Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] The status of isolate and release keeps on showing pending even though it is successful #123707

Closed
muskangulati-qasource opened this issue Jan 25, 2022 · 10 comments
Closed

[Security Solution] The status of isolate and release keeps on showing pending even though it is successful #123707

muskangulati-qasource opened this issue Jan 25, 2022 · 10 comments
Assignees
@ashokaditya
Labels
bug Fixes for quality problems that affect the customer experience impact:critical This issue should be addressed immediately due to a critical level of impact on the product. QA:Validated Issue has been validated by QA Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.0.0

Comments

@muskangulati-qasource
Copy link

muskangulati-qasource commented Jan 25, 2022
edited
Loading

Description:
The status of isolate and release keeps on showing pending even though it is successful

Build Details:

Kibana version: 8.0.0 rc2
Build: 49092
Commit: 93d9bd54452711c449fe07e4f23c43a4a0e519c3
Artifact page: https://staging.elastic.co/8.0.0-rc2-c0b0e70d/summary-8.0.0-rc2.html

Browser Details:
All

Preconditions:

  1. Kibana user should be logged in.

Steps to Reproduce:

  1. Isolate an endpoint and observe the status keeps on showing as pending.

Impacted Test case:
N/A

Actual Result:
The status of isolate and release keeps on showing pending even though it is successful

Expected Result:
The status of isolate and release should be updated and not shown as pending once it is successful

What's working:
N/A

What's not working:
N/A

Screen Recording:

IsolateRelease.mp4

Logs:
N/A
@muskangulati-qasource muskangulati-qasource added bug Fixes for quality problems that affect the customer experience v8.0.0 impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Defend Workflows “EDR Workflows” sub-team of Security Solution labels Jan 25, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-onboarding-and-lifecycle-mgt (Team:Onboarding and Lifecycle Mgt)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@muskangulati-qasource
Copy link
Author

@manishgupta-qasource please review!!

@manishgupta-qasource
Copy link

Reviewed & assigned to @kevinlog

@kevinlog
Copy link
Contributor

kevinlog commented Jan 25, 2022
edited
Loading

@muskangulati-qasource - I noticed in your video that the Endpoint never sends the "Completed" notification in the actions log.

image

Can you verify that your VMs are actually completing the isolation action? You can go to the VM and find the desktop notification or try to connect to some website and it should be isolated.

I just verified this on an rc2 build myself and I'm seeing it be successful, see the below:
image

You can see that the Endpoint is sending back the success messages in the Activity log.

cc\ @ferullo @ashokaditya

@kevinlog kevinlog added impact:critical This issue should be addressed immediately due to a critical level of impact on the product. and removed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. labels Jan 25, 2022
@kevinlog kevinlog assigned ashokaditya and unassigned kevinlog Jan 25, 2022
@kevinlog
Copy link
Contributor

@muskangulati-qasource @ashokaditya I know what the problem is. If the namespace is different, then we need to expand the query to go beyond just .logs-actions-response-default. I'm raising this to critical so that we can merge it in before the last 8.0 BC

ashokaditya added a commit to ashokaditya/kibana that referenced this issue Jan 25, 2022
@ashokaditya
search responses without a specific namespace to show pending actions
6badbf1 
fixes elastic/issues/123707
@ashokaditya
Copy link
Member

PR /pull/123741

ashokaditya added a commit to ashokaditya/kibana that referenced this issue Jan 25, 2022
@ashokaditya
search over all endpoint response indices irrespective of namespace s…
eb6b4e4 
…uffix

fixes elastic/issues/123707
ashokaditya added a commit to ashokaditya/kibana that referenced this issue Jan 25, 2022
@ashokaditya
match namespace suffixes for endpoint action and response indices
f006eb1 
fixes elastic/issues/123707
kibanamachine pushed a commit to kibanamachine/kibana that referenced this issue Jan 25, 2022
@ashokaditya @kibanamachine
[Security Solution][Endpoint] Search responses without a specific nam…
0bededf 
…espace to show pending actions (elastic#123741)

