Open
Description
Describe the bug:
- Filter In for the Endpoint.policy.applied.artifacts.global.channel highlighted field is not working
Login Credentials
Below are the Testing Details :
Build Details:
VERSION: 8.18.0
BUILD: 82852
COMMIT: dae17b1f42873e0b3a53fbe6bf3482fc891800db
Preconditions
- Kibana 8.18.0 should be present.
- Endpoint alert should be present
Steps to Reproduce
- Navigate to the Alerts page.
- Click on the Alerts details Icon of the alert
- Navigated to the Highlighted fields
- Now Filter In for the Endpoint.policy.applied.artifacts.global.channel
- Observe that the Filter In for the Endpoint.policy.applied.artifacts.global.channel highlighted field is not working
Actual result
- Filter In for the Endpoint.policy.applied.artifacts.global.channel highlighted field is not working
Expected Result
- Filter In for the Endpoint.policy.applied.artifacts.global.channel highlighted field should be working
Screen-capture
Alerts.-.Kibana.Mozilla.Firefox.2025-03-26.14-36-30.mp4
Occurring on 9.0
- Yes it is occurring on 9.0 ✔
Logs
- N/A
Dev notes:
- If the field is added to the endpoint package, what happens with the old events? Is it ok that those have a non searchable field? cc: @ferullo @intxgo
- Should we also map the other highlighted fields that are not searchable?
AC
- Get an answer for: Should this field be mapped through endpoint package? If:
- Yes: open an endpoint package pr adding this field to the mapping. Add release note to the endpoint package pr.
- Not: close this issue as nothing needs to be done.