Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution]Incorrect Prevention and Detection Type Alert Count in Alert by Type Chart of Alert Page #150278

Closed
ghost opened this issue Feb 6, 2023 · 11 comments
Closed

[Security Solution]Incorrect Prevention and Detection Type Alert Count in Alert by Type Chart of Alert Page #150278

ghost opened this issue Feb 6, 2023 · 11 comments
Assignees
@michaelolo24 @christineweng
Labels
bug Fixes for quality problems that affect the customer experience impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Investigations Security Solution Investigations Team Team:Threat Hunting Security Solution Threat Hunting Team triage_needed

Comments

@ghost
Copy link

ghost commented Feb 6, 2023
edited by ghost
Loading

Describe the bug
Incorrect Prevention and Detection Type Alert Count in Alert by Type Chart of Alert Page

Build Details:

Version: 8.7.0-SNAPSHOT
Commit: 99f69f78f84ac41fb3e4b440c56b3c8bd51e084a
Build: 60431

Preconditions

  • Endpoint Security prebuilt rule should be enabled on kibana
  • Duplicate above prebuilt rule and also enable this

Steps

  • Set the Endpoint policy to Detect
  • Execute the Mimikatz.exe
  • 2 Alerts will be generated one from Endpoint Security and another from Endpoint Security [Duplicate]
  • Now set the Endpoint Policy to Prevent
  • Execute the Mimikatz.exe
  • 2 Alerts will be generated one from Endpoint Security and another from Endpoint Security [Duplicate]
  • Total 4 will be on build now
  • Go to Alert Page and select Charts Visualization and go to Alert by type and observe the count which is showing incorrect

Screen-Cast

image

Alerts.-.Kibana.Mozilla.Firefox.2023-02-06.12-25-58.mp4
Alerts.-.Kibana.Mozilla.Firefox.2023-02-06.12-27-34.mp4

Additional Information

  • Inspect information

image

Response

{
  "took": 1,
  "timed_out": false,
  "_shards": {
    "total": 1,
    "successful": 1,
    "skipped": 0,
    "failed": 0
  },
  "hits": {
    "total": {
      "value": 2,
      "relation": "eq"
    },
    "max_score": null,
    "hits": []
  },
  "aggregations": {
    "alertsByRule": {
      "doc_count_error_upper_bound": 0,
      "sum_other_doc_count": 0,
      "buckets": [
        {
          "key": "Malware Detection Alert",
          "doc_count": 2,
          "ruleByEventType": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": [
              {
                "key": "allowed",
                "doc_count": 2
              },
              {
                "key": "info",
                "doc_count": 2
              },
              {
                "key": "start",
                "doc_count": 2
              }
            ]
          }
        }
      ]
    }
  }
}

Request

{
  "size": 0,
  "query": {
    "bool": {
      "filter": [
        {
          "bool": {
            "must": [],
            "filter": [
              {
                "match_phrase": {
                  "kibana.alert.rule.name": {
                    "query": "Malware Detection Alert"
                  }
                }
              },
              {
                "term": {
                  "kibana.alert.workflow_status": "open"
                }
              }
            ],
            "should": [],
            "must_not": [
              {
                "exists": {
                  "field": "kibana.alert.building_block_type"
                }
              }
            ]
          }
        },
        {
          "range": {
            "@timestamp": {
              "gte": "2023-02-05T18:30:00.000Z",
              "lte": "2023-02-06T18:29:59.999Z"
            }
          }
        }
      ]
    }
  },
  "aggs": {
    "alertsByRule": {
      "terms": {
        "field": "kibana.alert.rule.name",
        "size": 1000
      },
      "aggs": {
        "ruleByEventType": {
          "terms": {
            "field": "event.type",
            "size": 1000
          }
        }
      }
    }
  },
  "runtime_mappings": {}
}

