[Security Solution] Values under `Max anomaly score by job` is misaligned on Entities tab under Alert Details flyout. - Githubissues

elastic / kibana

Your window into the Elastic Stack

https://www.elastic.co/products/kibana

Other

19.5k stars 8.05k forks source link

[Security Solution] Values under `Max anomaly score by job` is misaligned on Entities tab under Alert Details flyout. #182656

Open arvindersingh-qasource opened 2 months ago

arvindersingh-qasource commented 2 months ago

Describe the bug Values under Max anomaly score by job is misaligned on Entities tab under Alert Details flyout.

Build Details

VERSION: 8.14.0
BUILD: 73762
COMMIT: 2a492e1625f24336f3259b2b8df62b2b18127e81

Browser Details This issue is occurring on all browsers.

Preconditions

Kibana v8.14 must beavailable.
Alert with having Max anomaly score by job values must be present on kibana.

Steps to Reproduce

Navigate to Security -> Alerts
Open Alert Details flyout for per requisite Alert.
Scroll Down to Insights section.
Open flyout for Entities.
Observe that in User section, Values under Max anomaly score by job is misaligned on Entities tab under Alert Details flyout.

Actual Result Values under Max anomaly score by job is misaligned on Entities tab under Alert Details flyout.

Expected Result Values under Max anomaly score by job is should be properly aligned on Entities tab under Alert Details flyout.

What's Working

N/A

What's Not Working

N/A

Screenshot

elasticmachine commented 2 months ago

Pinging @elastic/security-solution (Team: SecuritySolution)

elasticmachine commented 2 months ago

Pinging @elastic/security-detections-response (Team:Detections and Resp)

elasticmachine commented 2 months ago

Pinging @elastic/security-detection-engine (Team:Detection Engine)

arvindersingh-qasource commented 2 months ago

@karanbirsingh-qasource Please review this ticket.

Thanks.

elasticmachine commented 2 months ago

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

elasticmachine commented 2 months ago

Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations)

PhilippeOberti commented 2 months ago

@arvindersingh-qasource thank you for opening this ticket. I'm logging in to endpoint.dev and siem.dev and none of the alerts seem to have values for this Max anomaly score by job section.

Is there a way to easily reproduce this locally? If yes could you provide the steps?

Are you seeing this behavior on the user details page? The alert flyout is reusing the component from the Explore team, so if the issue happens on the user details page, we should move this ticket to the @elastic/security-threat-hunting-explore instead of @elastic/security-threat-hunting-investigations.

Thanks!

PhilippeOberti commented 2 months ago

@arvindersingh-qasource I can confirm that this issue is coming from the Explore component. The alert details flyout is just using the component as is. Here's a screenshot of that original component used on the user details page Screenshot 2024-05-07 at 9 41 31 AM

I'm moving this to the @elastic/security-threat-hunting-explore team!