Open
Description
openedon Aug 8, 2024
Describe the bug
Unexpected result under Analyzer Preview of Alert Flyout for CSS Data View
Kibana/Elasticsearch Stack version
Version: 8.15 BC6
Build: 76360
Commit: 8aa0b59da12c996e3048d8875446667ee6e15c7f
Preconditions
- Two 8.15 BC6 instances should be available(Let say A and B) [ more details instance A is the upgrade instance from 8.12 to 8.15 BC6]
- Go to Security Section of Deployment B and Copy the proxy address
- Login in Instance A
- Navigate to Stack Management > Remote Cluster and create the connection
- Now create Data using remote cluster
-
Create/Edit a rule and add css data view
-
Generate Alert on the instance B Endpoint
Steps to reproduce
- Click on view details of alert and scroll down to Analyzer Preview section of alert flyout
- observed the unexpected result under the different alert
malware alert : An error is preventing this alert from being analyzed.
ransomware alert: just powershell.exe is shown no tree graph is showing
- no issue is there on the original instance under Analyzer Preview section
Expected Result
- correct details should be available under the Analyzer Preview of Alert Flyout for CSS Data View
Screen-Shot
screen capture for both instance A and B in order to show the details of same alert under different builds setup
Detection.rules.SIEM.-.Kibana.Mozilla.Firefox.2024-08-08.14-10-32.mp4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Metadata
Assignees
Labels
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.Security Solution Threat Hunting TeamSecurity Solution Investigations TeamFixes for quality problems that affect the customer experienceAddressing this issue will have a medium level of impact on the quality/strength of our product.