wazuh-dashboard-plugins icon indicating copy to clipboard operation
wazuh-dashboard-plugins copied to clipboard

Published 20 hours ago verified publisher icon wazuh

Office365 view presents incorrect value for max event level

Open sempervictus opened this issue 3 years ago • 1 comments

Wazuh Elastic Rev Security
4.3.6 7.10.2 4xxx Basic
Browser
all

Description Max rule level value seems to be inverted (min). image

sempervictus avatar Jul 24 '22 13:07 sempervictus

Hello @sempervictus

Thanks for using Wazuh and reporting this bug with us.

We'll further investigate this and fix it as soon as possible.

Best regards, Alex

AlexRuiz7 avatar Jul 25 '22 07:07 AlexRuiz7

I have been investigating this issue. The problem is due to an incorrect term in the aggregation of office / Max Rule Level on the file components/overview/metrics/metrics.tsx. I will proceed to fix it

Tostti avatar Sep 13 '22 18:09 Tostti

The issue was that the aggregation was using the timestamp term instead of rule.level.

Before the changes image

After the changes image

Tostti avatar Sep 13 '22 18:09 Tostti

Awesome, thank you for hunting that down.

sempervictus avatar Sep 13 '22 18:09 sempervictus

Closing after merge of #4508 Backports was merged too.

Tostti avatar Sep 14 '22 13:09 Tostti