Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Defend Workflows] Endpoints count Mismatch Due to Filter Applied by the Policies Tab for Endpoints. #197581

Closed
sukhwindersingh-qasource opened this issue Oct 24, 2024 · 5 comments
Closed

[Defend Workflows] Endpoints count Mismatch Due to Filter Applied by the Policies Tab for Endpoints. #197581

sukhwindersingh-qasource opened this issue Oct 24, 2024 · 5 comments
Assignees
@dasansol92
Labels
bug Fixes for quality problems that affect the customer experience impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.16.0

Comments

@sukhwindersingh-qasource
Copy link

Describe the bug:

  • Endpoints count Mismatch Due to Filter Applied by the Policies Tab for Endpoints.

Build Details:

VERSION: 8.16.0 BC1
BUILD: 79314
COMMIT: 5575428

Login Credentials

Preconditions

  • Kibana should be running.
  • Agents should be added

Steps to Reproduce

  • Create a policy with name DEFEND add 4 agents to that.
  • Now Delete this DEFEND Integration
  • Add the new defend Integration in the same policy, lets say Defend 3
  • Add one more agent with the defend 3
  • When you Navigate to the Policies tab, it shows 5 Endpoints
  • But when you click on the 5 navigation Link , it will apply the filter united.endpoint.Endpoint.policy.applied.id : "b0a8b1d4-242c-4b3b-ad70-3ffb8a9642c0"
  • It will only show 1 Endpoint.

Actual result

  • Endpoints count Mismatch Due to Filter Applied by the Policies Tab for Endpoints.

Expected Result

  • Filter added Count should match the count with the number of Endpoints are shown on the Policies page

Screen-cast

Policies.-.Kibana.Mozilla.Firefox.2024-10-18.13-52-08.mp4

Logs

  • N/A
@sukhwindersingh-qasource sukhwindersingh-qasource added bug Fixes for quality problems that affect the customer experience impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v8.16.0 labels Oct 24, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

@muskangulati-qasource
Copy link

Reviewed and assigned to @dasansol92

@dasansol92
Copy link
Contributor

@sukhwindersingh-qasource thanks for raising this. As I can see, we are filtering by policy id in the endpoints list. Did you wait enough time for the transforms to update that list?
Were the initial 4 enrolled agents still enrolled and online at the time you clicked on the number of hosts (5) at policy list page?

@pzl @joeypoon any other thoughts why that search is not returning the total list of enrolled endpoints (5)?

Thanks!

@sukhwindersingh-qasource
Copy link
Author

Hi @dasansol92,

Thanks for the updates.

We tested on a single VM by installing/uninstalling agents to check the agent count. However, the transforms were not updated for the old entries since it was the same host. We tried it with multiple live hosts, waited for the transform updates, and observed that everything worked fine once the transforms were updated.

Screen Cast:

Policies.-.Kibana.Mozilla.Firefox.2024-10-25.10-21-04.mp4

Hence, we are closing this ticket as it is now working fine.

Thanks!

@sukhwindersingh-qasource sukhwindersingh-qasource added QA:Validated Issue has been validated by QA and removed grooming labels Oct 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dasansol92 dasansol92

Labels
bug Fixes for quality problems that affect the customer experience impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.16.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dasansol92 @elasticmachine @muskangulati-qasource @sukhwindersingh-qasource