image

  • Request
{
  "size": 0,
  "query": {
    "bool": {
      "filter": [
        {
          "bool": {
            "must": [],
            "filter": [
              {
                "match_phrase": {
                  "kibana.alert.rule.name": {
                    "query": "Malware Prevention Alert"
                  }
                }
              },
              {
                "term": {
                  "kibana.alert.workflow_status": "open"
                }
              }
            ],
            "should": [],
            "must_not": [
              {
                "exists": {
                  "field": "kibana.alert.building_block_type"
                }
              }
            ]
          }
        },
        {
          "range": {
            "@timestamp": {
              "gte": "2023-02-05T18:30:00.000Z",
              "lte": "2023-02-06T18:29:59.999Z"
            }
          }
        }
      ]
    }
  },
  "aggs": {
    "alertsByRule": {
      "terms": {
        "field": "kibana.alert.rule.name",
        "size": 1000
      },
      "aggs": {
        "ruleByEventType": {
          "terms": {
            "field": "event.type",
            "size": 1000
          }
        }
      }
    }
  },
  "runtime_mappings": {}
}
  • Response
{
  "took": 1,
  "timed_out": false,
  "_shards": {
    "total": 1,
    "successful": 1,
    "skipped": 0,
    "failed": 0
  },
  "hits": {
    "total": {
      "value": 2,
      "relation": "eq"
    },
    "max_score": null,
    "hits": []
  },
  "aggregations": {
    "alertsByRule": {
      "doc_count_error_upper_bound": 0,
      "sum_other_doc_count": 0,
      "buckets": [
        {
          "key": "Malware Prevention Alert",
          "doc_count": 2,
          "ruleByEventType": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": [
              {
                "key": "denied",
                "doc_count": 2
              },
              {
                "key": "info",
                "doc_count": 2
              },
              {
                "key": "start",
                "doc_count": 2
              }
            ]
          }
        }
      ]
    }
  }
}
@ghost ghost added bug Fixes for quality problems that affect the customer experience triage_needed Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Feb 6, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@ghost ghost added the impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. label Feb 6, 2023
@ghost
Copy link
Author

ghost commented Feb 6, 2023

@amolnater-qasource please review

@MadameSheema MadameSheema added Team:Threat Hunting:Investigations Security Solution Investigations Team Team:Threat Hunting Security Solution Threat Hunting Team labels Feb 6, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@MadameSheema
Copy link
Member

@michaelolo24 @christineweng may you please take a look at the above issue? Thanks!

@christineweng
Copy link
Contributor

@karanbirsingh-qasource just want to clarify, I noticed a few discrepancies in your screenshots, could you confirm the below 2 bugs as shown in your videos:

  1. Count discrepancies between detection totals (101) and row detail totals (13)- could you share with me the inspect response for this scenario?
  2. Count discrepancies between severity (2) and type (6), you shared the inspect request and response for type, could you share the same for severity?
  • the categorization of detection and prevention looks correct to me, only event.type==="denied will be considered and prevention, so the response below should yield detection: 4 and prevention: 2
    image

@ghost
Copy link
Author

ghost commented Feb 7, 2023
edited by ghost
Loading

Thanks @christineweng for looking to the issue and please find below additional details regarding the above pointers.

Moreover we have shared the instance credentials with you over gmail for more clarity.

Count discrepancies between detection totals (101) and row detail totals (13)- could you share with me the inspect response for this scenario?

_To Filter only Detections Type Alert ,we have first got the id value of 2 prevention alert and then applied the not filter on them as currently we could not find the filter for type field to apply

