-
Notifications
You must be signed in to change notification settings - Fork 8.2k
Issues: elastic/kibana
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
[Security Solution] Rule fails to generate alerts if investigation guide contains a base64-encoded image
bug
Fixes for quality problems that affect the customer experience
Feature:Detection Alerts
Security Solution Detection Alerts Feature
Feature:Detection Rules
Anything related to Security Solution's Detection Rules
sdh-linked
Team:Detection Engine
Security Solution Detection Engine Area
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
triage_needed
#196028
opened Oct 13, 2024 by
banderror
[Elastic Security Solution][Detections and alerts][Prebuilt rule][Potential Ransomware Behavior - High count of Readme files by System] Have the file.path field available in the alert
enhancement
New value added to drive a business result
Feature:Detection Alerts
Security Solution Detection Alerts Feature
Team:Detection Engine
Security Solution Detection Engine Area
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
#184475
opened May 29, 2024 by
greicefaustino
[Security Solution] Fixes for quality problems that affect the customer experience
Feature:Detection Alerts
Security Solution Detection Alerts Feature
impact:medium
Addressing this issue will have a medium level of impact on the quality/strength of our product.
sdh-linked
Team:Detection Engine
Security Solution Detection Engine Area
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
kibana.*
fields from the audit log are not added to detection alerts
bug
#184345
opened May 28, 2024 by
banderror
[Detection Engine][FTR] Unskip alert assignment RBAC MKI tests
Feature:Detection Alerts
Security Solution Detection Alerts Feature
skipped-test
Team:Detection Engine
Security Solution Detection Engine Area
tests_needed
#182878
opened May 7, 2024 by
yctercero
[Security Solution] Impossible to add a runtime field for Fixes for quality problems that affect the customer experience
Feature:Detection Alerts
Security Solution Detection Alerts Feature
Feature:Security Alert Page
Security solution alert page
impact:medium
Addressing this issue will have a medium level of impact on the quality/strength of our product.
Team:Detection Engine
Security Solution Detection Engine Area
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
winlog.event_data.ServiceFilename
bug
#181016
opened Apr 17, 2024 by
maximpn
[Security Solution] Relating security rules + alerts with the services they monitor
enhancement
New value added to drive a business result
Feature:Detection Alerts
Security Solution Detection Alerts Feature
Feature:Detection Rules
Anything related to Security Solution's Detection Rules
Team:Detection Engine
Security Solution Detection Engine Area
Team:Detections and Resp
Security Detection Response Team
#179383
opened Mar 25, 2024 by
dhurley14
Alerting action on failure of another action
enhancement
New value added to drive a business result
Feature:Alerting/RuleActions
Issues related to the Actions attached to Rules on the Alerting Framework
Feature:Detection Alerts
Security Solution Detection Alerts Feature
Team:ResponseOps
Label for the ResponseOps team (formerly the Cases and Alerting teams)
#178401
opened Mar 11, 2024 by
jguay
[Alerts][Non-ECS] Improve alert flows non-ECS mapped field UX
enhancement
New value added to drive a business result
Feature:Detection Alerts
Security Solution Detection Alerts Feature
Team:Detection Engine
Security Solution Detection Engine Area
Team:Detections and Resp
Security Detection Response Team
Team:Threat Hunting:Investigations
Security Solution Investigations Team
Team:Threat Hunting
Security Solution Threat Hunting Team
#171059
opened Nov 10, 2023 by
yctercero
[Security Solution] Review advanced settings allowlisted in Serverless
8.16 candidate
Feature:Detection Alerts
Security Solution Detection Alerts Feature
Feature:Detection Rules
Anything related to Security Solution's Detection Rules
Team:Detection Engine
Security Solution Detection Engine Area
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
#166805
opened Sep 20, 2023 by
banderror
[Security Solution][Detection Engine] When sets of documents have identical timestamps, they can potentially be skipped during alert creation
bug
Fixes for quality problems that affect the customer experience
consider-next
Feature:Detection Alerts
Security Solution Detection Alerts Feature
impact:high
Addressing this issue will have a high level of impact on the quality/strength of our product.
Team:Detection Engine
Security Solution Detection Engine Area
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
#164233
opened Aug 17, 2023 by
dplumlee
[Security Solution] data_stream.namespace field mapping missing from .internal.alerts-security.alerts-default indices
bug
Fixes for quality problems that affect the customer experience
Feature:Detection Alerts
Security Solution Detection Alerts Feature
impact:high
Addressing this issue will have a high level of impact on the quality/strength of our product.
