Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Wrong tooltip text(Default: auto) for linux.advanced.kernel.capture_mode in advanced settings of Endpoint Security integration #129692

Closed
nick-alayil opened this issue Apr 7, 2022 · 4 comments
Closed

[Security Solution] Wrong tooltip text(Default: auto) for linux.advanced.kernel.capture_mode in advanced settings of Endpoint Security integration #129692

nick-alayil opened this issue Apr 7, 2022 · 4 comments
Assignees
@kevinlog
Labels
bug Fixes for quality problems that affect the customer experience Team: AWP: Platform Adaptive Workload Protection Platform team from Security Solution Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.2.0

Comments

@nick-alayil
Copy link

nick-alayil commented Apr 7, 2022
edited
Loading

Kibana version:
8.2.0 BC2

Describe the bug:
Wrong tooltip text(Default: auto) for linux.advanced.kernel.capture_mode in advanced settings of Endpoint Security integration. It seems the default capture mode is kprobe.

vagrant@ubuntu-2010:~$ uname -a
Linux ubuntu-2010 5.8.0-55-generic #62-Ubuntu SMP Tue Jun 1 08:21:18 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

vagrant@ubuntu-2010:~$ sudo cat /sys/kernel/tracing/kprobe_events
p:kprobes/elasticendpoint_GROUP_LEADER_probe __x64_sys_swapoff
p:kprobes/elasticendpoint_SYS_EXECVE_NAME_probe __x64_sys_execve process_path=+0(+112(%di)):string
......
......
r2:kprobes/elasticendpoint_INET_LISTEN_RET_probe inet_listen rv=$retval
p:kprobes/elasticendpoint_INET_BIND_BUCKET_CREATE_probe inet_bind_bucket_create port=%cx:u16

Steps to reproduce:

  1. Create a new agent policy with endpoint security integration.
  2. Navigate to the above created endpoint security integration's settings page and click on show advanced settings at the bottom
  3. Hover over linux.advanced.kernel.capture_mode to display tooltip

Expected behavior:
Tooltip should ideally show default capture mode as kprobe instead of auto

Screenshots (if relevant):
Screenshot1

Cc @kevinlog
@nick-alayil nick-alayil added bug Fixes for quality problems that affect the customer experience Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v8.2.0 Team: AWP: Platform Adaptive Workload Protection Platform team from Security Solution labels Apr 7, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-onboarding-and-lifecycle-mgt (Team:Onboarding and Lifecycle Mgt)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@kevinlog kevinlog self-assigned this Apr 11, 2022
@kevinlog
Copy link
Contributor

PR: #129926

@kevinlog kevinlog mentioned this issue Apr 11, 2022
Merged
1 task
@kevinlog
Copy link
Contributor

This should be fixed in the next 8.2 BC build.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kevinlog kevinlog

Labels
bug Fixes for quality problems that affect the customer experience Team: AWP: Platform Adaptive Workload Protection Platform team from Security Solution Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.2.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@elasticmachine @kevinlog @nick-alayil