Alerts.-.Kibana.Mozilla.Firefox.2023-02-07.11-19-27.mp4

image

Alerts.-.Kibana.Mozilla.Firefox.2023-02-07.09-37-54.mp4

image

Request

  "size": 0,
  "query": {
    "bool": {
      "filter": [
        {
          "bool": {
            "must": [],
            "filter": [
              {
                "bool": {
                  "must": [],
                  "filter": [],
                  "should": [],
                  "must_not": [
                    {
                      "match_phrase": {
                        "_id": "5d1fe6e31eb84e69e350a09175fa79a8baf485b67d01bcb5f053091820979fd2"
                      }
                    },
                    {
                      "match_phrase": {
                        "_id": "7c13cd89a80ee3567809aa09b70268cd3bbffc5f9f89808e9b5578c70b5d6e6a"
                      }
                    }
                  ]
                }
              },
              {
                "term": {
                  "kibana.alert.workflow_status": "open"
                }
              }
            ],
            "should": [],
            "must_not": [
              {
                "exists": {
                  "field": "kibana.alert.building_block_type"
                }
              }
            ]
          }
        },
        {
          "range": {
            "@timestamp": {
              "gte": "2022-02-06T18:30:00.000Z",
              "lte": "2023-02-07T04:02:39.676Z"
            }
          }
        }
      ]
    }
  },
  "aggs": {
    "alertsByRule": {
      "terms": {
        "field": "kibana.alert.rule.name",
        "size": 1000
      },
      "aggs": {
        "ruleByEventType": {
          "terms": {
            "field": "event.type",
            "size": 1000
          }
        }
      }
    }
  },
  "runtime_mappings": {}
}

Response

  "took": 2,
  "timed_out": false,
  "_shards": {
    "total": 1,
    "successful": 1,
    "skipped": 0,
    "failed": 0
  },
  "hits": {
    "total": {
      "value": 101,
      "relation": "eq"
    },
    "max_score": null,
    "hits": []
  },
  "aggregations": {
    "alertsByRule": {
      "doc_count_error_upper_bound": 0,
      "sum_other_doc_count": 0,
      "buckets": [
        {
          "key": "severity override",
          "doc_count": 91,
          "ruleByEventType": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": [
              {
                "key": "change",
                "doc_count": 68
              },
              {
                "key": "start",
                "doc_count": 12
              },
              {
                "key": "end",
                "doc_count": 11
              }
            ]
          }
        },
        {
          "key": "CMD Proces Alert ",
          "doc_count": 7,
          "ruleByEventType": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": [
              {
                "key": "change",
                "doc_count": 4
              },
              {
                "key": "start",
                "doc_count": 3
              }
            ]
          }
        },
        {
          "key": "Malware Detection Alert",
          "doc_count": 2,
          "ruleByEventType": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": [
              {
                "key": "allowed",
                "doc_count": 2
              },
              {
                "key": "info",
                "doc_count": 2
              },
              {
                "key": "start",
                "doc_count": 2
              }
            ]
          }
        },
        {
          "key": "mpaint process alert ",
          "doc_count": 1,
          "ruleByEventType": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": [
              {
                "key": "start",
                "doc_count": 1
              }
            ]
          }
        }
      ]
    }
  }
}

Count discrepancies between severity (2) and type (6), you shared the inspect request and response for type, could you share the same for severity?

image

Severity levels Request

  "size": 0,
  "query": {
    "bool": {
      "filter": [
        {
          "bool": {
            "must": [],
            "filter": [
              {
                "match_phrase": {
                  "kibana.alert.rule.name": {
                    "query": "Malware Prevention Alert"
                  }
                }
              },
              {
                "term": {
                  "kibana.alert.workflow_status": "open"
                }
              }
            ],
            "should": [],
            "must_not": [
              {
                "exists": {
                  "field": "kibana.alert.building_block_type"
                }
              }
            ]
          }
        },
        {
          "range": {
            "@timestamp": {
              "gte": "2022-02-06T18:30:00.000Z",
              "lte": "2023-02-07T04:02:39.676Z"
            }
          }
        }
      ]
    }
  },
  "aggs": {
    "statusBySeverity": {
      "terms": {
        "field": "kibana.alert.severity"
      }
    }
  },
  "runtime_mappings": {}
}

Severity levels Response

  "took": 2,
  "timed_out": false,
  "_shards": {
    "total": 1,
    "successful": 1,
    "skipped": 0,
    "failed": 0
  },
  "hits": {
    "total": {
      "value": 2,
      "relation": "eq"
    },
    "max_score": null,
    "hits": []
  },
  "aggregations": {
    "statusBySeverity": {
      "doc_count_error_upper_bound": 0,
      "sum_other_doc_count": 0,
      "buckets": [
        {
          "key": "high",
          "doc_count": 2
        }
      ]
    }
  }
}

