-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution][Case] Markdown links are not properly shown on external services #87440
Comments
Pinging @elastic/kibana-alerting-services (Team:Alerting Services) |
It's possible that it's related to #87344, which was caused by PR #83919. However, guessing it's not. Some background ... The way PR #83919 should be working, is that we now do per connector action param escaping of the context variables - but almost all the action params escaping is a no-op - nothing is escaped at all. Previously, all context variables were escaped as HTML. With the PR, we change a few action params to escape the context variables differently:
So nothing should be escaped now, for Jira, or any connector besides the three mentioned above. |
Hey @YulNaumenko and @pmuellr! Thank you for your answers. I am not talking about context variables inside the content. I am talking about the whole content itself. For example, when you |
Currently the case-ish connectors themselves do no escaping for any context variables for any of the connector params. If there are some special parameters that should be treated as markdown (or similar), we can extend the escaping logic for the connectors to handle them. So for now, you could put all of But it's probably safer to keep the "markup" in the template, and fill in the link slots via variables; eg, the template would be
That way, in the future, if we want to do special escaping for this parameter, we won't have to worry about the "markup" itsef being escaped like in #87344. The reason you may want to change this in the future to escape the context variables for this field, would be if the
which would render as HTML
|
Pinging @elastic/security-threat-hunting-cases (Team:Threat Hunting:Cases) |
Pinging @elastic/response-ops (Team:ResponseOps) |
FYI: Same happens for slack integration. Following action markdown:
Looks great in email, but in slack message the result is (actual url is obfuscated):
|
Slack doesn't support full Markdown - they call theirs MrkDwn - doc here: https://api.slack.com/reference/surfaces/formatting That page also references BlockKit, which provides more formatting but also requires you to use JSON. It's supported in recently stack releases, in the Slack API connector, but not with the Slack webhook connector yet. |
Thanks, @pmuellr , I could confirm that following syntax works for slack integration:
|
When pushing a case with a markdown link to its content or in a comment they are not being shown properly on external services. In addition, Jira does not fully support Markdown.
Jira:
IBM Resilient:
The text was updated successfully, but these errors were encountered: