search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.76k stars 8.16k forks source link

[Security Solution] Incorrect data is displayed in _score field under the detection tab. #99760

Open ghost opened 3 years ago

ghost commented 3 years ago

Description Incorrect data is displayed in _score field under the detection tab.

Build Details:

Version: 7.13.0 BC4
Build: 40749
Commit: 5a6bad454ffe263aafed54cbd3f764253694bf37
Artifacts:https://staging.elastic.co/7.13.0-5c4bc719/summary-7.13.0.html

Browser Details: All

Preconditions:

  1. Kibana Environment should exist.
  2. Endpoint should be installed.
  3. Alerts should be generated
  4. _score field should be added in the detection alert table.

Steps to Reproduce:

  1. Navigate to the detection tab of security.
  2. Click on the view details icon of the alert.
  3. Click on the Table tab.
  4. Observe that incorrect data is displayed in _score field under the detection tab.

Impacted Test case: N/A

Actual Result: Incorrect data is displayed in _score field under the detection tab.

Expected Result: Correct data is displayed in _score field under the detection tab.

What's working: N/A

What's not working: N/A

Screenshot: _score_value

elasticmachine commented 3 years ago

Pinging @elastic/security-solution (Team: SecuritySolution)

ghost commented 3 years ago

@manishgupta-qasource Please review!!

elasticmachine commented 3 years ago

Pinging @elastic/security-detections-response (Team:Detections and Resp)

peluja1012 commented 3 years ago

It looks like securitySolutionTimelineSearchStrategy is not returning a value for _score even if it's included under fieldRequested.

elasticmachine commented 3 years ago

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

ghost commented 3 years ago

Hi @MadameSheema ,

We have validated this ticket on 7.15.0-SNAPSHOT build and found that issue is Still Occurring.

Build Details:

Version:7.15.0 SNAPSHOT
Commit:f448fcd00b319a3be0d1a1ae356956446e4d7ef8
Build:43322

Screenshot: image

Thanks.

MadameSheema commented 3 years ago

@deepikakeshav-qasource can you please check if this issue is still valid on 7.15BC3? Thanks

ghost commented 3 years ago

Hi @MadameSheema,

We have validated this ticket on 7.15.0 BC3 build and observed that issue is Fixed. Same value is displayed for _score field under the alerts table.

Build Details:

VERSION: 7.15.0 BC3
BUILD: 43818
COMMIT: 6f7562b1906dcfad65809da8fdec15df353d0252
ARTIFACT: https://staging.elastic.co/7.15.0-642a73fa/summary-7.15.0.html

Screenshot: image

Hence, we are closing this ticket and marking as "QA validated"

Thanks!!

ghost commented 2 years ago

Hi Team,

We are Re-opening this issue as "no value is displaying in "_score" column under alerts table, even hover actions are not working" in 8.0.0 Snapshot

Build Details:

Version: 8.0.0-SNAPSHOT
Commit: 002f9fae38acdf71d6df88d808a742976de22cc8
Build:48805

Screenshot image Thanks!!

MadameSheema commented 2 years ago

@michaelolo24 can you please take a look at the above when you have the chance? Thanks :)

michaelolo24 commented 2 years ago

Hey @MadameSheema we can take a look at it for this release. I gave it impact high as I think we should always show accurate data and we should finish it for the 8.0 release

MadameSheema commented 2 years ago

Awesome!! Thanks @michaelolo24 :)

@deepikakeshav-qasource can you please confirm if this is an issue for 7.17 as well? Thanks!

ghost commented 2 years ago

Hi @MadameSheema ,

We have validated this ticket on 7.17.0 SNAPSHOT and found that issue is also occurring on 7.17.0. Please find the below testing details:

Build Details:

Version:7.17.0 SNAPSHOT
Build: 46376
COMMIT: a3ffc14c112ff4afcc6468e0d0b14e4b5c42b55b

Screenshot: image

Thanks!!