Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] [Bug] [Serverless] Empty drop down shown for the alerts when all the alerts are marked as 'Closed' when grouped by rule name #183025

Closed
muskangulati-qasource opened this issue May 9, 2024 · 11 comments
Closed

[Security Solution] [Bug] [Serverless] Empty drop down shown for the alerts when all the alerts are marked as 'Closed' when grouped by rule name #183025

muskangulati-qasource opened this issue May 9, 2024 · 11 comments
Assignees
@christineweng
Labels
bug Fixes for quality problems that affect the customer experience fixed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Investigations Security Solution Investigations Team Team:Threat Hunting Security Solution Threat Hunting Team v8.14.0
Milestone
8.17

Comments

@muskangulati-qasource
Copy link

Describe the bug:
Empty drop down shown for the alerts when all the alerts are marked as 'Closed' when grouped by rule name

Kibana/Elasticsearch Stack version

VERSION: 8.15 serverless
BUILD: 74129
COMMIT: f7be3ba82cd93c7ece35189105aa279be589b68b

precondition

  • Serverless environment should exist for 8.15.0

Steps to reproduce

  • A few alerts should exist
  • Group the alerts with rule name
  • Expand the drop down for the rule name
  • Select all the alerts for the rule name and mark them as closed
  • Observe the drop down for the rule name is empty but the header bar shows data for the same

Current Result

  • Empty drop down shown for the alerts when all the alerts are marked as 'Closed' when grouped by rule name

Expected Result

  • The entry for the rule name should be removed from the alerts table
  • It should work similar to the batch action taken from the 'Take action' button in front of the rule name
Take.action.mp4

Screen Recording

The.group.by.issue.mp4
@muskangulati-qasource muskangulati-qasource added bug Fixes for quality problems that affect the customer experience triage_needed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Project:Serverless Work as part of the Serverless project for its initial release v8.14.0 8.15 candidate labels May 9, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@muskangulati-qasource
Copy link
Author

@karanbirsingh-qasource please review!!

@ghost ghost assigned MadameSheema and unassigned ghost May 9, 2024
@MadameSheema
Copy link
Member

@muskangulati-qasource can you please check if the same behaviour is present in ESS for the current BC? Thanks!

@muskangulati-qasource
Copy link
Author

Hi @MadameSheema,

The same is reproducible on the 8.14.0 BC4 build as well.

Build Details:

VERSION: 8.14.0
BUILD: 73836
COMMIT: 23ed1207772b3ae958cb05bc4cdbe39b83507707

Thank you!

@MadameSheema MadameSheema removed their assignment May 10, 2024
@MadameSheema MadameSheema added Team:Threat Hunting Security Solution Threat Hunting Team Team:Threat Hunting:Investigations Security Solution Investigations Team and removed 8.15 candidate Project:Serverless Work as part of the Serverless project for its initial release labels May 10, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations)

@PhilippeOberti PhilippeOberti self-assigned this May 14, 2024
@PhilippeOberti PhilippeOberti added this to the 8.15 milestone May 14, 2024
@christineweng christineweng mentioned this issue May 16, 2024
Merged
christineweng added a commit that referenced this issue May 29, 2024
@christineweng
[Security Solution][Alert table] Fix alert table refresh with bulk ac…
993903b 
…tion (#183674)

## Summary

Currently components outside of alert table do not refresh after
changing status with bulk action. This PR adds global query refresh in
bulk actions

- #183025

No grouping


https://github.com/elastic/kibana/assets/18648970/0490187d-9f3e-49d0-80b3-4cd75e8fdbf8



Grouping


https://github.com/elastic/kibana/assets/18648970/80e55fda-2f89-4c8d-a882-2df413cb3560
@christineweng
Copy link
Contributor

@muskangulati-qasource @karanbirsingh-qasource this bug should be fixed in 8.14.1, could you please verify?

@muskangulati-qasource
Copy link
Author

Hi @christineweng,

We have this ticket on the 8.14.1 BC1 and found the issue is still reproducible there. Please find below the testing details:

Build details:

VERSION: 8.14.1
BUILD: 74015
COMMIT: afbd904e868f2a48a2bbeb8ff20baee8d4aeb468

Observations and Screen Recording:
The empty rule name is still showing as a drop down.

Alerts.mp4

Please let us know if we are missing something.

