[Defend Workflows] An empty value is present in the suggestion list for the process.name field in Event Filters

[sukhwindersingh-qasource]

Describe the bug:

• An empty value is present in the suggestion list for the process.name field in Event Filters

Build Details:

VERSION: 8.16.0-snapshot BUILD: 79197 COMMIT: 2601f8aa203cd733a7669a59398a185ed8af12c4

Login Credentials

• https://p.elstc.co/paste/tEnGQR0A#UtqKm0ul5aobdWouTqMasZeJgq2J+QNnycpI4dBQ4yD

Preconditions

• Kibana should be running.
• Add the Elastic agent with Defend integration to the Windows Endpoint

Steps to Reproduce

• Now navigate to the Events Filter Tab
• Create a New Event Filter
• Select the Field as process.name
• Select the operator as is
• Click on the value field
• Observe that there is an empty value present is the suggestion list.

Actual result

• An empty value is present in the suggestion list for the process.name field in Event Filters

Expected Result

• Empty value should not be present in the suggestion list

Screen-cast

https://github.com/user-attachments/assets/30602927-9332-42c2-a582-d3e8febfb28f

Logs

• N/A

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

[sukhwindersingh-qasource]

Please review this @muskangulati-qasource Thanks!!

[muskangulati-qasource]

Reviewed and assigned to @dasansol92

[dasansol92]

@sukhwindersingh-qasource Thanks for creating this. If I'm not wrong, this is because there is an endpoint event with an empty process.name value in the system. Is this also happening for other fields? @gergoabraham Could that be related to the recent changes we made in this area?

[sukhwindersingh-qasource]

Hi @dasansol92,

Yes, the issue is caused by empty fields in the host events related to process.name. We could hide these empty fields from the suggestions, as selecting an empty value doesn’t serve any purpose.

Screen-shot

Please let us know if anything else is required from our end,

Thanks!