* search responses without a specific namespace to show pending actions

fixes elastic/issues/123707

* search over all endpoint response indices irrespective of namespace suffix

fixes elastic/issues/123707

* match namespace suffixes for endpoint action and response indices

fixes elastic/issues/123707

(cherry picked from commit dfd8bfb)
kibanamachine pushed a commit to kibanamachine/kibana that referenced this issue Jan 25, 2022
@ashokaditya @kibanamachine
[Security Solution][Endpoint] Search responses without a specific nam…
1616f17 
…espace to show pending actions (elastic#123741)

* search responses without a specific namespace to show pending actions

fixes elastic/issues/123707

* search over all endpoint response indices irrespective of namespace suffix

fixes elastic/issues/123707

* match namespace suffixes for endpoint action and response indices

fixes elastic/issues/123707

(cherry picked from commit dfd8bfb)
@kevinlog kevinlog reopened this Jan 25, 2022
kibanamachine added a commit that referenced this issue Jan 26, 2022
@kibanamachine @ashokaditya
[Security Solution][Endpoint] Search responses without a specific nam…
fd32ab5 
…espace to show pending actions (#123741) (#123769)

* search responses without a specific namespace to show pending actions

fixes /issues/123707

* search over all endpoint response indices irrespective of namespace suffix

fixes /issues/123707

* match namespace suffixes for endpoint action and response indices

fixes /issues/123707

(cherry picked from commit dfd8bfb)

Co-authored-by: Ashokaditya <1849116+ashokaditya@users.noreply.github.com>
kibanamachine added a commit that referenced this issue Jan 26, 2022
@kibanamachine @ashokaditya
[Security Solution][Endpoint] Search responses without a specific nam…
87523c0 
…espace to show pending actions (#123741) (#123770)

* search responses without a specific namespace to show pending actions

fixes /issues/123707

* search over all endpoint response indices irrespective of namespace suffix

fixes /issues/123707

* match namespace suffixes for endpoint action and response indices

fixes /issues/123707

(cherry picked from commit dfd8bfb)

Co-authored-by: Ashokaditya <1849116+ashokaditya@users.noreply.github.com>
@kevinlog kevinlog added the QA:Ready for Testing Code is merged and ready for QA to validate label Jan 26, 2022
@kevinlog
Copy link
Contributor

@muskangulati-qasource the fix for this is merged and will be available in the next 8.0 build candidate. Since I raised this as a blocker for 8.0, I'm going to close this ticket communicate to the release team that the fix is merged and the BC can be built.

I'm adding the "Ready for Test" label. After it's tested, you can remove that label and leave a comment as usual. Thanks!

@muskangulati-qasource
Copy link
Author

Hi @kevinlog,

We tested this ticket & found that the issue is Fixed on the 8.0.0 RC2 -BC4 build. Please find below the testing details:

Build Details:

Kibana Version: 8.0.0 RC2 BC4
Build: 49192
Commit: 57ca5e139a33dd2eed927ce98d8231a1f217cd15
Artifacts link: https://staging.elastic.co/8.0.0-rc2-27a50a27/summary-8.0.0-rc2.html

Screenshots:
integration
Isolated
Released

Hence, closing this ticket and marking it as "Validated".

Thanks!

@muskangulati-qasource muskangulati-qasource added QA:Validated Issue has been validated by QA and removed QA:Ready for Testing Code is merged and ready for QA to validate labels Feb 3, 2022
@harshitgupta-qasource
Copy link

Bug Conversion

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ashokaditya ashokaditya

Labels
bug Fixes for quality problems that affect the customer experience impact:critical This issue should be addressed immediately due to a critical level of impact on the product. QA:Validated Issue has been validated by QA Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.0.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@ashokaditya @elasticmachine @kevinlog @manishgupta-qasource @muskangulati-qasource @harshitgupta-qasource