-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Defend Workflows]observer.serial_number
field for SentinelOne's Alerts is showing as agent status
in Timeline.
#174235
Comments
Pinging @elastic/security-defend-workflows (Team:Defend Workflows) |
Pinging @elastic/security-solution (Team: SecuritySolution) |
@muskangulati-qasource Please review this |
Reviewed and assigned to @dasansol92 |
My guess is it's a UI issue when displaying it and not a mapping issue, since the search by |
Hi @ashokaditya , |
@sukhwindersingh-qasource thanks for providing the event data. I can see that it has a serial_number as expected. |
It's a bug, working on it, Great catch @sukhwindersingh-qasource 🙇 |
…ed fields (#174421) ## Summary Fixes #174235 <img width="1809" alt="image" src="https://github.com/elastic/kibana/assets/5188868/43f120c7-8bbd-4e5a-9824-5db4fda9f35c">
…ed fields (elastic#174421) ## Summary Fixes elastic#174235 <img width="1809" alt="image" src="https://github.com/elastic/kibana/assets/5188868/43f120c7-8bbd-4e5a-9824-5db4fda9f35c"> (cherry picked from commit 5344f86)
…ghlighted fields (#174421) (#174802) # Backport This will backport the following commits from `main` to `8.12`: - [[sentinel_one] Fix agent status field name in Alert details highlighted fields (#174421)](#174421) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Patryk Kopyciński","email":"contact@patrykkopycinski.com"},"sourceCommit":{"committedDate":"2024-01-12T23:03:06Z","message":"[sentinel_one] Fix agent status field name in Alert details highlighted fields (#174421)\n\n## Summary\r\n\r\nFixes https://github.com/elastic/kibana/issues/174235\r\n\r\n<img width=\"1809\" alt=\"image\"\r\nsrc=\"https://github.com/elastic/kibana/assets/5188868/43f120c7-8bbd-4e5a-9824-5db4fda9f35c\">","sha":"5344f86769536b901c19d6ce894c5b614a3836ac","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","v8.12.1","v8.13.0"],"title":"[sentinel_one] Fix agent status field name in Alert details highlighted fields","number":174421,"url":"https://github.com/elastic/kibana/pull/174421","mergeCommit":{"message":"[sentinel_one] Fix agent status field name in Alert details highlighted fields (#174421)\n\n## Summary\r\n\r\nFixes https://github.com/elastic/kibana/issues/174235\r\n\r\n<img width=\"1809\" alt=\"image\"\r\nsrc=\"https://github.com/elastic/kibana/assets/5188868/43f120c7-8bbd-4e5a-9824-5db4fda9f35c\">","sha":"5344f86769536b901c19d6ce894c5b614a3836ac"}},"sourceBranch":"main","suggestedTargetBranches":["8.12"],"targetPullRequestStates":[{"branch":"8.12","label":"v8.12.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.13.0","branchLabelMappingKey":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/174421","number":174421,"mergeCommit":{"message":"[sentinel_one] Fix agent status field name in Alert details highlighted fields (#174421)\n\n## Summary\r\n\r\nFixes https://github.com/elastic/kibana/issues/174235\r\n\r\n<img width=\"1809\" alt=\"image\"\r\nsrc=\"https://github.com/elastic/kibana/assets/5188868/43f120c7-8bbd-4e5a-9824-5db4fda9f35c\">","sha":"5344f86769536b901c19d6ce894c5b614a3836ac"}}]}] BACKPORT--> Co-authored-by: Patryk Kopyciński <contact@patrykkopycinski.com>
Bug Conversion
Thanks! |
Hi @dasansol92, We have tested this ticket on the BC1 build for 8.12.1. Please find below the testing details: Build Details
Screenshots & Observations
Please let us know if anything else is required from our side. Thank you! |
Thanks @muskangulati-qasource , @tomsonpl could you take a look at this? Thanks! |
## Summary Fixes #174235 <img width="1906" alt="Zrzut ekranu 2024-02-5 o 11 54 15" src="https://github.com/elastic/kibana/assets/5188868/5f40dc64-c0fc-4fbf-b4b9-d8ee6e75c890"> <img width="1910" alt="Zrzut ekranu 2024-02-5 o 11 53 53" src="https://github.com/elastic/kibana/assets/5188868/425efd0b-242e-4bb7-b034-13b34c1dde44"> Co-authored-by: Ash <1849116+ashokaditya@users.noreply.github.com>
) ## Summary Fixes elastic#174235 <img width="1906" alt="Zrzut ekranu 2024-02-5 o 11 54 15" src="https://github.com/elastic/kibana/assets/5188868/5f40dc64-c0fc-4fbf-b4b9-d8ee6e75c890"> <img width="1910" alt="Zrzut ekranu 2024-02-5 o 11 53 53" src="https://github.com/elastic/kibana/assets/5188868/425efd0b-242e-4bb7-b034-13b34c1dde44"> Co-authored-by: Ash <1849116+ashokaditya@users.noreply.github.com> (cherry picked from commit 361398c) # Conflicts: # x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/formatted_field.tsx
