Kibana - Unable to sync case with alert

BigM1 · December 13, 2023, 6:30am

Hello,

in Kibana, using the SIEM security alert. When i try to create a case and choses option to sync case with alert it throws error below:

"Detected an unhandled Promise rejection.

    Message: illegal_argument_exception
Root causes:
	illegal_argument_exception: unexpected metadata [op:updated_rules] in source

    Stack: Error: Internal Server Error"

Any ideals ?

carly.richmond · December 13, 2023, 3:45pm

Hi @BigM1,

Welcome back! Which version of Elastic are you using?

BigM1 · December 13, 2023, 4:04pm

Thanks @carly.richmond !

I'm using version "8.11.1"

carly.richmond · December 13, 2023, 5:35pm

Thanks for confirming. Have you recently upgraded at all?

I would recommend upgrading to 8.11.3 to see if that solves the issue. Otherwise it could be a good idea to raise an issue on the GitHub repo if the issue persists.

Hope that helps!

BigM1 · December 13, 2023, 5:41pm

Thanks @carly.richmond ! will try that

system · January 10, 2024, 5:41pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.