Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong details in Session Viewer preview for non session alert in documentation #3935

Closed
ghost opened this issue Sep 13, 2023 · 7 comments
Closed

Wrong details in Session Viewer preview for non session alert in documentation #3935

ghost opened this issue Sep 13, 2023 · 7 comments
Assignees
@nastasha-solomon
Labels
bug Something isn't working QA:Validated Issue has been Validated by QA Team Team: Docs Team: Security Solution v8.10.0

Comments

@ghost
Copy link

ghost commented Sep 13, 2023

Description

Wrong details in Session Viewer preview for non session alert in documentation

Steps

Expected

image

Screen-Shot:

image
@ghost ghost assigned jmikell821 Sep 13, 2023
@nastasha-solomon
Copy link
Contributor

Hey, thanks for filing this, @karanbirsingh-qasource. I think the current screenshot is still correct, since it shows what users would see if they had enabled the session view features. @christineweng would you mind verifying whether the screenshot that's currently in the docs is correct: https://www.elastic.co/guide/en/security/current/view-alert-details.html#visualizations-section

Thanks, both!

@christineweng
Copy link

@karanbirsingh-qasource I think the screenshot is correct as well, just to clarify, the error message (expected screenshot) should be present when session view icon is not available

image

I wonder if unknown and fake entry somewhat indicate there is an error? @nastasha-solomon I wonder if other instances have session views that are more meaningful?

@nastasha-solomon
Copy link
Contributor

@karanbirsingh-qasource following up on this, would you mind elaborating on the bug you noticed? I followed with with Christine (above) and the screenshot looks correct from our standpoints.

@ghost
Copy link
Author

ghost commented Sep 26, 2023

@nastasha-solomon yes please find below the details we have for this bug.

actually this error "unknow started fake entry at Dec 31, 1969 @ 19:00:00.000 with rule alert suppression" used to show in the early BC of 8.10 release work when the alert does not actually have session data linked with it that why unknown is mentioned where correct user name is expected to show in session preview section but latter we logged the elastic/kibana#164392 and by this new message that is supposed to show when alert doesn't include session data is "You can only view linux details ...." which is what we are expecting to show in documentation.

image

@nastasha-solomon nastasha-solomon mentioned this issue Oct 16, 2023
Merged
@nastasha-solomon
Copy link
Contributor

Thanks for the additional context, @karanbirsingh-qasource! When you have a chance, the updates are ready for review at #4051.

@nastasha-solomon
Copy link
Contributor

Serverless docs updated at https://github.com/elastic/staging-serverless-security-docs/pull/198.

@ghost
Copy link
Author

ghost commented Oct 17, 2023

Hi @nastasha-solomon

thanks for the update.

we have validated this issue on shared preview and changes are now corrected.

image

Hence we are Closing this issue and adding "QA:Validated" tag to it.

thanks !!

@ghost ghost closed this as completed Oct 17, 2023
@ghost ghost added the QA:Validated Issue has been Validated by QA Team label Oct 17, 2023
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nastasha-solomon nastasha-solomon

Labels
bug Something isn't working QA:Validated Issue has been Validated by QA Team Team: Docs Team: Security Solution v8.10.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@christineweng @jmikell821 @nastasha-solomon