Closed sukhwindersingh-qasource closed 6 months ago
Pinging @elastic/security-solution (Team: SecuritySolution)
Pinging @elastic/security-defend-workflows (Team:Defend Workflows)
Reviewed and assigned to @dasansol92
Thanks @sukhwindersingh-qasource for checking this. Is this happening in older stack versions or is it only happening in 8.12.2
? Thanks!
cc: @paul-tavares @ashokaditya
Hi @dasansol92 ,
We have Tried to this on the 8.12.0 build and found the issue is not occurring on the same.
Please find below the testing details
Build Details:
VERSION: 8.12.0 BUILD: 70088 COMMIT: e9092c0a17923f4ed984456b8a5db619b0a794b3
Screencast
https://github.com/elastic/kibana/assets/108654988/da740bb7-a567-435a-be83-36fe70b4ed16
Thanks!!
@sukhwindersingh-qasource hey, thanks for raising this 👍 I am not able to reproduce this locally, could you share your cloud instance that has the bug, so I could play with it a bit? Thank you! 🙇
@sukhwindersingh-qasource - A few things we need to debug this issue:
Respond
option available when you look at the host under the Endpoint LIst? if so, can you validate that the UUID of the agent.id
matches on both the host displayed in the endpoint list and the value from the alert that you were viewing in the alerts listFYI:
The fact that the Respond
option is showing up on the Alert "Take Action" menu but disabled with the message that indicates "install endpoint" means that we were not able to find the Host agent.id
when we queried with it against the /api/endpoint/metadata/{agent.id_value_here}
- which means the host is not running endpoint
Hi @paul-tavares, @tomsonpl,
Below are the steps we followed to downgrade to a platinum license:
Navigate to the Licensing page using this link: Internal License - X-Pack and Endgame.
Download the JSON file of the required license.
For release builds, we use the following JSON:
For Snapshot builds we use this -
Then add the JSON text of the required License below this PUT _license?acknowledge=true
and click on run button.
Note: It's advisable to first downgrade the license to basic and then upgrade it to the desired license. For a basic license, use the following Dev Tool command:
POST /_license/start_basic?acknowledge=true
After investigating the issue, we discovered that the endpoint was not running, which caused this behavior.
Please let us know if anything else is required from our end. We are closing this ticket as it is working as expected.
Thank you!
Thank you @sukhwindersingh-qasource, i added the licenses page to my favorites ❤️ I am glad that in the end it works as excepted :)
Describe the bug: After License upgrade from Platinum to Enterprise, User is not able to access the Respond from take action on alert details flyout for the old alerts
Build Details:
Preconditions
Steps to Reproduce
Whats working
Actual result
Expected Result
Screen-Cast Alert which was triggered on the platinum license
https://github.com/elastic/kibana/assets/108654988/f4fd0d37-2279-42c6-8f32-858adb3f1532
Alert triggered after the license upgraded to enterprise
https://github.com/elastic/kibana/assets/108654988/27c753d3-51ba-4d08-88ce-8d4dcec1d336