) (#176663) # Backport This will backport the following commits from `main` to `8.12`: - [[SentinelOne] Fix Agent status on Timeline Alert details (#176210)](#176210) <!--- Backport version: 8.9.8 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Patryk Kopyciński","email":"contact@patrykkopycinski.com"},"sourceCommit":{"committedDate":"2024-02-10T12:28:32Z","message":"[SentinelOne] Fix Agent status on Timeline Alert details (#176210)\n\n## Summary\r\n \r\nFixes #174235 \r\n\r\n<img width=\"1906\" alt=\"Zrzut ekranu 2024-02-5 o 11 54 15\"\r\nsrc=\"https://github.com/elastic/kibana/assets/5188868/5f40dc64-c0fc-4fbf-b4b9-d8ee6e75c890\">\r\n\r\n<img width=\"1910\" alt=\"Zrzut ekranu 2024-02-5 o 11 53 53\"\r\nsrc=\"https://github.com/elastic/kibana/assets/5188868/425efd0b-242e-4bb7-b034-13b34c1dde44\">\r\n\r\nCo-authored-by: Ash <1849116+ashokaditya@users.noreply.github.com>","sha":"361398cd9d8af89210dfb8c70dd0631e22ec5beb","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","OLM Sprint","v8.13.0","v8.12.2"],"number":176210,"url":"https://github.com/elastic/kibana/pull/176210","mergeCommit":{"message":"[SentinelOne] Fix Agent status on Timeline Alert details (#176210)\n\n## Summary\r\n \r\nFixes #174235 \r\n\r\n<img width=\"1906\" alt=\"Zrzut ekranu 2024-02-5 o 11 54 15\"\r\nsrc=\"https://github.com/elastic/kibana/assets/5188868/5f40dc64-c0fc-4fbf-b4b9-d8ee6e75c890\">\r\n\r\n<img width=\"1910\" alt=\"Zrzut ekranu 2024-02-5 o 11 53 53\"\r\nsrc=\"https://github.com/elastic/kibana/assets/5188868/425efd0b-242e-4bb7-b034-13b34c1dde44\">\r\n\r\nCo-authored-by: Ash <1849116+ashokaditya@users.noreply.github.com>","sha":"361398cd9d8af89210dfb8c70dd0631e22ec5beb"}},"sourceBranch":"main","suggestedTargetBranches":["8.12"],"targetPullRequestStates":[{"branch":"main","label":"v8.13.0","labelRegex":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/176210","number":176210,"mergeCommit":{"message":"[SentinelOne] Fix Agent status on Timeline Alert details (#176210)\n\n## Summary\r\n \r\nFixes #174235 \r\n\r\n<img width=\"1906\" alt=\"Zrzut ekranu 2024-02-5 o 11 54 15\"\r\nsrc=\"https://github.com/elastic/kibana/assets/5188868/5f40dc64-c0fc-4fbf-b4b9-d8ee6e75c890\">\r\n\r\n<img width=\"1910\" alt=\"Zrzut ekranu 2024-02-5 o 11 53 53\"\r\nsrc=\"https://github.com/elastic/kibana/assets/5188868/425efd0b-242e-4bb7-b034-13b34c1dde44\">\r\n\r\nCo-authored-by: Ash <1849116+ashokaditya@users.noreply.github.com>","sha":"361398cd9d8af89210dfb8c70dd0631e22ec5beb"}},{"branch":"8.12","label":"v8.12.2","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Patryk Kopyciński <contact@patrykkopycinski.com>
…ed fields (elastic#174421) ## Summary Fixes elastic#174235 <img width="1809" alt="image" src="https://github.com/elastic/kibana/assets/5188868/43f120c7-8bbd-4e5a-9824-5db4fda9f35c">
) ## Summary Fixes elastic#174235 <img width="1906" alt="Zrzut ekranu 2024-02-5 o 11 54 15" src="https://github.com/elastic/kibana/assets/5188868/5f40dc64-c0fc-4fbf-b4b9-d8ee6e75c890"> <img width="1910" alt="Zrzut ekranu 2024-02-5 o 11 53 53" src="https://github.com/elastic/kibana/assets/5188868/425efd0b-242e-4bb7-b034-13b34c1dde44"> Co-authored-by: Ash <1849116+ashokaditya@users.noreply.github.com>
) ## Summary Fixes elastic#174235 <img width="1906" alt="Zrzut ekranu 2024-02-5 o 11 54 15" src="https://github.com/elastic/kibana/assets/5188868/5f40dc64-c0fc-4fbf-b4b9-d8ee6e75c890"> <img width="1910" alt="Zrzut ekranu 2024-02-5 o 11 53 53" src="https://github.com/elastic/kibana/assets/5188868/425efd0b-242e-4bb7-b034-13b34c1dde44"> Co-authored-by: Ash <1849116+ashokaditya@users.noreply.github.com>
Hi @dasansol92 Thanks for the update. We have tested this issue on latest Kibana v8.13.0 and found that issue is now fixed. Please find the below observationsBuild Details
ObservationsHence, we are closing this ticket as QA Approved. Thanks. |
) ## Summary Fixes elastic#174235 <img width="1906" alt="Zrzut ekranu 2024-02-5 o 11 54 15" src="https://github.com/elastic/kibana/assets/5188868/5f40dc64-c0fc-4fbf-b4b9-d8ee6e75c890"> <img width="1910" alt="Zrzut ekranu 2024-02-5 o 11 53 53" src="https://github.com/elastic/kibana/assets/5188868/425efd0b-242e-4bb7-b034-13b34c1dde44"> Co-authored-by: Ash <1849116+ashokaditya@users.noreply.github.com>
PR /pull/176210 |
Describe the bug:
observer.serial_number
field for SentinelOne's Alerts is showing asagent status
in Timeline.Build Details:
Preconditions
Steps to Reproduce
observer.serial_number
field for SentinelOne's Alerts is showing asagent status
in Timeline.Actual result
observer.serial_number
field for SentinelOne's Alerts is showing asagent status
in Timeline.Expected Result
Screen-Cast
Alerts page
Timeline
Cases
The text was updated successfully, but these errors were encountered: