elasticmachine
commented
1 year ago Pinging @elastic/security-solution (Team: SecuritySolution)
Open nicpenning opened 1 year ago
elasticmachine
commented
1 year ago Pinging @elastic/security-solution (Team: SecuritySolution)
elasticmachine
commented
1 year ago Pinging @elastic/security-detections-response (Team:Detections and Resp)
banderror
commented
1 year ago 
ghost
commented
1 year ago Hi @banderror
We were trying to regress this issue and on enabling the Microsoft 365 Unusual Volume of File Deletion Rule the related integration under it is showing as not installed and on clicking on it we have to fill in some manade field to install this integration.
so can you please share the what field value to put in in order to enable the related integration and regress this issue.
ghost
commented
1 year ago Hi @banderror
Just for update on adding test under the mandate field, we are able to add the integration to the policy and after that we are getting Related integration as installed ✔️ .
banderror
commented
1 year ago @karanbirsingh-qasource Great. You can put anything in this field, it doesn't matter for the code that shows related integrations and their installation status.
MadameSheema
commented
1 year ago Awesome!! Can we close the ticket @karanbirsingh-qasource @banderror?
banderror
commented
1 year ago @karanbirsingh-qasource Please reopen if needed
ghost
commented
1 year ago thanks @banderror for the confirmation 👍
nicpenning
commented
1 year ago FYI, the 0/1 integrations installed is still a problem when navigating to the rules.
Inside of the rules and hovering it shows it is installed but not at a glance.
nicpenning
commented
1 year ago @karanbirsingh-qasource Pinging for visibility.
nicpenning
commented
1 year ago FYI - Running version 8.9.0 and latest version of the integration 1.17.1
banderror
commented
1 year ago Thanks @nicpenning, and sorry for that. Would you mind updating the description with the fresh info, such as the versions you mentioned and anything else you think could be helpful? For instance, it could be useful to know how many integration policies you have created for Microsoft 365, how many agent policies include these integration policies, how many agents are assigned to these policies, etc. Any screenshots or screen recordings, etc.
nicpenning
commented
1 year ago Current state: Version 8.9.0 of the stack however the 1 agent running the integration is 8.8.2 with the Microsoft 365 integration (1.20.1) This same host has 19 other integrations on it.
Upon upgrading, it also states that there are 0 agents with a policy that has this integration. This has been an issue also for quite some time (we have never seen this work on some integrations).
After upgrade, proof we have this integration in a policy
This shows the M365 Integration installed.
But another issue with this is that the assets do not show under the assets tab either. This is an increasing issue across our integrations.
ebonybubbles
commented
11 months ago Issue with UI where an integration is installed and I believe to be enabled because it is assigned to an agent and successfully ingesting data, however it is still only showing up as "installed" and the integration ticker is still only showing "0/1". I have attached a screen grab as well.
Describe the bug: Quite a few O365 rules are showing not installed and the link will navigate the user to: https://kibana/app/integrations/detail/o365-1.3.0/overview
Kibana/Elasticsearch Stack version: 8.6.1 Server OS version: Windows Server 2016 Browser and Browser OS versions: Latest Chrome or Edge Elastic Endpoint version: N/A Original install method (e.g. download page, yum, from source, etc.): Download Page -> Extract -> Execute Functional Area (e.g. Endpoint management, timelines, resolver, etc.): Detection Rules Steps to reproduce:
Current behavior: Rules are showing the integrations are missing Expected behavior: Rules should show the integrations are installed. Screenshots (if relevant):