[EDR Workflows] [Bug] The error message for CrowdStrike Falcon Intelligence is not defined for authentication failed

elastic / integrations

Elastic Integrations

https://www.elastic.co/integrations

Other

197 stars 427 forks source link

[EDR Workflows] [Bug] The error message for CrowdStrike Falcon Intelligence is not defined for authentication failed #10334

Open muskangulati-qasource opened 3 months ago

muskangulati-qasource commented 3 months ago

Description: The error message for CrowdStrike Falcon Intelligence is not defined for authentication failed

Build Details:

VERSION: 8.15.0
BUILD: 75700
COMMIT: 805c770f0170aaef2ffc5f7d4d91c38e3608af76

Preconditions:

Kibana user should be logged in

Steps to Reproduce:

Add the integration for the CrowdStrike Falcon Intelligence to the policy
Install an agent with the same policy
Observe the endpoint goes to unhealthy state due to the error for the CrowdStrike Falcon Intelligence integration
Expand the error and observe the error message is not well defined for the human readibility

Actual Result: The error message for CrowdStrike Falcon Intelligence is not defined for authentication failed

Expected Result: The error message for CrowdStrike Falcon Intelligence should be defined properly for authentication failed

Screenshot IncorrectCredErrorMessageNotDefined

Login credentials Link here

Logs N/A

elasticmachine commented 3 months ago

Pinging @elastic/security-solution (Team: SecuritySolution)

elasticmachine commented 3 months ago

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

muskangulati-qasource commented 3 months ago

@manishgupta-qasource please review!

manishgupta-qasource commented 3 months ago

Reviewed & assigned to @ferullo

tomsonpl commented 3 months ago

Hey @muskangulati-qasource 👋 , sorry I should have stated that more clearly - we just need Crowdstrike integration - the Falcon Inteligence is not a part of our functionality.

ferullo commented 3 months ago

@tomsonpl @muskangulati-qasource it sounds like there is no issue affecting testing the Crowdstrike bi-directional connector then.

AFAIK the integration is owned by @narph 's team so this bug should be transferred to them. Is that right?

narph commented 3 months ago

@ferullo, feel free to transfer it to the integrations repo.

ferullo commented 3 months ago

@narph 👍 transferred and assigned to you.

elasticmachine commented 3 months ago

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

andrewkroh commented 2 months ago

the error message is not well defined for the human readibility

I disagree that the error message is not well-defined for human readability. While it may be true that the error message is detailed, I would argue that this is actually a strength and that this message is informative.

An error message that is not well-defined would likely be vague or ambiguous, leaving the user to guess at the cause of the problem. In this case, the message includes the URL that was being requested, the response status code, status message, and raw response from CrowdStrike. This level of detail helps users understand what went wrong so they can fix it.

This error format is general and setup to surface any type of failure that can occur while executing a CEL program (syntax, logic, network, auth, rate-limit, service failure, response format, etc). If PM thinks this error should be more visually appealing or should use more simple language ("authentication failed") then we can discuss ways of making that happen.