Skip to content

Issues: elastic/kibana

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear current search query, filters, and sorts
43 Open 149 Closed
43 Open 149 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

[Security Solution] Rule fails to generate alerts if investigation guide contains a base64-encoded image bug Fixes for quality problems that affect the customer experience Feature:Detection Alerts Security Solution Detection Alerts Feature Feature:Detection Rules Anything related to Security Solution's Detection Rules sdh-linked Team:Detection Engine Security Solution Detection Engine Area Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. triage_needed
#196028 opened Oct 13, 2024 by banderror
@yctercero
3
[Elastic Security Solution][Detections and alerts][Prebuilt rule][Potential Ransomware Behavior - High count of Readme files by System] Have the file.path field available in the alert enhancement New value added to drive a business result Feature:Detection Alerts Security Solution Detection Alerts Feature Team:Detection Engine Security Solution Detection Engine Area Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
#184475 opened May 29, 2024 by greicefaustino
3
[Security Solution] kibana.* fields from the audit log are not added to detection alerts bug Fixes for quality problems that affect the customer experience Feature:Detection Alerts Security Solution Detection Alerts Feature impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. sdh-linked Team:Detection Engine Security Solution Detection Engine Area Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
#184345 opened May 28, 2024 by banderror
@yctercero @marshallmain
4
[Detection Engine][FTR] Unskip alert assignment RBAC MKI tests Feature:Detection Alerts Security Solution Detection Alerts Feature skipped-test Team:Detection Engine Security Solution Detection Engine Area tests_needed
#182878 opened May 7, 2024 by yctercero
2
[Security Solution] Impossible to add a runtime field for winlog.event_data.ServiceFilename bug Fixes for quality problems that affect the customer experience Feature:Detection Alerts Security Solution Detection Alerts Feature Feature:Security Alert Page Security solution alert page impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team:Detection Engine Security Solution Detection Engine Area Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
#181016 opened Apr 17, 2024 by maximpn
@yctercero @michaelolo24
4
[Security Solution] Relating security rules + alerts with the services they monitor enhancement New value added to drive a business result Feature:Detection Alerts Security Solution Detection Alerts Feature Feature:Detection Rules Anything related to Security Solution's Detection Rules Team:Detection Engine Security Solution Detection Engine Area Team:Detections and Resp Security Detection Response Team
#179383 opened Mar 25, 2024 by dhurley14
3
Alerting action on failure of another action enhancement New value added to drive a business result Feature:Alerting/RuleActions Issues related to the Actions attached to Rules on the Alerting Framework Feature:Detection Alerts Security Solution Detection Alerts Feature Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)
#178401 opened Mar 11, 2024 by jguay
2
[Alerts][Non-ECS] Improve alert flows non-ECS mapped field UX enhancement New value added to drive a business result Feature:Detection Alerts Security Solution Detection Alerts Feature Team:Detection Engine Security Solution Detection Engine Area Team:Detections and Resp Security Detection Response Team Team:Threat Hunting:Investigations Security Solution Investigations Team Team:Threat Hunting Security Solution Threat Hunting Team
#171059 opened Nov 10, 2023 by yctercero
@lgestc
2
[Security Solution] Review advanced settings allowlisted in Serverless 8.16 candidate Feature:Detection Alerts Security Solution Detection Alerts Feature Feature:Detection Rules Anything related to Security Solution's Detection Rules Team:Detection Engine Security Solution Detection Engine Area Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
#166805 opened Sep 20, 2023 by banderror
7
[Security Solution][Detection Engine] When sets of documents have identical timestamps, they can potentially be skipped during alert creation bug Fixes for quality problems that affect the customer experience consider-next Feature:Detection Alerts Security Solution Detection Alerts Feature impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. Team:Detection Engine Security Solution Detection Engine Area Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
#164233 opened Aug 17, 2023 by dplumlee
2
[Security Solution] data_stream.namespace field mapping missing from .internal.alerts-security.alerts-default indices bug Fixes for quality problems that affect the customer experience Feature:Detection Alerts Security Solution Detection Alerts Feature impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. Team:Detection Engine Security Solution Detection Engine Area Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
#156060 opened Apr 27, 2023 by ccdta
@marshallmain
14
[Security Solution] Expand available Rule Action variables enhancement New value added to drive a business result Feature:Detection Alerts Security Solution Detection Alerts Feature Team:Detection Engine Security Solution Detection Engine Area Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. triage_needed
#155741 opened Apr 25, 2023 by spong
3
[Security Solution][Alerts] Warn users when rule interval is larger than time range searched consider-next enhancement New value added to drive a business result Feature:Detection Alerts Security Solution Detection Alerts Feature sdh-linked Team:Detection Engine Security Solution Detection Engine Area v8.8.0
