elasticmachine
commented
2 months ago Pinging @elastic/security-defend-workflows (Team:Defend Workflows)
Open ferullo opened 2 months ago
elasticmachine
commented
2 months ago Pinging @elastic/security-defend-workflows (Team:Defend Workflows)
Describe the bug Because the index mappings are used to populate suggested event filter and alert exception fields, fields that are not in the documents Endpoint generates are presented to users as options. This is compounded because pipeline enrichment fields (like geo fields) are in the documents in Elasticsearch. This can confuse users since it seems like the alert exception or event filter should work. However, since Endpoint processes the alert exception/event filter and it doesn't have any knowledge of the field the alert exception/event filter won't work.
Desktop (please complete the following information): OS: All Browser: All Kibana Version: This is a long standing bug Endpoint Version: All