Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution]Asset Criticality not updates in Expanded Risk Contribution Fly-out #177874

Closed
ghost opened this issue Mar 1, 2024 · 8 comments
Closed

[Security Solution]Asset Criticality not updates in Expanded Risk Contribution Fly-out #177874

ghost opened this issue Mar 1, 2024 · 8 comments
Labels
bug Fixes for quality problems that affect the customer experience impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team:Entity Analytics Security Entity Analytics Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. triage_needed

Comments

@ghost
Copy link

ghost commented Mar 1, 2024

Describe the bug:
Asset Criticality not updates in Expanded Risk Contribution Fly-out

Kibana/Elasticsearch Stack version

Version: 8.13.0 BC2
Commit: c2fc8da128504d437897970d142efd4d06970c0b
Build: 71815

Functional Area:
Asset Criticality

precondition

  • Required Feature need to present in kibana yml

Steps to reproduce

  • Navigate to Alert Page
  • Click on Host name value from the alert table
  • Change Asset Criticality
  • Click on Expand Details in top of the fly out
  • Again change the Asset Criticality
  • Observed that Asset Criticality not updates in right fly out

Additional Result

  • Even on again opening the right fly out the Asset Criticality not updates

Current Result

  • Asset Criticality not updates in Expanded Risk Contribution Right Fly out

Expected Result

  • Asset Criticality should update immediately on changing from right fly out

Screen-Shot:

assest_not_update.mov
assest_criticality_not_udpated.mov
@ghost ghost added bug Fixes for quality problems that affect the customer experience triage_needed Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Mar 1, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@ghost ghost added the impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. label Mar 1, 2024
@ghost ghost assigned MadameSheema Mar 1, 2024
@amolnater-qasource
Copy link

Reviewed & assigned to @MadameSheema

@vgomez-el vgomez-el assigned yctercero and unassigned MadameSheema Mar 1, 2024
@vgomez-el vgomez-el added Team:Detections and Resp Security Detection Response Team Team:Detection Engine Security Solution Detection Engine Area labels Mar 1, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-engine (Team:Detection Engine)

@yctercero
Copy link
Contributor

@jaredburgettelastic I think this falls under EA?

@jaredburgettelastic
Copy link
Contributor

This is expected behavior, as the risk score has not yet been updated in this scenario. The risk score only updates once per hour, and therefore the contributions shouldn't change until the score also changes.

We should look into a way to properly explain this within that contributions tab.

cc @SourinPaul

@yctercero yctercero added Team:Entity Analytics Security Entity Analytics Team and removed Team:Detections and Resp Security Detection Response Team Team:Detection Engine Security Solution Detection Engine Area labels Mar 12, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-entity-analytics (Team:Entity Analytics)

@yctercero yctercero removed their assignment Mar 12, 2024
@machadoum
Copy link
Member

Closing this issue because we are working on improving the asset criticality assignment to "instantly" recalculate the score here: https://github.com/elastic/security-team/issues/9121

@jaredburgettelastic jaredburgettelastic mentioned this issue May 7, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Fixes for quality problems that affect the customer experience impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team:Entity Analytics Security Entity Analytics Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. triage_needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@machadoum @yctercero @elasticmachine @MadameSheema @amolnater-qasource @vgomez-el @jaredburgettelastic