Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] ransomware feature and process hash sha 256 fields for Ransomware alert are not displayed under highlighted fields of alert flyout #125492

Closed
ghost opened this issue Feb 14, 2022 · 6 comments
Closed

[Security Solution] ransomware feature and process hash sha 256 fields for Ransomware alert are not displayed under highlighted fields of alert flyout #125492

ghost opened this issue Feb 14, 2022 · 6 comments
Assignees
@janmonschke @michaelolo24
Labels
bug Fixes for quality problems that affect the customer experience fixed QA:Validated Issue has been validated by QA Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Investigations Security Solution Investigations Team Team:Threat Hunting Security Solution Threat Hunting Team v8.1.0

Comments

@ghost
Copy link

ghost commented Feb 14, 2022

Describe the bug
ransomware feature and process hash sha 256 fields for Ransomware alert are not displayed under highlighted fields section of alert flyout

Build Details:

Version: 8.1.0 BC2
Commit:ee89ebfddeda3baaf6cd87c0299247c5248cb952
Build:50222

Browser Details:
N/A

Preconditions

  1. Ransomware alerts should be triggered

Steps to Reproduce

  1. Click on ransomware alerts flyout
  2. Observe that ransomware feature and process hash sha 256 fields for Ransomware alert are not displayed under highlighted fields section

Actual Result
ransomware feature and process hash sha 256 fields for Ransomware alert are not displayed under highlighted fields section of alert flyout

Expected Result
ransomware feature and process hash sha 256 fields for Ransomware alert are not displayed under highlighted fields section of alert flyout

What's Working

  • N/A

What's Not Working

  • N/A

Screen-Shot

ransomware.mp4

Ransomware behavior alert Json
behavior.txt

Ransomware mbr alert Json
mbr.txt

Rule

rule.zip
@ghost ghost added bug Fixes for quality problems that affect the customer experience triage_needed Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.1.0 labels Feb 14, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@ghost ghost changed the title [Security Solution] ransomware feature and process hash sha 256 fields for Ransomware alert are not displayed under highlighted fields section of alert flyout [Security Solution] ransomware feature and process hash sha 256 fields for Ransomware alert are not displayed under highlighted fields of alert flyout Feb 14, 2022
@ghost ghost assigned ghost and MadameSheema and unassigned ghost Feb 14, 2022
@MadameSheema MadameSheema added the Team:Threat Hunting:Investigations Security Solution Investigations Team label Feb 14, 2022
@ghost
Copy link
Author

ghost commented Feb 15, 2022

Hi @MadameSheema ,

We have observed that this issue is also occurring after upgrade the build to 8.1.0.

Build Details:

Version: 8.1.0-BC2
Commit:ee89ebfddeda3baaf6cd87c0299247c5248cb952
Build:50222

Screenshots

image

Thanks!

@janmonschke janmonschke mentioned this issue Feb 17, 2022
Merged
1 task
@janmonschke
Copy link
Contributor

This just merged and should be part of the next BC

@MindyRS MindyRS added the Team:Threat Hunting Security Solution Threat Hunting Team label Feb 23, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@ghost
Copy link
Author

ghost commented Feb 24, 2022
edited by ghost
Loading

Hi @MadameSheema

We have validated this issue on 8.1.0 BC4 and observed that issue is Fixed. ✔️ .

Please find below the testing details:

Build Details:

Version: 8.1.0
Commit: 015578b81c26a5843747ba53b2fd92d40f0453cb
Build: 50428

Screenshot:

image

We will validated the upgrade Scenario once the build available on cloud

Thanks !!

@ghost ghost added the QA:Validated Issue has been validated by QA label Feb 24, 2022
@ghost ghost closed this as completed Feb 24, 2022
@ghost ghost reopened this Feb 24, 2022
@ghost
Copy link
Author

ghost commented Feb 28, 2022

Hi @MadameSheema

We have validated this issue on 8.1.0 BC4 and observe that issue is Fixed on Upgrade scenario as well.

Build Details:

Version: 8.1.0
Commit: 015578b81c26a5843747ba53b2fd92d40f0453cb
Build: 50428

After Upgrade
Screenshot:
image

Hence, We are closing this issue and marking as QA Validated

Thanks !!

@ghost ghost closed this as completed Feb 28, 2022
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@janmonschke janmonschke

@michaelolo24 michaelolo24

Labels
bug Fixes for quality problems that affect the customer experience fixed QA:Validated Issue has been validated by QA Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Investigations Security Solution Investigations Team Team:Threat Hunting Security Solution Threat Hunting Team v8.1.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@janmonschke @MindyRS @elasticmachine @michaelolo24 @MadameSheema