Team:Detection Engine
Security Solution Detection Engine Area
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
#156060
opened Apr 27, 2023 by
ccdta
[Security Solution] Expand available Rule Action variables
enhancement
New value added to drive a business result
Feature:Detection Alerts
Security Solution Detection Alerts Feature
Team:Detection Engine
Security Solution Detection Engine Area
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
triage_needed
#155741
opened Apr 25, 2023 by
spong
[Security Solution][Alerts] Warn users when rule interval is larger than time range searched
consider-next
enhancement
New value added to drive a business result
Feature:Detection Alerts
Security Solution Detection Alerts Feature
sdh-linked
Team:Detection Engine
Security Solution Detection Engine Area
v8.8.0
#154963
opened Apr 13, 2023 by
marshallmain
[Security Solution] Detection Engine Test Automation and Coverage
epic
Feature:Detection Alerts
Security Solution Detection Alerts Feature
Feature:Detection Rules
Anything related to Security Solution's Detection Rules
Team:Detection Engine
Security Solution Detection Engine Area
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
technical debt
Improvement of the software architecture and operational architecture
test_ui_functional
test
test-api-integration
test-coverage
issues & PRs for improving code test coverage
v8.10.0
v8.11.0
v8.12.0
#153633
opened Mar 24, 2023 by
banderror
[Security Solution] Truncated error messages during rule execution
bug
Fixes for quality problems that affect the customer experience
consider-next
Feature:Detection Alerts
Security Solution Detection Alerts Feature
Feature:Rule Monitoring
Security Solution Detection Rule Monitoring
impact:medium
Addressing this issue will have a medium level of impact on the quality/strength of our product.
Team:Detection Engine
Security Solution Detection Engine Area
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
[Security Solution] Elastic or Custom Jobs filters are not displaying under ML job dropdown
enhancement
New value added to drive a business result
Feature:Detection Alerts
Security Solution Detection Alerts Feature
Team:Detection Engine
Security Solution Detection Engine Area
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
#145221
opened Nov 15, 2022 by
ghost
[Security Solution][Alerts] Decouple gap detection from additional lookback
consider-next
discuss
enhancement
New value added to drive a business result
Feature:Detection Alerts
Security Solution Detection Alerts Feature
sdh-linked
Team:Detection Engine
Security Solution Detection Engine Area
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
technical debt
Improvement of the software architecture and operational architecture
#138933
opened Aug 16, 2022 by
marshallmain
[Security Solution][Sourcerer] Delay in Alerts Security Data View initialization after Alerts index is created
8.4 candidate
bug
Fixes for quality problems that affect the customer experience
Feature:Data Views
Data Views code and UI - index patterns before 8.0
Feature:Detection Alerts
Security Solution Detection Alerts Feature
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Team:Threat Hunting:Investigations
Security Solution Investigations Team
Team:Threat Hunting
Security Solution Threat Hunting Team
#131427
opened May 3, 2022 by
spong
[Security Solution] Error displayed when apply the sorting on threat.enrichments.matched.* fields under alerts table.
bug
Fixes for quality problems that affect the customer experience
Feature:Detection Alerts
Security Solution Detection Alerts Feature
impact:medium
Addressing this issue will have a medium level of impact on the quality/strength of our product.
Team: CTI
Team:Detection Engine
Security Solution Detection Engine Area
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
#130951
opened Apr 26, 2022 by
ghost
[Security Solution][Alerts] Detection alerts indices are missing data_stream ECS field mappings
bug
Fixes for quality problems that affect the customer experience
consider-next
Feature:Detection Alerts
Security Solution Detection Alerts Feature
impact:high
Addressing this issue will have a high level of impact on the quality/strength of our product.
sdh-linked
Team:ResponseOps
Label for the ResponseOps team (formerly the Cases and Alerting teams)
#129946
opened Apr 11, 2022 by
marshallmain
[Security Feature][Feature Request] Add the active user to the signal event when marking an alert as closed, open, or acknowledged
8.11 candidate
enhancement
New value added to drive a business result
Feature:Detection Alerts
Security Solution Detection Alerts Feature
Team:Detection Engine
Security Solution Detection Engine Area
Team:Detections and Resp
Security Detection Response Team
Team:ResponseOps
Label for the ResponseOps team (formerly the Cases and Alerting teams)
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Theme: rac
label obsolete
#123444
opened Jan 20, 2022 by
aarju
[Security Solution] DE Server Type Refactor
Feature:Detection Alerts
Security Solution Detection Alerts Feature
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
technical debt
Improvement of the software architecture and operational architecture
#117229
opened Nov 2, 2021 by
madirey
[Security Solution][Detection Alerts] Refresh isn't synced with workflow status updates in Timeline
bug
Fixes for quality problems that affect the customer experience
Feature:Detection Alerts
Security Solution Detection Alerts Feature
impact:low
Addressing this issue will have a low level of impact on the quality/strength of our product.
Team:Detection Engine
Security Solution Detection Engine Area
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
#112011
opened Sep 13, 2021 by
dplumlee
[RAC] [RBAC] Authz can be enhanced for consistent API response between authorized and unauthorized users
discuss
Feature:Detection Alerts
Security Solution Detection Alerts Feature
Feature:Security/Spaces
Platform Security - Spaces feature
Team:Security
Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
#105082
opened Jul 9, 2021 by
dhurley14
[RAC][Discuss] Support for user-defined field mappings in .alerts indices
consider-next
Feature:Detection Alerts
Security Solution Detection Alerts Feature
sdh-linked
Team:Detection Engine
Security Solution Detection Engine Area
Team:Detections and Resp
Security Detection Response Team
Team:ResponseOps
Label for the ResponseOps team (formerly the Cases and Alerting teams)
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Theme: alert_triage
Security Solution Alert Triage Theme
Theme: rac
label obsolete
#103777
opened Jun 29, 2021 by
marshallmain
Previous Next
ProTip!
Exclude everything labeled
bug
with -label:bug.