Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Exception][Close All] Not works on the new Acknowledged state alerts #109408

Closed
ghost opened this issue Aug 20, 2021 · 10 comments
Closed

[Security Solution][Exception][Close All] Not works on the new Acknowledged state alerts #109408

ghost opened this issue Aug 20, 2021 · 10 comments
Assignees
@dplumlee
Labels
bug Fixes for quality problems that affect the customer experience impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Theme: rac label obsolete v7.15.0

Comments

@ghost
Copy link

ghost commented Aug 20, 2021

Describe the bug
[Exception][Close All] Not works on the new Acknowledged state alerts

Build Details

Version:7.15.0
Commit:d791226d9385122f33f4a5ca38fa5369012fbec3
Build:43636

Browsers
all

Precondition

  • Install the Endpoint Security on the kibana

Steps to Reproduce

  1. Generate few Alerts ( let say 2) .
  2. Set all the generated alert to Acknowledged.
  3. Click on more action and save the rule exception with close all.
  4. Check for the Exception Entry.
  5. Do a browser hard refresh.
  6. Observed that Alert did not moved to closed state and retained in the in-progress which is in-correct.

Note: Exception Close All for Open alerts is working correctly

Actual Result
[Exception][Close All] Not works on the new Acknowledged state alerts

Expected Result
[Exception][Close All] should work correctly for Acknowledged alerts

Screen-Cast
https://user-images.githubusercontent.com/59917825/130222838-9aa65f71-ca4a-473f-8292-1f0f30f850d3.mp4

logs
N/A
@ghost ghost added bug Fixes for quality problems that affect the customer experience Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Aug 20, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@manishgupta-qasource
Copy link

Reviewed & assigned to @MadameSheema

@manishgupta-qasource manishgupta-qasource added the impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. label Aug 20, 2021
@MadameSheema MadameSheema added the Team:Detections and Resp Security Detection Response Team label Aug 20, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@MadameSheema MadameSheema removed their assignment Aug 20, 2021
@MadameSheema
Copy link
Member

@peluja1012 @spong can you please take a look at this? thanks :)

@spong spong added the v7.15.0 label Aug 24, 2021
@MadameSheema MadameSheema added the Theme: rac label obsolete label Aug 25, 2021
@peluja1012
Copy link
Contributor

PR here #110147. @karanbirsingh-qasource could you please retest on BC3?

@MadameSheema
Copy link
Member

@karanbirsingh-qasource any update on this?

@ghost
Copy link
Author

ghost commented Aug 30, 2021

@karanbirsingh-qasource any update on this?

@MadameSheema as currently BC3 is on on-prem and vsphere machine are facing memory and network issue . so talking us long to regress the issue .
I am onto , will provide the update on this asap.

@ghost
Copy link
Author

ghost commented Aug 31, 2021

Hi @MadameSheema

This issue is still occuring on 7.15.0 BC3. 🔴
Creating Exception with Close All ticket for Acknowledge alert does not close all the alert and alert retained in the Acknowledged state.

Build Details:

Version: 7.15.0 BC3
Commit:6f7562b1906dcfad65809da8fdec15df353d0252
Build:43818

Screen-Cast:

Close.All.Alert.mp4

@MadameSheema
Copy link
Member

@dplumlee can you please take a look to the above comment? Thanks :)

@ghost
Copy link
Author

ghost commented Sep 8, 2021
edited by ghost
Loading

Hi @MadameSheema

We have validated this issue on 7.15.0 BC5 and found it Fixed ✔️ . Acknowledge Alert moved to Close State on saving the exception with close all checkbox ticked.

Build Details:

Version: 7.15.0 BC5
Commit:0239ff6864dd9930cfe9bcd9a679272f2b7465c2
Build:43957

Snap-Shoot/Screen-Cast

Issue-Close-All.mp4

Hence we are closing this issue .

thanks !!

@ghost ghost closed this as completed Sep 8, 2021
@ghost ghost added the QA:Validated Issue has been validated by QA label Sep 8, 2021
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dplumlee dplumlee

Labels
bug Fixes for quality problems that affect the customer experience impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Theme: rac label obsolete v7.15.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@peluja1012 @spong @elasticmachine @MadameSheema @dplumlee @manishgupta-qasource