#154963 opened Apr 13, 2023 by marshallmain
[Security Solution] Detection Engine Test Automation and Coverage epic Feature:Detection Alerts Security Solution Detection Alerts Feature Feature:Detection Rules Anything related to Security Solution's Detection Rules Team:Detection Engine Security Solution Detection Engine Area Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. technical debt Improvement of the software architecture and operational architecture test_ui_functional test test-api-integration test-coverage issues & PRs for improving code test coverage v8.10.0 v8.11.0 v8.12.0
#153633 opened Mar 24, 2023 by banderror
@banderror @yctercero
[Security Solution] Truncated error messages during rule execution bug Fixes for quality problems that affect the customer experience consider-next Feature:Detection Alerts Security Solution Detection Alerts Feature Feature:Rule Monitoring Security Solution Detection Rule Monitoring impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team:Detection Engine Security Solution Detection Engine Area Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
#147918 opened Dec 21, 2022 by xcrzx Serverless Ung.
4
[Security Solution] Elastic or Custom Jobs filters are not displaying under ML job dropdown enhancement New value added to drive a business result Feature:Detection Alerts Security Solution Detection Alerts Feature Team:Detection Engine Security Solution Detection Engine Area Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
#145221 opened Nov 15, 2022 by ghost
9
[Security Solution][Alerts] Decouple gap detection from additional lookback consider-next discuss enhancement New value added to drive a business result Feature:Detection Alerts Security Solution Detection Alerts Feature sdh-linked Team:Detection Engine Security Solution Detection Engine Area Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. technical debt Improvement of the software architecture and operational architecture
#138933 opened Aug 16, 2022 by marshallmain
@marshallmain
6
[Security Solution][Sourcerer] Delay in Alerts Security Data View initialization after Alerts index is created 8.4 candidate bug Fixes for quality problems that affect the customer experience Feature:Data Views Data Views code and UI - index patterns before 8.0 Feature:Detection Alerts Security Solution Detection Alerts Feature Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Investigations Security Solution Investigations Team Team:Threat Hunting Security Solution Threat Hunting Team
#131427 opened May 3, 2022 by spong
@michaelolo24 @PhilippeOberti
4
[Security Solution] Error displayed when apply the sorting on threat.enrichments.matched.* fields under alerts table. bug Fixes for quality problems that affect the customer experience Feature:Detection Alerts Security Solution Detection Alerts Feature impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team: CTI Team:Detection Engine Security Solution Detection Engine Area Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
#130951 opened Apr 26, 2022 by ghost
9
[Security Solution][Alerts] Detection alerts indices are missing data_stream ECS field mappings bug Fixes for quality problems that affect the customer experience consider-next Feature:Detection Alerts Security Solution Detection Alerts Feature impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. sdh-linked Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)
#129946 opened Apr 11, 2022 by marshallmain
12
[Security Feature][Feature Request] Add the active user to the signal event when marking an alert as closed, open, or acknowledged 8.11 candidate enhancement New value added to drive a business result Feature:Detection Alerts Security Solution Detection Alerts Feature Team:Detection Engine Security Solution Detection Engine Area Team:Detections and Resp Security Detection Response Team Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Theme: rac label obsolete
#123444 opened Jan 20, 2022 by aarju
@marshallmain
4
[Security Solution] DE Server Type Refactor Feature:Detection Alerts Security Solution Detection Alerts Feature Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. technical debt Improvement of the software architecture and operational architecture
#117229 opened Nov 2, 2021 by madirey
1
[Security Solution][Detection Alerts] Refresh isn't synced with workflow status updates in Timeline bug Fixes for quality problems that affect the customer experience Feature:Detection Alerts Security Solution Detection Alerts Feature impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. Team:Detection Engine Security Solution Detection Engine Area Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
#112011 opened Sep 13, 2021 by dplumlee
3
[RAC] [RBAC] Authz can be enhanced for consistent API response between authorized and unauthorized users discuss Feature:Detection Alerts Security Solution Detection Alerts Feature Feature:Security/Spaces Platform Security - Spaces feature Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
#105082 opened Jul 9, 2021 by dhurley14
5
[RAC][Discuss] Support for user-defined field mappings in .alerts indices consider-next Feature:Detection Alerts Security Solution Detection Alerts Feature sdh-linked Team:Detection Engine Security Solution Detection Engine Area Team:Detections and Resp Security Detection Response Team Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Theme: alert_triage Security Solution Alert Triage Theme Theme: rac label obsolete
#103777 opened Jun 29, 2021 by marshallmain
9
ProTip! Exclude everything labeled bug with -label:bug.