Alerts by type Request

  "size": 0,
  "query": {
    "bool": {
      "filter": [
        {
          "bool": {
            "must": [],
            "filter": [
              {
                "match_phrase": {
                  "kibana.alert.rule.name": {
                    "query": "Malware Prevention Alert"
                  }
                }
              },
              {
                "term": {
                  "kibana.alert.workflow_status": "open"
                }
              }
            ],
            "should": [],
            "must_not": [
              {
                "exists": {
                  "field": "kibana.alert.building_block_type"
                }
              }
            ]
          }
        },
        {
          "range": {
            "@timestamp": {
              "gte": "2022-02-06T18:30:00.000Z",
              "lte": "2023-02-07T04:02:39.676Z"
            }
          }
        }
      ]
    }
  },
  "aggs": {
    "alertsByRule": {
      "terms": {
        "field": "kibana.alert.rule.name",
        "size": 1000
      },
      "aggs": {
        "ruleByEventType": {
          "terms": {
            "field": "event.type",
            "size": 1000
          }
        }
      }
    }
  },
  "runtime_mappings": {}
}

Alerts by type Response

  "took": 2,
  "timed_out": false,
  "_shards": {
    "total": 1,
    "successful": 1,
    "skipped": 0,
    "failed": 0
  },
  "hits": {
    "total": {
      "value": 2,
      "relation": "eq"
    },
    "max_score": null,
    "hits": []
  },
  "aggregations": {
    "alertsByRule": {
      "doc_count_error_upper_bound": 0,
      "sum_other_doc_count": 0,
      "buckets": [
        {
          "key": "Malware Prevention Alert",
          "doc_count": 2,
          "ruleByEventType": {
            "doc_count_error_upper_bound": 0,
            "sum_other_doc_count": 0,
            "buckets": [
              {
                "key": "denied",
                "doc_count": 2
              },
              {
                "key": "info",
                "doc_count": 2
              },
              {
                "key": "start",
                "doc_count": 2
              }
            ]
          }
        }
      ]
    }
  }
}

Please let us known if there is any more information required from our end.

thanks !!

@christineweng christineweng mentioned this issue Feb 7, 2023
Merged
kibanamachine pushed a commit to kibanamachine/kibana that referenced this issue Feb 8, 2023
@christineweng
[Security Solution][Bug] Alerts type discrepancy and ui improvements (e…
0b5f57e 
…lastic#150504)

This PR addresses the following:

#### Bug fix
elastic#150278 described a discrepancy
between total alert count in alert by type chart and everywhere else on
alerts page. This is due to `event.type` being a multi-select, if an
alert has 3 event types (i.e. creation, info, denied), it is counted 3
times on alert by type graph. This logic is now updated to categorize an
alert once
- if `denied` event type exists, such event count  => `Prevention`
- total alert count - prevention count => `Detection`.

#### UI improvements
- Top alerts chart no longer shows `Other` when number of grouping is
less than 10 per
elastic#150242 (comment)

![image](https://user-images.githubusercontent.com/18648970/217382166-073d2da9-f49d-4bf7-9a08-3795d5948e33.png)
- Changed `EmptyDonutChart`'s background based on dark/light mode
Before -> After

![image](https://user-images.githubusercontent.com/18648970/217382463-1ef44127-1cdf-4a70-85f2-8c78a612c485.png)
- Loading spinner for donut chart was not showing, it is now fixed

![image](https://user-images.githubusercontent.com/18648970/217382665-93e093e3-119a-4be4-a313-072ef118eec7.png)

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
(cherry picked from commit 2846b8c)
@christineweng christineweng reopened this Feb 8, 2023
@christineweng
Copy link
Contributor

@karanbirsingh-qasource this should be fixed on main, could you confirm?

