[Security Solution][Alerts] Filters sorting not working properly for some cases

[alexwizp]

Description:

[Security Solution][Alerts] Sorting of filters not functioning correctly in certain cases.

Steps to reproduce:

1. Open Serverless Security instance.

2. Navigate to Alerts.

3. Switch to Edit Control mode in the Filters area.

   

4. Utilize Drag and Drop to move the last filter to the first position.

5. Click on the Save button.

Expected behavior: Sorting changes should be saved. Actual result: Sorting changes are not saved.

Screen:

https://github.com/elastic/kibana/assets/20072247/82d595a6-08f8-4188-bb6a-ec01c4c11f2e

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

[elasticmachine]

Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations)

[PhilippeOberti]

@alexwizp thanks for opening this bug! I tested this and I can indeed reproduce the issue. It seems that I can reorder things just fine except when I'm trying to put any filter to the left of the Status filter... It's like Status always has to be first...

@logeekal any idea what could be causing this?

[logeekal]

Hey @alexwizp , It is by design that Status filters will always remain the first drop down. You can always reorder the other filters without any issues.

The reason Status remains on first position is because any value that you choose in First filter will be cascaded to the further filters. For example, if you have Status = Open then you will see Severity , Host & User that assigned only in the Open alerts. And Elastic thinks that Status of the alert has the highest priority.

In the future, we will try to disable Drag-n-Drop on Status so that you can reorder only other filters. But currently, it is not possible.

Please let me know if there are any further questions.

[alexwizp]

@logeekal thanks, closed