Closed sukhwindersingh-qasource closed 5 months ago
Pinging @elastic/security-defend-workflows (Team:Defend Workflows)
Pinging @elastic/security-solution (Team: SecuritySolution)
@manishgupta-qasource Kindly review this Thanks!
@tomsonpl could you take a look at this? Thanks!
Hey @sukhwindersingh-qasource thanks for raising this 👍 Do you have access to S1 instance, where you could compare how the graph looks for for the same event?
Reviewed and assigned to @dasansol92
We talked with @sukhwindersingh-qasource on slack, and thanks to his observations we are able to understand this issue better 👏
So the issue here is:
We have two integrations for Sentinel One (one in beta cloud funnel
) that fetch different logs.
First SentinelOne
fetches malware alerts (along with some other types) - as in this case.
Second Sentinel One Cloud Funnel
fetches processes
(along with some other types too) - missing in this case.
So even though we have a S1 alert and we open the analyzer, we do not have the related process event fetched, therefore the Analyzer renders the 'No processes' promt. Which is a correct behavior.
What we should do is probably state it more clearly that the user needs Cloud Funnel integration to be able to render Analyzer graphs. @caitlinbetz @dasansol92 FYI
Is it possible for us to update the text that displays in the No Process Events Found display when an S1 alert was clicked on to alert the user that they need to enable Cloud Funnel?
Hi @dasansol92 ,
We have validated this ticket on the latest 8.13.0 BC 7 build with the Sentinel One Cloud Funnel
integration and we are able to test the Analyzer for Sentinelone ✔️
Please find below the testing details
Build Details:
VERSION: 8.13.0 BC7 Build : 72069 Commit : 2e3a5cd43e835baa1d596b1aa54735992259ecb9
Screenshot:
https://github.com/elastic/kibana/assets/108654988/71602edc-293a-4d26-919e-b135921ba557
Hence, we are closing this issue and marking it as QA Validated.
Thanks!!
Thanks!
Describe the bug: Analyzer for sentinelone alerts is showing "No Process Events Found"
Build Details:
Preconditions
Steps to Reproduce
Actual result
Expected Result
Screen-Cast
https://github.com/elastic/kibana/assets/108654988/82c5d17a-baa3-45e0-bc29-10868a022a05