[Security Solution] The agent.status highlighted field should not have an Alert prevalence action
The agent.status highlighted field should not have an Alert prevalence action, because it's not possible to filter alerts via agent.status.
Kibana/Elasticsearch Stack version:
main v8.3.0
Steps to reproduce:
-
Navigate to Security > Alerts
-
Enter the following KQL in the search bar:
Expected result
- Only alerts for endpoints are displayed
-
Click the View details row action on an alert
-
Hover over the Agent status field in the flyout
Expected result
- There is no
Investigate in Timeline action for the Agent status field
Actual results
- An
Investigate in Timeline action is displayed for the Agent status field, per the screenshot below:
- Clicking the action opens a timeline with an
agent.status: "<uuid>", e.g. agent.status: "f0b84e9e-5ff7-4a83-b8f3-8315d34d039b", which is not expected to match any results, per the screenshot below:
[Security Solution] The
agent.statushighlighted field should not have an Alert prevalence actionThe
agent.statushighlighted field should not have an Alert prevalence action, because it's not possible to filter alerts viaagent.status.Kibana/Elasticsearch Stack version:
mainv8.3.0Steps to reproduce:
Navigate to Security > Alerts
Enter the following KQL in the search bar:
Expected result
Click the
View detailsrow action on an alertHover over the
Agent statusfield in the flyoutExpected result
Investigate in Timelineaction for theAgent statusfieldActual results
Investigate in Timelineaction is displayed for theAgent statusfield, per the screenshot below:agent.status: "<uuid>", e.g.agent.status: "f0b84e9e-5ff7-4a83-b8f3-8315d34d039b", which is not expected to match any results, per the screenshot below: