Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Alert information is not displayed on Jira after adding the alert in jira connector even after enabling the "sync alert status with case status" option. #86102

Closed
ghost opened this issue Dec 16, 2020 · 8 comments · Fixed by #86812
Closed

[Security Solution] Alert information is not displayed on Jira after adding the alert in jira connector even after enabling the "sync alert status with case status" option. #86102

ghost opened this issue Dec 16, 2020 · 8 comments · Fixed by #86812
Assignees
@cnasikas
Labels
bug Fixes for quality problems that affect the customer experience impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting Security Solution Threat Hunting Team triage_needed

Comments

@ghost
Copy link

ghost commented Dec 16, 2020

Description
Alert information is not displaying on Jira after added the alert in jira connector even after enable the "sync alert status with case status".

Build Details:

Version: 7.11.0 Snapshot
Commit:d0c88d5b23ab09511ed0edf803a1f47daf471a3d
Build number : 37305
Artifact: https://artifacts-api.elastic.co/v1/search/7.11.0-SNAPSHOT

Browser Details:
All

Preconditions:

  1. Elastic stack should be up and running
  2. Audit beat should be installed and running.
  3. One connector like JIRA should be added.
  4. Alert should be generated.

Steps to Reproduce:

  1. Navigate to Detection tab of security.
  2. Click on add to case icon.
  3. Click on add to new case.
  4. Enter the name and description.
  5. Enable the "sync alert status with case status"
  6. Select Jira connector from "External Incident Management System" drop down.
  7. Now navigate to cases tab.
  8. Click on created case.
  9. Click on "Push as incident."
  10. Now click on Jira incident link.
  11. Observe that no information is displaying only "(added at 2020-12-16T11:49:49.864Z by elastic)" is displaying

Observation: Same scenario is working if disable the "sync alert status with case status".

Impacted Test case:
N/A

Actual Result:
Alert information is not displayed on Jira after adding the alert in jira connector even after enabling the "sync alert status with case status" option.

Expected Result:
Alert information should be displayed on Jira after adding the alert in jira connector after enabling the "sync alert status with case status" option.

What's working:
N/A

What's not working:
N/A

Screenshot:
Add_new_Case

Jira
@ghost ghost added bug Fixes for quality problems that affect the customer experience Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v7.11.0 labels Dec 16, 2020
@ghost
Copy link
Author

ghost commented Dec 16, 2020

@manishgupta-qasource Please review

@manishgupta-qasource
Copy link

Reviewed & assigned to @MadameSheema

@manishgupta-qasource manishgupta-qasource added the impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. label Dec 16, 2020
@MadameSheema
Copy link
Member

@XavierM @cnasikas can you please take a look at this?

@cnasikas cnasikas added the Team:Threat Hunting Security Solution Threat Hunting Team label Dec 17, 2020
@cnasikas cnasikas self-assigned this Dec 17, 2020
@cnasikas cnasikas mentioned this issue Dec 22, 2020
Merged
3 tasks
@ghost
Copy link
Author

ghost commented Jan 19, 2021

Hi @cnasikas

We have validated this ticket on 7.11.0 BC3 and found that issue is Fixed . Alert information is displaying in incidents[Jira, IBM. Service Now] after adding the alert on cases.

Build Details:

Version: 7.11.0 BC3
Build: 37694
Commit: b9c97fb364139c48ef619140534af4eea195a629

Artifacts: https://staging.elastic.co/7.11.0-e9e2951f/summary-7.11.0.html

Screenshot:
Alert_information

IBM_alert

SN_alert

Thanks!!

@muskangulati-qasource
Copy link

muskangulati-qasource commented Jun 18, 2021
edited
Loading

Hi @MadameSheema,

We tested this scenario on the latest 7.14.0-SNAPSHOT build and found that is on 7.14.0.

Build Details:

Version: 7.14.0-SNAPSHOT
Kibana Commit: 9838db392e7fcfc12f004b68fb1b09739f131148
Kibana Build Hash: 41559
Artifact Page : https://artifacts-api.elastic.co/v1/search/7.14.0-SNAPSHOT

Screenshot:
Issue

Hence, reopening this issue.

Thanks!

@MadameSheema
Copy link
Member

@cnasikas can you please take a look at this? Thanks :)

@cnasikas
Copy link
Member

Hi @MadameSheema @muskangulati-qasource. We changed the behaviour to show only the counts of the alerts attached to a case on #88655. We do not create comments for alerts on external services.

@MadameSheema
Copy link
Member

Closing the issue since is the expected behaviour, thanks :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cnasikas cnasikas

Labels
bug Fixes for quality problems that affect the customer experience impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting Security Solution Threat Hunting Team triage_needed
Projects
None yet
Milestone
No milestone
4 participants
@cnasikas @MadameSheema @manishgupta-qasource @muskangulati-qasource