[RAC] Event Renderer: Some rows do not have default reason statement included #108987
Comments
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-threat-hunting (Team:Threat Hunting) |
|
Hey @mdefazio, the reason the field isn't showing up is because the alert is missing the fields necessary to generate that statement. Taking a look at filtering for alerts that don't have reason defined, you see the severity and risk score are also missing. As this message expands to include a bit more data or depend on different data, it could be shown more consistently
cc @paulewing |
|
What is the recommended path forward here? Would we be able to provide a more broad reason statement that reads similarly to our others, but just doesn't include severity or risk score? (Though I believe it was mentioned that there should be a severity on these). |
|
@mdefazio can you check if you're still seeing this issue? I've been un able to reproduce it and I'm assuming it may have had to do with the alert table showing data from other developers systems and their code being out of sync. |
|
Severity and risk score are both required fields on the rules so they should be present on every alert - if there's a way to reproduce those alerts without severity and risk score that would be a bug. |
|
@marshallmain I haven't been able to reproduce it and only ever saw it on the dev instance, but I haven't seen it there anymore either even when I filter for alerts without the |
|
I don't seem to be able to reproduce this either. |
|
Closing as this is not happening anymore. |
A few rule rows do not seem to have default reason statements on them:
Whether we show them in the table or not, these would still be needed when opening the flyout.
The text was updated successfully, but these errors were encountered: