elasticmachine
commented
4 months ago Pinging @elastic/security-detection-engine (Team:Detection Engine)
Open angorayc opened 4 months ago
elasticmachine
commented
4 months ago Pinging @elastic/security-detection-engine (Team:Detection Engine)
Kibana version: 8.13.2
Bug description: When generating alerts with Threshold rule, it wouldn't add rule exception as timeline filters when investigating an alert with the row action. The timeline filters added by investigating in timeline row action are not specific alert id, it's the fields that the threshold is aggregating on. Without the bringing the rule exception filters, there will be too many alerts appear in the timeline.
Expected: It should always add rule exceptions as filters when adding alerts to timeline unless it is only investigated by alert id.
Steps to reproduce (on 8.14 dev environment):
https://drive.google.com/drive/folders/1YTkViUjmgxUGZWGgilI6HWcxmpJFxoge?usp=sharing