Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Wrong message on resolver for Malware alert #92163

Closed
muskangulati-qasource opened this issue Feb 22, 2021 · 7 comments
Closed

[Security Solution] Wrong message on resolver for Malware alert #92163

muskangulati-qasource opened this issue Feb 22, 2021 · 7 comments
Labels
bug Fixes for quality problems that affect the customer experience impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting Security Solution Threat Hunting Team

Comments

@muskangulati-qasource
Copy link

Description
Wrong message on resolver for Malware alert

Build Details:

Version: 7.12.0-SNAPSHOT
Commit: 90fc153d85334ec153204ac9d3702b26a38099e4
Build number: 38956
Artifact: https://artifacts-api.elastic.co/v1/search/7.12-SNAPSHOT

Browser Details:
All

Preconditions:

  1. Cloud environment should exist.
  2. Endpoint should be installed with Security Integration

Steps to Reproduce:

  1. Trigger a malware alert using mimikatz.exe

Impacted Test case:
N/A

Actual Result:
Wrong message on resolver for Malware alert

Expected Result:
Resolver with process nodes should show up for Malware alert

What's working:
N/A

What's not working:
N/A

Screenshot:
NoProcessEventFound
@muskangulati-qasource muskangulati-qasource added bug Fixes for quality problems that affect the customer experience Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Feb 22, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@muskangulati-qasource
Copy link
Author

@manishgupta-qasource please review

@manishgupta-qasource
Copy link

Reviewed & assigned to @MadameSheema

@manishgupta-qasource manishgupta-qasource added the impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. label Feb 22, 2021
@MadameSheema MadameSheema added the Team:Threat Hunting Security Solution Threat Hunting Team label Feb 22, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@MadameSheema
Copy link
Member

@muskangulati-qasource can you please validate is the behaviour is happening on 7.12.0 BC1 as well? Thanks :)

ping @XavierM @jonathan-buttner @kqualters-elastic @michaelolo24

@MadameSheema MadameSheema removed their assignment Feb 22, 2021
@michaelolo24
Copy link
Contributor

Hi @MadameSheema and @muskangulati-qasource - Thanks for noting this, but it isn't a bug 😅 . It's a temporary solution we have in place for this issue #91629 (comment). You should be able to see the graph data if you expand the time range with the analyzer open. Sorry for any confusion!

@michaelolo24 michaelolo24 mentioned this issue Feb 22, 2021
Closed
@muskangulati-qasource
Copy link
Author

muskangulati-qasource commented Feb 23, 2021
edited
Loading

Hi @michaelolo24,

You should be able to see the graph data if you expand the time range with the analyzer open.

Thank you for the information.

Since it is expected, hence closing this ticket.

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Fixes for quality problems that affect the customer experience impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting Security Solution Threat Hunting Team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@elasticmachine @michaelolo24 @MadameSheema @manishgupta-qasource @muskangulati-qasource