elasticmachine
commented
3 years ago Pinging @elastic/security-solution (Team: SecuritySolution)
Open pmuellr opened 3 years ago
elasticmachine
commented
3 years ago Pinging @elastic/security-solution (Team: SecuritySolution)
elasticmachine
commented
3 years ago Pinging @elastic/security-threat-hunting (Team:Threat Hunting)
elasticmachine
commented
2 years ago Pinging @elastic/security-detections-response (Team:Detections and Resp)
In this discuss post, a customer notes that a link rendered in an email sent from a security alert got malformed (from our auto-linkification of text in the email). (There's already a separate issue tracking the general issue with email linkification).
The malformed link truncated some data at the end of the URL, and when the customer navigated to that URL from the email, they ended up seeing a stack walkback in their browser:
Here's the link they saw rendered in their email:
Looks like we need to do better sanitization of the incoming URL query string params. I'd expect this URL to fail with some kind of message in the Kibana UI about the URL being invalid, vs seeing a stack walkback.
As a separate note, I'm not sure if we generated this link, or if the customer did, but if it was us, we could consider using markdown-style links here -
[text](url)instead of the flat url, which should then render correctly in email, but be a bit unfortunate for other actions (for example, Slack) which will see the raw markdown. Which isn't horrible, but obviously isn't great. Presumably we'll be able to supply different default messages on a per-action-type basis, once we resolve issue #66095, but we're not there yet.