[Security Solution]Additional Filter not working under Top risk score contributors Alert Table

[ghost]

Describe the bug: Additional Filter not working under Top risk score contributors Alert Table

Kibana/Elasticsearch Stack version Version: 8.11.0 BC2 Commit: 636a8339cfad92998a5a5adb7be81e3546525ebf Build: 67841

Browser and Browser OS Version: Firefox for windows OS Version: 118.0.1

Elastic Endpoint Version: 8.11

Original install method: None

Functional Area: Host/User Risk Score

Initial Setup:

• Host and User Risk Score need to be enabled

Steps to reproduce

• Go to Host details page then host risk tab
• Under Top risk score contributors Alert Table enable show only threat indicator alert
• Validate that additional filter was not working

Additional Observation

• None

Current behavior

• Additional Filter not working under Top risk score contributors Alert Table
  • Non threat indicator alert was also showing after the additional filter

Expected behavior:

• Additional Filter should working under Top Risk Score Contributors Alert Table

Screen-Shot:

https://github.com/elastic/kibana/assets/59917825/38ff4a98-2224-4d8e-a03f-f972c0b62a5d

https://github.com/elastic/kibana/assets/59917825/290b49e1-c99a-40c5-96d7-e82ae48f40b7

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

[nkhristinin]

Checked that also, yes it looks like a bug. Good thing that top filters work, but definitely those additional filters for Threat Indicator don't work

https://github.com/elastic/kibana/assets/7609147/87527442-bb3b-47df-9a94-8954adc25e4d

[hop-dev]

These filters are working now so I think they may have been fixed. By design they do not get added to the global query bar, they are more akin to the status, servertiy, user, host filters at the top of the visualisations. One thing is that there is no indicator that a filter has been applied, I will put up a PR to make that UX a little better.

In the video below, rule test2 is a building block rule and rule test3 is a threat indicator:

https://github.com/elastic/kibana/assets/3315046/c0534300-c3d6-45f8-ae7f-1c268c76fe98

[ghost]

Hi @MadameSheema

we have observed this issue to be re-occurring on 8.13 BC2. so we have opened this issue.

Kibana/Elasticsearch Stack version

Version: 8.13.0 BC2
Commit: c2fc8da128504d437897970d142efd4d06970c0b
Build: 71815

Screen-Cast:

https://github.com/elastic/kibana/assets/59917825/e8d0e32e-ad29-4e99-9905-8b4b629dcd37

Please let me know if any more information need from our end.

thanks !!

[elasticmachine]

Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations)

[elasticmachine]

Pinging @elastic/security-entity-analytics (Team:Entity Analytics)