Alert Rule Not showing on Secuirty Dashboard but is rule is active and creating alerts

We have been experiencing some on going issues since we have upgraded to 8.9.1 from 7.17.11. Primarily all our issues have been with Kibana's Security SIEM.

There are two main issues that we have been experiencing:

  1. Certain alert information appear blank on the dashboard and when you try to open one of the alerts kibana shows an error (screenshots below)

  1. We are receiving email alerting from Elastalert2 for certain alerts, however when you look on the main security dashboard the alert does not appear but when you search specifically for the rule we can see the detections that were raised.

Alerts within Rule:

Security Dashboard searching for rule:

Has anyone else been experiencing similar issues, could suggest an approach to resolve these issues?

Kibana

Hi @geekzy !

Thanks so much for reaching out. Sorry to hear you're experiencing issues post upgrade.

For the first issue you raised, that is a known issue that is documented here. I've linked to the comment in that issue that explains the bug and known workarounds. I'm working to confirm if the issue was fixed in 8.9.2 which was released September 6th.

For the second issue raised, what is the filter being used on the dashboard page? Is that an alert id? Does anything show without any filters?

Best,
Yara

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.