@ghost
Copy link
Author

ghost commented Feb 9, 2023

Hi @christineweng

thanks for the update, however there is some issue on kibana mains on linux agent installation endpoint is in unhealthy state.

so we will be re-testing this issue as soon we will get a healthy endpoint status and will regress out this issue.

image

image

kibanamachine added a commit that referenced this issue Feb 9, 2023
@kibanamachine @christineweng
[8.7] [Security Solution][Bug] Alerts type discrepancy and ui improve…
179034c 
…ments (#150504) (#150649)

# Backport

This will backport the following commits from `main` to `8.7`:
- [[Security Solution][Bug] Alerts type discrepancy and ui improvements
(#150504)](#150504)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT
[{"author":{"name":"christineweng","email":"18648970+christineweng@users.noreply.github.com"},"sourceCommit":{"committedDate":"2023-02-08T22:40:49Z","message":"[Security
Solution][Bug] Alerts type discrepancy and ui improvements
(#150504)\n\nThis PR addresses the following:\r\n\r\n#### Bug
fix\r\nhttps://github.com//issues/150278 described a
discrepancy\r\nbetween total alert count in alert by type chart and
everywhere else on\r\nalerts page. This is due to `event.type` being a
multi-select, if an\r\nalert has 3 event types (i.e. creation, info,
denied), it is counted 3\r\ntimes on alert by type graph. This logic is
now updated to categorize an\r\nalert once\r\n- if `denied` event type
exists, such event count => `Prevention`\r\n- total alert count -
prevention count => `Detection`.\r\n\r\n#### UI improvements\r\n- Top
alerts chart no longer shows `Other` when number of grouping is\r\nless
than 10
per\r\nhttps://github.com//pull/150242#issuecomment-1419628829\r\n\r\n![image](https://user-images.githubusercontent.com/18648970/217382166-073d2da9-f49d-4bf7-9a08-3795d5948e33.png)\r\n-
Changed `EmptyDonutChart`'s background based on dark/light mode
\r\nBefore ->
After\r\n\r\n![image](https://user-images.githubusercontent.com/18648970/217382463-1ef44127-1cdf-4a70-85f2-8c78a612c485.png)\r\n-
Loading spinner for donut chart was not showing, it is now
fixed\r\n\r\n![image](https://user-images.githubusercontent.com/18648970/217382665-93e093e3-119a-4be4-a313-072ef118eec7.png)\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"2846b8c27cf7da5a9e5c8152177376fdb8d2cffe","branchLabelMapping":{"^v8.8.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Threat
Hunting","Team: SecuritySolution","Team:Threat
Hunting:Investigations","v8.7.0","v8.8.0"],"number":150504,"url":"https://github.com/elastic/kibana/pull/150504","mergeCommit":{"message":"[Security
Solution][Bug] Alerts type discrepancy and ui improvements
(#150504)\n\nThis PR addresses the following:\r\n\r\n#### Bug
fix\r\nhttps://github.com//issues/150278 described a
discrepancy\r\nbetween total alert count in alert by type chart and
everywhere else on\r\nalerts page. This is due to `event.type` being a
multi-select, if an\r\nalert has 3 event types (i.e. creation, info,
denied), it is counted 3\r\ntimes on alert by type graph. This logic is
now updated to categorize an\r\nalert once\r\n- if `denied` event type
exists, such event count => `Prevention`\r\n- total alert count -
prevention count => `Detection`.\r\n\r\n#### UI improvements\r\n- Top
alerts chart no longer shows `Other` when number of grouping is\r\nless
than 10
per\r\nhttps://github.com//pull/150242#issuecomment-1419628829\r\n\r\n![image](https://user-images.githubusercontent.com/18648970/217382166-073d2da9-f49d-4bf7-9a08-3795d5948e33.png)\r\n-
Changed `EmptyDonutChart`'s background based on dark/light mode
\r\nBefore ->
After\r\n\r\n![image](https://user-images.githubusercontent.com/18648970/217382463-1ef44127-1cdf-4a70-85f2-8c78a612c485.png)\r\n-
Loading spinner for donut chart was not showing, it is now
fixed\r\n\r\n![image](https://user-images.githubusercontent.com/18648970/217382665-93e093e3-119a-4be4-a313-072ef118eec7.png)\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"2846b8c27cf7da5a9e5c8152177376fdb8d2cffe"}},"sourceBranch":"main","suggestedTargetBranches":["8.7"],"targetPullRequestStates":[{"branch":"8.7","label":"v8.7.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.8.0","labelRegex":"^v8.8.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/150504","number":150504,"mergeCommit":{"message":"[Security
Solution][Bug] Alerts type discrepancy and ui improvements
(#150504)\n\nThis PR addresses the following:\r\n\r\n#### Bug
fix\r\nhttps://github.com//issues/150278 described a
discrepancy\r\nbetween total alert count in alert by type chart and
everywhere else on\r\nalerts page. This is due to `event.type` being a
multi-select, if an\r\nalert has 3 event types (i.e. creation, info,
denied), it is counted 3\r\ntimes on alert by type graph. This logic is
now updated to categorize an\r\nalert once\r\n- if `denied` event type
exists, such event count => `Prevention`\r\n- total alert count -
prevention count => `Detection`.\r\n\r\n#### UI improvements\r\n- Top
alerts chart no longer shows `Other` when number of grouping is\r\nless
than 10
per\r\nhttps://github.com//pull/150242#issuecomment-1419628829\r\n\r\n![image](https://user-images.githubusercontent.com/18648970/217382166-073d2da9-f49d-4bf7-9a08-3795d5948e33.png)\r\n-
Changed `EmptyDonutChart`'s background based on dark/light mode
\r\nBefore ->
After\r\n\r\n![image](https://user-images.githubusercontent.com/18648970/217382463-1ef44127-1cdf-4a70-85f2-8c78a612c485.png)\r\n-
Loading spinner for donut chart was not showing, it is now
fixed\r\n\r\n![image](https://user-images.githubusercontent.com/18648970/217382665-93e093e3-119a-4be4-a313-072ef118eec7.png)\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"2846b8c27cf7da5a9e5c8152177376fdb8d2cffe"}}]}]
BACKPORT-->