Thank you!

logeekal pushed a commit to logeekal/kibana that referenced this issue Jul 8, 2024
@christineweng
[Security Solution][Alert table] Fix alert table refresh with bulk ac…
660afe6 
…tion (elastic#183674)

## Summary

Currently components outside of alert table do not refresh after
changing status with bulk action. This PR adds global query refresh in
bulk actions

- elastic#183025

No grouping

https://github.com/elastic/kibana/assets/18648970/0490187d-9f3e-49d0-80b3-4cd75e8fdbf8

Grouping

https://github.com/elastic/kibana/assets/18648970/80e55fda-2f89-4c8d-a882-2df413cb3560
(cherry picked from commit 993903b)
logeekal referenced this issue Jul 8, 2024
@logeekal @christineweng
[8.14] [Security Solution][Alert table] Fix alert table refresh with …
465f500 
…bulk action (#183674) (#187722)

# Backport

This will backport the following commits from `main` to `8.14`:
- [[Security Solution][Alert table] Fix alert table refresh with bulk
action (#183674)](#183674)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT
[{"author":{"name":"christineweng","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-05-29T18:43:24Z","message":"[Security
Solution][Alert table] Fix alert table refresh with bulk action
(#183674)\n\n## Summary\r\n\r\nCurrently components outside of alert
table do not refresh after\r\nchanging status with bulk action. This PR
adds global query refresh in\r\nbulk actions\r\n\r\n-
https://github.com/elastic/kibana/issues/183025\r\n\r\nNo
grouping\r\n\r\n\r\nhttps://github.com/elastic/kibana/assets/18648970/0490187d-9f3e-49d0-80b3-4cd75e8fdbf8\r\n\r\n\r\n\r\nGrouping\r\n\r\n\r\nhttps://github.com/elastic/kibana/assets/18648970/80e55fda-2f89-4c8d-a882-2df413cb3560","sha":"993903bb6177666b1dfd4b8ebf7fa4fa0ad4aed5","branchLabelMapping":{"^v8.15.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:Threat
Hunting:Investigations","backport:prev-minor","v8.15.0","v8.14.3"],"number":183674,"url":"https://github.com/elastic/kibana/pull/183674","mergeCommit":{"message":"[Security
Solution][Alert table] Fix alert table refresh with bulk action
(#183674)\n\n## Summary\r\n\r\nCurrently components outside of alert
table do not refresh after\r\nchanging status with bulk action. This PR
adds global query refresh in\r\nbulk actions\r\n\r\n-
https://github.com/elastic/kibana/issues/183025\r\n\r\nNo
grouping\r\n\r\n\r\nhttps://github.com/elastic/kibana/assets/18648970/0490187d-9f3e-49d0-80b3-4cd75e8fdbf8\r\n\r\n\r\n\r\nGrouping\r\n\r\n\r\nhttps://github.com/elastic/kibana/assets/18648970/80e55fda-2f89-4c8d-a882-2df413cb3560","sha":"993903bb6177666b1dfd4b8ebf7fa4fa0ad4aed5"}},"sourceBranch":"main","suggestedTargetBranches":["8.14"],"targetPullRequestStates":[{"branch":"main","label":"v8.15.0","labelRegex":"^v8.15.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/183674","number":183674,"mergeCommit":{"message":"[Security
Solution][Alert table] Fix alert table refresh with bulk action
(#183674)\n\n## Summary\r\n\r\nCurrently components outside of alert
table do not refresh after\r\nchanging status with bulk action. This PR
adds global query refresh in\r\nbulk actions\r\n\r\n-
https://github.com/elastic/kibana/issues/183025\r\n\r\nNo
grouping\r\n\r\n\r\nhttps://github.com/elastic/kibana/assets/18648970/0490187d-9f3e-49d0-80b3-4cd75e8fdbf8\r\n\r\n\r\n\r\nGrouping\r\n\r\n\r\nhttps://github.com/elastic/kibana/assets/18648970/80e55fda-2f89-4c8d-a882-2df413cb3560","sha":"993903bb6177666b1dfd4b8ebf7fa4fa0ad4aed5"}},{"branch":"8.14","label":"v8.14.3","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: christineweng <[email protected]>
@christineweng christineweng modified the milestones: 8.15, 8.16 Jul 23, 2024
@PhilippeOberti PhilippeOberti modified the milestones: 8.16, 8.17 Oct 29, 2024
@PhilippeOberti
Copy link
Contributor

@muskangulati-qasource I just tested this on main (which is 8.18 or 9.0) and this seems to be fixed.
Please test again and let us know!

@muskangulati-qasource
Copy link
Author

Hi @PhilippeOberti,

We have tested this issue on the latest 8.18.0 SNAPSHOT build and found that the issue is now fixed 🟢

Please find below the testing details:

Build details

VERSION: 8.18.0
BUILD: 81228
COMMIT: 9d6cc0792e538a076d68ffcfabbf6551912fb24e

Screen Recording

Alerts.mp4

Hence, we are closing this issue and marking it as 'QA Approved'

Thanks!!

@muskangulati-qasource muskangulati-qasource added the QA:Validated Issue has been validated by QA label Dec 24, 2024
@MadameSheema
Copy link
Member

@muskangulati-qasource was this tested on serverless or ESS? asking because snapshots only exist in ESS environments and this issue was reported for serverless. Thank you :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@christineweng christineweng

Labels
bug Fixes for quality problems that affect the customer experience fixed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Investigations Security Solution Investigations Team Team:Threat Hunting Security Solution Threat Hunting Team v8.14.0
Projects
None yet
Milestone
8.17
Development

No branches or pull requests
5 participants
@elasticmachine @PhilippeOberti @MadameSheema @christineweng @muskangulati-qasource