Skip to content

[Security Solution][Detection Alerts] Rule status only displays the last error/warning from a rule execution #115133

New issue
New issue
Open
Open
[Security Solution][Detection Alerts] Rule status only displays the last error/warning from a rule execution#115133

Description

@marshallmain

marshallmain
openedon Oct 15, 2021

Detection rules can continue to run after writing a warning status. In this scenario, when the rule finishes executing it will not write a success status as that would overwrite the warning. However, if an error occurs during rule execution, the error status will be written and displayed alone, essentially overwriting the warning. We should instead display all warnings and errors from a rule execution together.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    Team: SecuritySolutionSecurity Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.Team:Detection EngineSecurity Solution Detection Engine AreaTeam:Detections and RespSecurity Detection Response TeamTheme: simp_prot_mgmtSecurity Solution Simplified Protection Management Themeimpact:mediumAddressing this issue will have a medium level of impact on the quality/strength of our product.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions