search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.48k stars 8.04k forks source link

[Security Solution]Threat intelligence card data stoped showing on upgrading cloud build from pre 8.0 #124940

Open karanbirsingh-qasource opened 2 years ago

karanbirsingh-qasource commented 2 years ago

Describe the bug Threat intelligence card data stoped showing on upgrading cloud build from pre 8.0

Build Details

Version:8.0.0-GA-BC1
COMMIT 57ca5e139a33dd2eed927ce98d8231a1f217cd15
BUILD 49192

Pre-Conditions

image

Steps

image

image

elasticmachine commented 2 years ago

Pinging @elastic/security-solution (Team: SecuritySolution)

MadameSheema commented 2 years ago

@karanbirsingh-qasource if I'm not mistaken, the behaviour described here is expected. Filebeat has a breaking change on the ECS mappings introduced on 8.0, so the card is going to be displayed empty if filebeat-8 or the fleet threat integration is not used.

cc @ecezalp

karanbirsingh-qasource commented 2 years ago

yes Glo this behavior is expected and we have mentioned same in the ticket, however if the user is not aware of this change or general experience enhancement of application we are suggesting for adding some information of threat intel card like Please make the Fillebeat index as the default ThreatIndex to view legacy threat intel data as an enhancement for Cloud Upgrade worklofw.

ecezalp commented 2 years ago

as Glo mentioned this is expected behavior, so I am removing the bug label. Will pass this to @shimonmodi & @paulewing to see if there are any desired product improvements here, but we have extensively discussed this subject before and previously the sentiment was that it's OK to have this breaking change as is.

elasticmachine commented 2 years ago

Pinging @elastic/security-detections-response (Team:Detections and Resp)