Open karanbirsingh-qasource opened 2 years ago
Pinging @elastic/security-solution (Team: SecuritySolution)
@karanbirsingh-qasource if I'm not mistaken, the behaviour described here is expected. Filebeat has a breaking change on the ECS mappings introduced on 8.0, so the card is going to be displayed empty if filebeat-8 or the fleet threat integration is not used.
cc @ecezalp
yes Glo this behavior is expected and we have mentioned same in the ticket, however if the user is not aware of this change or general experience enhancement of application we are suggesting for adding some information of threat intel card like Please make the Fillebeat index as the default ThreatIndex to view legacy threat intel data
as an enhancement for Cloud Upgrade worklofw.
as Glo mentioned this is expected behavior, so I am removing the bug label. Will pass this to @shimonmodi & @paulewing to see if there are any desired product improvements here, but we have extensively discussed this subject before and previously the sentiment was that it's OK to have this breaking change as is.
Pinging @elastic/security-detections-response (Team:Detections and Resp)
Describe the bug Threat intelligence card data stoped showing on upgrading cloud build from pre 8.0
Build Details
Pre-Conditions
Threatintel
Card get populated with dataSteps
8.0
new changes that is now we have add manually file beat index undersecuritySolution:defaultThreatIndex