Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rule.mitre.id link do not work properly under certain conditions #4090

Open
Rebits opened this issue Apr 22, 2022 · 1 comment
Open

rule.mitre.id link do not work properly under certain conditions #4090

Rebits opened this issue Apr 22, 2022 · 1 comment
Labels
component/discover Issue related to the Wazuh discover component used to present events within our application. qa/report QA Team: Reporting possible bug type/bug Bug issue

Comments

@Rebits
Copy link
Member

Rebits commented Apr 22, 2022

Wazuh Elastic Rev Security
4.3 7.x 4301-1 Basic, ODFE, Xpack
Browser
Firefox

Description

During Windows Event second revision an error in MITRE ids links has been detected.
Mitre ids links do not open the expected lateral panel with technique details and recent events.

Steps to reproduce

This error appears erratically, I have achieved this condition following https://wazuh.com/blog/emulation-of-attck-techniques-and-detection-with-wazuh/. After a few minutes reviewing the generated events, MITRE id links will start to fail

Video

event_mitre_link_broken.mp4
@Rebits Rebits added type/bug Bug issue qa/report QA Team: Reporting possible bug labels Apr 22, 2022
@Rebits Rebits changed the title MITRE ids links do not work properly under certain conditions rule.mitre.id link do not work properly under certain conditions Apr 22, 2022
@jmv74211 jmv74211 mentioned this issue Apr 22, 2022
Closed
2 tasks
@jmv74211 jmv74211 moved this to Triage in Release 4.3.0 Apr 22, 2022
@gdiazlo gdiazlo added component/discover Issue related to the Wazuh discover component used to present events within our application. state/backlog labels Apr 22, 2022
@gdiazlo gdiazlo moved this from Triage to To do in Release 4.3.0 Apr 25, 2022
@gdiazlo
Copy link
Member

gdiazlo commented Apr 25, 2022

This behavior can be reproduced in 4.2.6 too. In order for the links to work the shape of the table must not change, as the links are generated modifying the DOM when the table is load.

Also, we need to study if we can use a flyout instead of opening a new tab.

@snaow snaow moved this from To do to Triage in Release 4.3.0 Apr 28, 2022
@gdiazlo gdiazlo moved this from Triage to Known issues in Release 4.3.0 Apr 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component/discover Issue related to the Wazuh discover component used to present events within our application. qa/report QA Team: Reporting possible bug type/bug Bug issue
Projects
No open projects
Release 4.3.0
Status: Known issues
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gdiazlo @Rebits