Co-authored-by: christineweng <18648970+christineweng@users.noreply.github.com>
@ghost
Copy link
Author

ghost commented Feb 10, 2023

Hi @christineweng

we have validated this issue on 8.7.0-BC1 On-Prem Setup and found the issue still occuring . Alert count mismatch in Alert by Type Chart.

  • Actual Alert count is 2 however in Alert by Type Chart count is showing 6 which is mismatch

Build Details:

Version: 8.7.0-BC1
Commit: d3b239d76aa04f073836f6100782134ac86887e2
Build: 60614

Screen-Cast:

ksingh-window-m1-signing-off.-.ec2-52-6-226-191.compute-1.amazonaws.com.-.Remote.Desktop.Connection.2023-02-10.11-27-30.mp4

Please let us known if need more information regarding the issue.

@ghost ghost mentioned this issue Feb 10, 2023
Closed
@christineweng
Copy link
Contributor

Hi @karanbirsingh-qasource I just checked and the fix did not make it to BC1 build, could you verify again when BC2 is ready? sorry!

@ghost
Copy link
Author

ghost commented Feb 16, 2023
edited by ghost
Loading

Hi @christineweng

we have re validated the issue and found the issue to be fixed now ✔️ . Correct Total count and detection and prevention type alert count is showing on charts.

Build Details:

Version: 8.7.0 BC2
Commit: 09c3bd11b121dea18eb84ef32bea4c9ab7915fc0
Build:60736

Screen-Cast:

Alerts.-.Kibana.Mozilla.Firefox.2023-02-16.15-58-09.mp4

Hence we are closing the issue and adding "QA:Validated" tag to it.

thanks !!

@ghost ghost closed this as completed Feb 16, 2023
@ghost ghost added the QA:Validated Issue has been validated by QA label Feb 16, 2023
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@michaelolo24 michaelolo24

@christineweng christineweng

Labels
bug Fixes for quality problems that affect the customer experience impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Investigations Security Solution Investigations Team Team:Threat Hunting Security Solution Threat Hunting Team triage_needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@elasticmachine @michaelolo24 @MadameSheema @christineweng @amolnater-qasource