Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] dns question name field for DNS events are not displayed under highlighted fields section of alert flyout #125491

Closed
ghost opened this issue Feb 14, 2022 · 18 comments
Closed

[Security Solution] dns question name field for DNS events are not displayed under highlighted fields section of alert flyout #125491

ghost opened this issue Feb 14, 2022 · 18 comments
Assignees
@janmonschke
Labels
bug Fixes for quality problems that affect the customer experience fixed QA:Validated Issue has been validated by QA Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Investigations Security Solution Investigations Team Team:Threat Hunting Security Solution Threat Hunting Team v8.1.0

Comments

@ghost
Copy link

ghost commented Feb 14, 2022

Describe the bug
dns question name field for DNS events are not displayed under highlighted fields section of alert flyout

Build Details:

Version: 8.1.0 BC2
Commit:ee89ebfddeda3baaf6cd87c0299247c5248cb952
Build:50222

Browser Details:
N/A

Preconditions

  1. DNS events alerts should be triggered

Steps to Reproduce

  1. Click on DNS events alerts flyout
  2. Observe that dns question name field for DNS events are not displayed under highlighted fields section

Actual Result
dns question name field for DNS events are not displayed under highlighted fields section of alert flyout

Expected Result
dns question name field for DNS events should be displayed under highlighted fields section of alert flyout
image

What's Working

  • N/A

What's Not Working

  • N/A

Screen-Shot
image

DNS Events rule
Dns rule.zip

DNS alert Json
dns events.txt
@ghost ghost added bug Fixes for quality problems that affect the customer experience triage_needed Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Feb 14, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@ghost ghost added the v8.1.0 label Feb 14, 2022
@ghost ghost assigned ghost and MadameSheema and unassigned ghost Feb 14, 2022
@janmonschke
Copy link
Contributor

We will soon fix this with #124941

@MadameSheema MadameSheema added the Team:Threat Hunting:Investigations Security Solution Investigations Team label Feb 14, 2022
@ghost
Copy link
Author

ghost commented Feb 15, 2022

Hi @MadameSheema ,

We have observed that this issue is also occurring after upgrade the build to 8.1.0.

Build Details:

Version: 8.1.0-BC2
Commit:ee89ebfddeda3baaf6cd87c0299247c5248cb952
Build:50222

Screenshots
image

Thanks!

@janmonschke
Copy link
Contributor

This has been fixed and will be part of the next BC

@ghost
Copy link
Author

ghost commented Feb 17, 2022

Hi @janmonschke ,

We have validated this issue on 8.1.0 BC3 build. and found that issue is still occurring. Looks like 8.1.0 backport PR is not merged.

Build Details:

Version: 8.1.0-BC3
Commit:0335dd6a26ef29ae9021d0fae9347dc88f3b7d6e
Build:50346

Screenshots
image

Thanks!!

@janmonschke
Copy link
Contributor

Thanks, I did not see that the backport failed

@janmonschke
Copy link
Contributor

The PR has been merged now

@MindyRS MindyRS added the Team:Threat Hunting Security Solution Threat Hunting Team label Feb 23, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@ghost
Copy link
Author

ghost commented Feb 24, 2022

Hi @MadameSheema

We have validated this issue on 8.1.0 BC4 and observed that issue is Still Occurring. 🔴

Please find below the testing details:

Build Details:

Version: 8.1.0
Commit: 015578b81c26a5843747ba53b2fd92d40f0453cb
Build: 50428

Screenshot:

image

Thanks !!

@janmonschke
Copy link
Contributor

Maybe the change wasn't included in the newest BC

@MadameSheema
Copy link
Member

@janmonschke if these are the expected changes: 81f308c

Then your changes were included on the BC: https://github.com/elastic/kibana/commits/015578b81c26a5843747ba53b2fd92d40f0453cb

Can you please take a look? Thanks :)

@janmonschke
Copy link
Contributor

@deepikakeshav-qasource Could you provide the JSON of the alert please? Also, is this scenario testing the upgrade or new alerts?

@ghost
Copy link
Author

ghost commented Feb 28, 2022

Hi @janmonschke ,

@deepikakeshav-qasource Could you provide the JSON of the alert please? Also, is this scenario testing the upgrade or new alerts?

@janmonschke just new alerts and if you want we can check the upgrade scenario too

Please find the below Alert JSON for DNS alerts.

dns alerts.txt

image

Please let us know if anything else is required from our end!!

Thanks!!

@ghost
Copy link
Author

ghost commented Feb 28, 2022

Hi @janmonschke ,

Additionally as there are multiple observations and all are different from each other so to keep things clear please find below matrix with current issue state

Issue Id Fresh 8.1.0 Upgrade to 8.1.0
#125480 Fixed Still Occurring
#125491 Still Occurring Still Occurring
#125473 Still Occurring Fixed

Thanks!!

@janmonschke janmonschke mentioned this issue Feb 28, 2022
Merged
1 task
@MadameSheema
Copy link
Member

@deepikakeshav-qasource can you please check if this is still happening on the latest 8.1.0BC? Thanks :)

@ghost
Copy link
Author

ghost commented Mar 2, 2022
edited by ghost
Loading

Hi @MadameSheema

We have validated this issue on 8.1.0 BC5 On-Prem and observed that issue is still occurring 🔴

Please find below the testing details:

Alert Json
dns alert json.txt

Build Details:

Version: 8.1.0 BC5
Commit: 23423b0db7d5ffae1d0578e8d9e2c1afab90cdcf
Build: 50459

Screenshot:
image

Thanks !!

@MadameSheema
Copy link
Member

@deepikakeshav-qasource can you please validate this on 8.1.0BC6? Thanks!

@ghost
Copy link
Author

ghost commented Mar 4, 2022

Hi @MadameSheema

We have validated this issue on 8.1.0 BC6 and Observed that issue is Fixed 🟢

Please find below the testing details:

Build Details:

Version: 8.1.0 BC6
Commit: 4aaeda23aea9c3bf29698878c70a0107ea3c1659
Build: 50485

Screenshot:
8.1.0 BC6
image

Upgrade Scenario
image

Hence, We closing this issue and marking as QA Validated.

Thanks !!

@ghost ghost added the QA:Validated Issue has been validated by QA label Mar 4, 2022
@ghost ghost closed this as completed Mar 4, 2022
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@janmonschke janmonschke

Labels
bug Fixes for quality problems that affect the customer experience fixed QA:Validated Issue has been validated by QA Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Investigations Security Solution Investigations Team Team:Threat Hunting Security Solution Threat Hunting Team v8.1.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@janmonschke @MindyRS @elasticmachine @MadameSheema