Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution]Investigation in timeline present for Ransomware.Feature Alert prevalence #133723

Closed
ghost opened this issue Jun 7, 2022 · 6 comments
Closed

[Security Solution]Investigation in timeline present for Ransomware.Feature Alert prevalence #133723

ghost opened this issue Jun 7, 2022 · 6 comments
Assignees
@janmonschke
Labels
bug Fixes for quality problems that affect the customer experience impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. triage_needed v8.3.0

Comments

@ghost
Copy link

ghost commented Jun 7, 2022
edited by ghost
Loading

Describe the bug
Investigation in timeline present for Ransomware.Feature Alert prevalence

Build Details

Version: 8.3.0 BC2
Commit:25476b531ba9f32292bde85508d342aa5e1c29eb
Build:53231

Steps

  • Login to kibana and go to Security App

  • Enable the Endpoint security rule

  • Generate the ransomware alert , test-script for this is here
    Testfile.zip

  • click on alert details and fly-out

  • Observed that investigate in timeline is present for dash value

Screen-Shoot

image

ksingh.-.ec2-3-89-244-0.compute-1.amazonaws.com.-.Remote.Desktop.Connection.2022-06-07.15-18-39.mp4

Additional Details:

Rule JSON:
ransomware.zip
@ghost ghost added bug Fixes for quality problems that affect the customer experience triage_needed Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Jun 7, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@ghost
Copy link
Author

ghost commented Jun 7, 2022

#132095

@ghost ghost added v8.3.0 impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. labels Jun 7, 2022
@ghost ghost assigned michaelolo24 Jun 7, 2022
@janmonschke
Copy link
Contributor

@karanbirsingh-qasource I created this PR (#133791) that should fix the issue once and for all :D

However, the changes in that PR change the UX of the table and it would be great to update the QA script for it once it's merged. From that PR onwards, there will be no dedicated Investigate in timeline button but a LinkButton that shows the count which has the same functionality as the previous button.

Since I'm out for the rest of the week, could you maybe update the script when the PR merges?

@ghost
Copy link
Author

ghost commented Jun 8, 2022

@karanbirsingh-qasource I created this PR (#133791) that should fix the issue once and for all :D

However, the changes in that PR change the UX of the table and it would be great to update the QA script for it once it's merged. From that PR onwards, there will be no dedicated Investigate in timeline button but a LinkButton that shows the count which has the same functionality as the previous button.

Since I'm out for the rest of the week, could you maybe update the script when the PR merges?

ok @janmonschke we will check the issue after pr merge and also look into the script

@janmonschke
Copy link
Contributor

@karanbirsingh-qasource The PR has been merged 🎉

@ghost
Copy link
Author

ghost commented Jun 15, 2022

Hi @janmonschke

we have validated this issue and found the new changes that is change of hover action to clickable button for investigate in prevalence for alert highlights.

Build Details:

Version:8.3.0 BC4
Commit:875ea184462f73a04410981ac9eaf799db28b4f0
Build:53413

Screen-Shoot:

image

Hence we are closing this issue and adding "QA:Validated" tag to it.

thanks !!

@ghost ghost closed this as completed Jun 15, 2022
@ghost ghost added the QA:Validated Issue has been validated by QA label Jun 15, 2022
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@janmonschke janmonschke

Labels
bug Fixes for quality problems that affect the customer experience impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. triage_needed v8.3.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@janmonschke @elasticmachine @michaelolo24