Comments (9)
paul-tavares
commented on August 25, 2024
1
Ok. I think this is fixed with #182158 , which was just merged yesterday so you are not running with it.
@sukhwindersingh-qasource ,
I would like to confirm. In cases like this it would be very helpful if going forward you can include the JSON of the alert so I can see the detailed data. can you provide that?
Also - note that the fix I did would disable the Respond option in the menu and provide the user with a hover popup that indicates why its disabled (likely because there is no observer.serial_number) - you can see a screen capture of this bahaviour in the PR that was linked above.
The isolate/release dedicated menu item works a bit different in that if its checks determine isoalte can't be supported, the option is actually hidden from the menu (something we have been meaning to fix for a while now), rather than to be displayed in disabled mode.
from kibana.
sukhwindersingh-qasource
commented on August 25, 2024
1
Thank you for the update. Moving forward, we will be attaching the JSON of the alerts. Attached the JSON file for a similar kind of alert with the same observation as 'observer.serial_number:*' existing, but without the 'isolate' option.
Detailed Observation
Build Details:
VERSION: 8.14.0
BUILD: 73762
COMMIT: 2a492e1
Screencast
Alerts.-.Kibana.Mozilla.Firefox.2024-05-08.14-28-14.mp4
JSON of the alert
Json.txt
Please let us know if anything else is required from our side.
Thanks.
from kibana.
elasticmachine
commented on August 25, 2024
Pinging @elastic/security-defend-workflows (Team:Defend Workflows)
from kibana.
elasticmachine
commented on August 25, 2024
Pinging @elastic/security-solution (Team: SecuritySolution)
from kibana.
sukhwindersingh-qasource
commented on August 25, 2024
@muskangulati-qasource kindly review this
from kibana.
dasansol92
commented on August 25, 2024
@paul-tavares can this be related to these recent changes? #182158
or maybe related to this recent issue: #182330
cc: @ashokaditya
from kibana.
muskangulati-qasource
commented on August 25, 2024
Secondary review is done for the ticket.
Assigned to @ashokaditya
cc: @dasansol92
from kibana.
paul-tavares
commented on August 25, 2024
Ok. I was able to debug this and the problem seems to be the same that @ashokaditya fixed just yesterday via this PR: #183280 . So next time you pull in a new BC this should be fixed.
The problem here is due to the fact that an API call to get the agent status is failing with:
{
"statusCode": 500,
"error": "Internal Server Error",
"message": "Attempt retrieve agent information from to SentinelOne failed: Response validation failed (Error: [data.0.osUsername]: expected value of type [string] but got [null])"
}
This can be seen in the browser's developer tools console tab
from kibana.
sukhwindersingh-qasource
commented on August 25, 2024
Hi @paul-tavares,
Thanks for looking into this and providing the update. We will validate this ticket once the next BC arrives.
Thanks!
from kibana.
Related Issues (20)
- [Security Solution][DQD][API] Add new /internal/ecs_data_quality_dashboard/results/:pattern route (Phase 1) HOT 2
- [Security Solution] Make existing OpenAPI specs for Detections API correct HOT 4
- [Security Solution] Make existing OpenAPI specs for Detections API documentation-ready HOT 4
- Fleet: Make subobjects: false the default for logs data streams HOT 1
- [Custom threshold][Logs Explorer] Issue with saving prefilled filters in custom threshold rule HOT 1
- Failing test: Security Solution Cypress.x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/value_lists/value_list_items·cy·ts - Value list items displays a toaster error when list item actions fail displays a toaster error when list item actions fail HOT 11
- Template UI doesn't allow setting subobjects HOT 2
- Failing test: Security Solution Cypress.x-pack/plugins/security_solution/public/management/cypress/e2e/artifacts/artifacts_mocked_data·cy·ts - Artifacts pages When on the Trusted applications entries list write - should create new Trusted applications entry write - should create new Trusted applications entry HOT 1
- Failing test: Security Solution Cypress.x-pack/plugins/security_solution/public/management/cypress/e2e/artifacts/artifacts_mocked_data·cy·ts - Artifacts pages When on the Trusted applications entries list write - should be able to update an existing Trusted applications entry write - should be able to update an existing Trusted applications entry HOT 1
- Failing test: Security Solution Cypress.x-pack/plugins/security_solution/public/management/cypress/e2e/artifacts/artifacts_mocked_data·cy·ts - Artifacts pages When on the Trusted applications entries list write - should be able to delete the existing Trusted applications entry write - should be able to delete the existing Trusted applications entry HOT 1
- Failing test: Security Solution Cypress.x-pack/plugins/security_solution/public/management/cypress/e2e/artifacts/artifacts_mocked_data·cy·ts - Artifacts pages When on the Blocklist entries list write - should create new Blocklist entry write - should create new Blocklist entry HOT 4
- Failing test: Security Solution Cypress.x-pack/plugins/security_solution/public/management/cypress/e2e/artifacts/artifacts_mocked_data·cy·ts - Artifacts pages When on the Blocklist entries list write - should be able to update an existing Blocklist entry write - should be able to update an existing Blocklist entry HOT 4
- Failing test: Security Solution Cypress.x-pack/plugins/security_solution/public/management/cypress/e2e/artifacts/artifacts_mocked_data·cy·ts - Artifacts pages When on the Blocklist entries list write - should be able to delete the existing Blocklist entry write - should be able to delete the existing Blocklist entry HOT 4
- [SecuritySolution] Rule exceptions are not added as filters when investigating alerts in timeline HOT 1
- [Infra] Use asset details flyout (overview and metadata) fo containers HOT 1
- Failing test: Security Solution Cypress.x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/esql_rule·cy·ts - Detection ES|QL rules, edit edits ES|QL rule query and override rule name with new property edits ES|QL rule query and override rule name with new property HOT 4
- Collect and document metrics+fields that are used by the Inventory UI HOT 4
- [ResponseOps] Flapping recovered alerts do not show up as active in the alerts table HOT 1
- [SLO] Fix flyout HOT 2
- [Obs AI Assistant] Knowledge base cannot be installed via public API HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kibana.