
  2. Agent should be installed
  3. Malicious Behavior Alerts should be generated

Steps to Reproduce

  1. Navigate to alerts tab
  2. Click on view details
  3. Search with field "rule.reference" under table tab
  4. Observe that no value is displaying for rule.reference field under alerts details

Actual Result
No value is displaying for rule.reference field under alerts details

Expected Result
Value should be displayed for rule.reference field under alerts details

What's Working

  • This issue is not occurring on 7.15.0
    image

What's Not Working

  • N/A

Screen-Shot
image
@ghost ghost added bug Fixes for quality problems that affect the customer experience triage_needed Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Oct 26, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@ghost ghost added the v7.16.0 label Oct 26, 2021
@ghost ghost self-assigned this Oct 26, 2021
@ghost ghost added the impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. label Oct 26, 2021
@ghost ghost assigned MadameSheema Oct 26, 2021
@MadameSheema MadameSheema unassigned MadameSheema and ghost Oct 27, 2021
@MadameSheema MadameSheema added Team:Threat Hunting:Investigations Security Solution Investigations Team and removed triage_needed labels Oct 27, 2021
@MadameSheema
Copy link
Member

@deepikakeshav-qasource is the value available in the alerts table and in the json tab? Thanks!

@ghost
Copy link
Author

ghost commented Oct 28, 2021

Hi @MadameSheema,

Yes, the values are displaying in alert table and json tab.

Screenshots:
Json Tab
image

Alert Table:
image

Please let us know if anything else is required from our end.

Thanks!!

@michaelolo24
Copy link
Contributor

Thanks for letting us know @deepikakeshav-qasource!

@michaelolo24 michaelolo24 self-assigned this Nov 3, 2021
@MadameSheema MadameSheema added impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. and removed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. labels Nov 3, 2021
@MadameSheema
Copy link
Member

Changing to impact low since there is no data loss

@MindyRS MindyRS added the Team:Threat Hunting Security Solution Threat Hunting Team label Feb 23, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@PhilippeOberti
Copy link
Contributor

The bug is still happening today, as shown on this screenshot of 8.16 version
Image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@michaelolo24 michaelolo24

Labels
bug Fixes for quality problems that affect the customer experience impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Investigations Security Solution Investigations Team Team:Threat Hunting Security Solution Threat Hunting Team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@MindyRS @elasticmachine @michaelolo24 @PhilippeOberti @MadameSheema