elasticmachine
commented
2 years ago Pinging @elastic/security-solution (Team: SecuritySolution)
Open gavinwye opened 2 years ago
elasticmachine
commented
2 years ago Pinging @elastic/security-solution (Team: SecuritySolution)
ecezalp
commented
2 years ago this is not a bug exactly as we can't know whether there are going to be investigation time enrichments in the past unless the user uses the calendar. Tagging @monina-n @yiyangliu9286 and @paulewing for possible UX improvements
gavinwye
commented
2 years ago Thanks @ecezalp I'm working on Threat Intelligence now so I'm going to pick this up as part of that work.
Describe the bug: The threat intel tab is displayed when there isn't any threat intel see screenshot
Kibana/Elasticsearch Stack version: v 7.16.1 from Edne
Original install method (e.g. download page, yum, from source, etc.): Eden
Functional Area (e.g. Endpoint management, timelines, resolver, etc.): Detect > Alerts
Current behavior: The threat intel tab is displayed when there isn't any threat intel see screenshot
Expected behavior: We shouldn't show users anything that they can't do anything about.
Threat Match Detectedimplies that there is a match but the content below contradicts this headingWe did not find threat intelligence that matches any of the indicator match rules, or any enrichment for this alert.Enriched with Threat Intelligencecontains a date picker it's not clear from the interface what this date picker is forWe haven't found field value has additional information available from threat intelligence sources we searched in the past 30 days by default.it's not clear what the wordsfield valuemeansScreenshots (if relevant):
Errors in browser console (if relevant):
Provide logs and/or server output (if relevant):
Any additional context (logs, chat logs, magical formulas, etc.): Automatic accessibility audit of the date picker sec-xdr-19-reverse.prod-3.eden.elastic.dev-Alerts-Kibana-2021-12-21.csv