-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution]User selecting alerts by select all option, disables attach to new case and existing case options. #153354
Comments
Pinging @elastic/security-solution (Team: SecuritySolution) |
Pinging @elastic/security-threat-hunting (Team:Threat Hunting) |
@michaelolo24 can you please take a look at this when you have a chance? sounds like a bug to me. |
OOps sorry @michaelolo24, I made a mistake here, wrong ticket |
Hey @sukhwindersingh-qasource - Thanks for the question! I'm actually not sure myself. Looking at this PR #130958 I think that maybe @academo or someone on the @elastic/response-ops-cases team may have input / feedback? The behavior is the same for the alert table in Security as well as the one in Observability. |
When the user uses the "Select All alerts" button the alerts table posts an ES query to update the alerts and not the alert IDs. Cases do not support ES queries to add alerts to a case. For this reason, the buttons are disabled in query mode here. I understand that it feels weird if you have only a few alerts. Maybe the "Select All" button can switch to alert IDs if it selects only what the user sees (like the bulk actions). @XavierM What do you think? |
@cnasikas I see from the ticket linked above back on May 4th that this was fixed, though when I test it on latest |
Describe the Question:
Build Details:
Preconditions
Steps to Reproduce
Screen-Recording
Alerts.-.Kibana.Mozilla.Firefox.2023-03-21.11-17-26.mp4
The text was updated successfully, but these errors were encountered: