Kibana - Unable to sync case with alert

BigM1 · December 13, 2023, 6:30am

Hello,

in Kibana, using the SIEM security alert. When i try to create a case and choses option to sync case with alert it throws error below:

"Detected an unhandled Promise rejection.

    Message: illegal_argument_exception
Root causes:
	illegal_argument_exception: unexpected metadata [op:updated_rules] in source

    Stack: Error: Internal Server Error"

Any ideals ?

carly.richmond · December 13, 2023, 3:45pm

Hi @BigM1,

Welcome back! Which version of Elastic are you using?

BigM1 · December 13, 2023, 4:04pm

Thanks @carly.richmond !

I'm using version "8.11.1"

carly.richmond · December 13, 2023, 5:35pm

Thanks for confirming. Have you recently upgraded at all?

I would recommend upgrading to 8.11.3 to see if that solves the issue. Otherwise it could be a good idea to raise an issue on the GitHub repo if the issue persists.

Hope that helps!

BigM1 · December 13, 2023, 5:41pm

Thanks @carly.richmond ! will try that

system · January 10, 2024, 5:41pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
All Stack monitoring alert rules with error Kibana elastic-stack-monitoring	2	426	September 17, 2021
Error with Security Rules Elastic Security elastic-stack-alerting	9	1870	June 20, 2022
Alert rule for standard cluster alerts: search_phase_execution_exception [illegal_argument_exception] Kibana elastic-stack-alerting	3	1383	October 26, 2021
Kibana alerts and use case Kibana	3	260	May 19, 2020
Some alert rules are in error after upgrading Kibana from 7.17 to 8.6 Elastic Observability elastic-stack-alerting	1	895	February 17, 2023

Kibana - Unable to sync case with alert

Related Topics