Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Group by resources unable to show resources / findings #160

Closed
tinnytintin10 opened this issue May 19, 2022 · 6 comments
Closed

[BUG] Group by resources unable to show resources / findings #160

tinnytintin10 opened this issue May 19, 2022 · 6 comments
Assignees
@kfirpeled
Labels
bug Something isn't working verified label for fixed and retested issues

Comments

@tinnytintin10
Copy link

Describe the bug
When switching from the group by none view to the group by resource view, Kibana displays There are no findings

Preconditions
I am running the main branch of Kibana locally with findings data coming from the cloud beat kind-mono cluster.

To Reproduce
Write the exact actions one should perform in order to reproduce the bug.
Steps to reproduce the behavior:

  1. View Findings grouped by none
  2. Group findings by resource

Expected behavior

We should see a resource per row and their associated findings when you click on them.

Screenshots

Screen.Recording.2022-05-19.at.10.58.36.AM.mov

Additional context
@tinnytintin10 tinnytintin10 added bug Something isn't working csp: last mile labels May 19, 2022
@tinnytintin10
Copy link
Author

@tehilashn @kfirpeled I have added this to our last-mile epic with a priority 0

@ari-aviran
Copy link
Contributor

This is happening due to the recent changes that were merged roughly at the same:

  1. [Cloud Posture] add pagination to findings by resource kibana#130968
  2. [Cloud Posture] Update latest findings index mapping kibana#131504

The queries for the findings-grouped-by-resource table rely on resource.id.keyword but in the mapping resource.id is only defined as text. The correct solution for this issue is to probably update the mapping of resource.id to include a .keyword field, both in the raw findings index mapping (comes from the integration) and in the latest findings index mapping (defined in Kibana code)

fyi @uri-weisman @eyalkraft

@kfirpeled kfirpeled self-assigned this May 19, 2022
@kfirpeled
Copy link
Contributor

Checkout https://github.com/elastic/security-team/issues/3737 for more information of planned work on the findings mapping

@kfirpeled
Copy link
Contributor

fixed

@tinnytintin10
Copy link
Author

tinnytintin10 commented May 22, 2022
edited
Loading

@kfirpeled Since elastic/kibana#132529 (comment) is merged we can either close this issue out or keep it open till we add back cluster id to the table. I will leave that down to you - lmk if you want another issue to track adding back cluster-id to the table.

@kfirpeled
Copy link
Contributor

@tinnytintin10 I've updated this ticket to address the cluster id

@ofiriro3 ofiriro3 added the verified label for fixed and retested issues label Jun 8, 2022
orouz pushed a commit to orouz/cloudbeat that referenced this issue Sep 6, 2023
@oren-zohar
[Metadata] Rule number field refactoring (elastic#160)
d0dc73b
orestisfl pushed a commit to orestisfl/cloudbeat that referenced this issue Oct 11, 2023
@oren-zohar @orestisfl
[Security Policies] [Metadata] Rule number field refactoring (elastic…
277d98a 
…#160)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kfirpeled kfirpeled

Labels
bug Something isn't working verified label for fixed and retested issues
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ofiriro3 @tinnytintin10 @kfirpeled @ari-aviran