search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.47k stars 8.04k forks source link

[BUG] Single Rule alerts page show alerts from all rules #187547

Open nkhristinin opened 3 days ago

nkhristinin commented 3 days ago

Describe the bug

Single Rule alerts page show alerts from all rules In case of bug, request to alerts not contains term with rule.id

To Reproduce Not sure how to reproduce, It just sometimes occurred for me, I will attach the rule I just refresh page a lot.

https://github.com/elastic/security-team/assets/7609147/cbf15c32-5db2-45f0-bc54-5d295f7d33dc

Expected behavior Show alerts only for this rule

Looks like there 2 reasons why it's happens:

  1. On rules details page we first create filters to alerts page without rule.id term. - this why sometimes we can see all alerts for short period of time, and then see alerts for this rule
  2. useFetchAlerts can have race conditions - and then it can stuck in isLoading condition as in the video

Desktop (please complete the following information):

*Additional context rule: Detection rules SIEM.ndjson.zip

elasticmachine commented 3 days ago

Pinging @elastic/security-solution (Team: SecuritySolution)

elasticmachine commented 3 days ago

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

elasticmachine commented 3 days ago

Pinging @elastic/security-detections-response (Team:Detections and Resp)