Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] Incorrect data is displayed in _score field under the detection tab. #99760

Open
ghost opened this issue May 11, 2021 · 14 comments
Labels
8.0 candidate bug Fixes for quality problems that affect the customer experience impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Investigations Security Solution Investigations Team Team:Threat Hunting Security Solution Threat Hunting Team

Comments

@ghost
Copy link

ghost commented May 11, 2021

Description
Incorrect data is displayed in _score field under the detection tab.

Build Details:

Version: 7.13.0 BC4
Build: 40749
Commit: 5a6bad454ffe263aafed54cbd3f764253694bf37
Artifacts:https://staging.elastic.co/7.13.0-5c4bc719/summary-7.13.0.html

Browser Details:
All

Preconditions:

  1. Kibana Environment should exist.
  2. Endpoint should be installed.
  3. Alerts should be generated
  4. _score field should be added in the detection alert table.

Steps to Reproduce:

  1. Navigate to the detection tab of security.
  2. Click on the view details icon of the alert.
  3. Click on the Table tab.
  4. Observe that incorrect data is displayed in _score field under the detection tab.

Impacted Test case:
N/A

Actual Result:
Incorrect data is displayed in _score field under the detection tab.

Expected Result:
Correct data is displayed in _score field under the detection tab.

What's working:
N/A

What's not working:
N/A

Screenshot:
_score_value

@ghost ghost added bug Fixes for quality problems that affect the customer experience Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels May 11, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@ghost ghost added the v7.13.0 label May 11, 2021
@ghost
Copy link
Author

ghost commented May 11, 2021

@manishgupta-qasource Please review!!

@MadameSheema MadameSheema added Team:Detections and Resp Security Detection Response Team and removed v7.13.0 labels May 11, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@peluja1012
Copy link
Contributor

It looks like securitySolutionTimelineSearchStrategy is not returning a value for _score even if it's included under fieldRequested.

@peluja1012 peluja1012 added Team:Threat Hunting Security Solution Threat Hunting Team and removed Team:Detections and Resp Security Detection Response Team labels May 11, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@XavierM XavierM self-assigned this Jun 30, 2021
@ghost ghost added the Theme: rac label obsolete label Aug 11, 2021
@ghost
Copy link
Author

ghost commented Aug 12, 2021

Hi @MadameSheema ,

We have validated this ticket on 7.15.0-SNAPSHOT build and found that issue is Still Occurring.

Build Details:

Version:7.15.0 SNAPSHOT
Commit:f448fcd00b319a3be0d1a1ae356956446e4d7ef8
Build:43322

Screenshot:
image

Thanks.

@MadameSheema
Copy link
Member

@deepikakeshav-qasource can you please check if this issue is still valid on 7.15BC3? Thanks

@ghost
Copy link
Author

ghost commented Aug 31, 2021

Hi @MadameSheema,

We have validated this ticket on 7.15.0 BC3 build and observed that issue is Fixed. Same value is displayed for _score field under the alerts table.

Build Details:

VERSION: 7.15.0 BC3
BUILD: 43818
COMMIT: 6f7562b1906dcfad65809da8fdec15df353d0252
ARTIFACT: https://staging.elastic.co/7.15.0-642a73fa/summary-7.15.0.html

Screenshot:
image

Hence, we are closing this ticket and marking as "QA validated"

Thanks!!

@ghost ghost added the QA:Validated Issue has been validated by QA label Aug 31, 2021
@ghost ghost closed this as completed Aug 31, 2021
@ghost
Copy link
Author

ghost commented Dec 22, 2021

Hi Team,

We are Re-opening this issue as "no value is displaying in "_score" column under alerts table, even hover actions are not working" in 8.0.0 Snapshot

Build Details:

Version: 8.0.0-SNAPSHOT
Commit: 002f9fae38acdf71d6df88d808a742976de22cc8
Build:48805

Screenshot
image
Thanks!!

@ghost ghost reopened this Dec 22, 2021
@ghost ghost removed the QA:Validated Issue has been validated by QA label Dec 22, 2021
@MadameSheema
Copy link
Member

@michaelolo24 can you please take a look at the above when you have the chance? Thanks :)

@michaelolo24 michaelolo24 added impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. Team:Threat Hunting:Investigations Security Solution Investigations Team v8.0.0 and removed triage_needed Theme: rac label obsolete labels Jan 4, 2022
@michaelolo24
Copy link
Contributor

Hey @MadameSheema we can take a look at it for this release. I gave it impact high as I think we should always show accurate data and we should finish it for the 8.0 release

@MadameSheema
Copy link
Member

Awesome!! Thanks @michaelolo24 :)

@deepikakeshav-qasource can you please confirm if this is an issue for 7.17 as well? Thanks!

@michaelolo24 michaelolo24 removed their assignment Jan 4, 2022
@michaelolo24 michaelolo24 added impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. and removed impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. labels Jan 4, 2022
@ghost
Copy link
Author

ghost commented Jan 5, 2022

Hi @MadameSheema ,

We have validated this ticket on 7.17.0 SNAPSHOT and found that issue is also occurring on 7.17.0. Please find the below testing details:

Build Details:

Version:7.17.0 SNAPSHOT
Build: 46376
COMMIT: a3ffc14c112ff4afcc6468e0d0b14e4b5c42b55b

Screenshot:
image

Thanks!!

@PhilippeOberti PhilippeOberti added this to the 8.16 milestone Jul 25, 2024
@PhilippeOberti PhilippeOberti removed this from the 8.16 milestone Oct 29, 2024
@PhilippeOberti
Copy link
Contributor

We need to investigate if this is on the @elastic/security-threat-hunting-investigations or the @elastic/response-ops team

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
8.0 candidate bug Fixes for quality problems that affect the customer experience impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Investigations Security Solution Investigations Team Team:Threat Hunting Security Solution Threat Hunting Team
Projects
None yet
Development

No branches or pull requests

7 participants