Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[EDR Workflows] The default filter (event.category is process) added for the 'process Descendants' is not shown after saving the value #186791

Closed
muskangulati-qasource opened this issue Jun 24, 2024 · 8 comments
Closed

[EDR Workflows] The default filter (event.category is process) added for the 'process Descendants' is not shown after saving the value #186791

muskangulati-qasource opened this issue Jun 24, 2024 · 8 comments
Assignees
@dasansol92
Labels
bug Fixes for quality problems that affect the customer experience impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.15.0

Comments

@muskangulati-qasource
Copy link

Description:
The default filter (event.category is process) added for the 'process Descendants' is not shown after saving the value

Build Details:

VERSION: 8.15.0
BUILD: 75426
COMMIT: f672297b140695f1c920c5a1b3bdce6fc812aceb

Preconditions:

  1. Kibana user should be logged in

Steps to Reproduce:

  1. Navigate to the Events tabs under Manage section for Security
  2. From the drop down of field values, select process.pid
  3. In the values, add -ve values for the process IDs and observe when the user adds - (hyphen), the error warning comes up but as soon as we add numerical value, the warning goes away.

Actual Result:
The default filter (event.category is process) added for the 'process Descendants' is not shown after saving the value

Expected Result:
The default filter (event.category is process) added for the 'process Descendants' should be visible to the user after saving the value

Screenshots
1Expected
2

Login credentials
Link here

Logs
N/A
@muskangulati-qasource muskangulati-qasource added bug Fixes for quality problems that affect the customer experience impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v8.15.0 labels Jun 24, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

@muskangulati-qasource
Copy link
Author

@manishgupta-qasource please review!

@manishgupta-qasource
Copy link

manishgupta-qasource commented Jun 24, 2024
edited
Loading

Reviewed & assigned to @dasansol92

CC: @ferullo

@ferullo
Copy link
Contributor

ferullo commented Jun 24, 2024

@gergoabraham FYI

@gergoabraham
Copy link
Contributor

@muskangulati-qasource, I'm not sure if I understand correctly - is this about not indicating the default filter on the Event Filters list page on the Event Filter cards? if yes, that's not implemented yet, here is the issue for it: https://github.com/elastic/security-team/issues/9711

@muskangulati-qasource
Copy link
Author

Hi @gergoabraham,

Thank you for sharing the details. We have tested this ticket on the latest 8.15.0 BC4 build and found the issue is fixed. 🟢

Please find below the testing details.

Build details

VERSION: 8.15.0
BUILD: 76261
COMMIT: 9d62937675e62265342e86d8f0db601dc75498b8

Credentials for the instance
https://p.elstc.co/paste/c5Eo8wQO#1DDVKqsYg329BxAoQ1I8+FC7wjzj6dcLpy1LV+la3Z+

Observation and Screenshot

  • The message is now visible for the descendant type used:
    image

Hence, we are closing this issue and marking it as 'QA Validated'.

Thank you!

@muskangulati-qasource muskangulati-qasource added the QA:Validated Issue has been validated by QA label Jul 26, 2024
@muskangulati-qasource
Copy link
Author

Bug Conversion

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dasansol92 dasansol92

Labels
bug Fixes for quality problems that affect the customer experience impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.15.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@dasansol92 @elasticmachine @gergoabraham @ferullo @manishgupta-qasource @muskangulati-qasource