Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Preview Histogram displays duplicate alerts based on stackBy field #129664

Closed
dplumlee opened this issue Apr 6, 2022 · 2 comments
Closed

[Security Solution] Preview Histogram displays duplicate alerts based on stackBy field #129664

dplumlee opened this issue Apr 6, 2022 · 2 comments
Assignees
@dplumlee
Labels
8.5 candidate bug Fixes for quality problems that affect the customer experience impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. Team:Detection Alerts Security Detection Alerts Area Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.

Comments

@dplumlee
Copy link
Contributor

dplumlee commented Apr 6, 2022

Overview

There is a bug currently in the rule preview feature with the histogram and alert table having incongruent alert/hit counts. The bug is caused by the stackBy field in the histogram (currently set as event.category) counting certain alerts multiple times if they have 2 or more event.category fields. Discussion needs to be held as to what the best approach to fixing this within the confines of the 8.2 release and perhaps ways we can adjust it going forward

Screenshots

Screen Shot 2022-04-06 at 4 36 49 PM
@dplumlee dplumlee added bug Fixes for quality problems that affect the customer experience Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Detection Alerts Security Detection Alerts Area Team v8.2.0 labels Apr 6, 2022
@dplumlee dplumlee self-assigned this Apr 6, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@dplumlee dplumlee mentioned this issue Apr 6, 2022
Merged
20 tasks
@marshallmain marshallmain added impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. 8.5 candidate and removed 8.4 candidate labels Jun 23, 2022
@dplumlee
Copy link
Contributor Author

dplumlee commented Jul 28, 2022
edited
Loading

Addressed by #128981

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dplumlee dplumlee

Labels
8.5 candidate bug Fixes for quality problems that affect the customer experience impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. Team:Detection Alerts Security Detection Alerts Area Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@elasticmachine @marshallmain @dplumlee