Code Monkey home page Code Monkey logo

Comments (10)

paul-tavares avatar paul-tavares commented on September 23, 2024 2

@tomsonpl ,
Yes, and no.
For endpoint, we do allow isolate to be create for hosts that are already isolated (similar with release). For SentinelOne, Patryk implemented code in the Connector that first checks that the host is in the correct state. Not sure why that was done that way - perhaps the S1 system rejects it? 🤷

That being said - this is expected behaviour for HTTP API requests for all agent types - meaning: if there is an error along the way, we don't create the action documents because that could just fill up the index with "junk".

Note, however, that automated response actions behaviour is a bit different because there is no user behind it. For automated response actions, we do create a failed response action in this case.

from kibana.

ashokaditya avatar ashokaditya commented on September 23, 2024 1

@muskangulati-qasource Thanks for bringing this up. This is expected as the action request is not created. We show response history for actions that are actually created and that have pending/failed/successful responses.

from kibana.

elasticmachine avatar elasticmachine commented on September 23, 2024

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

from kibana.

dasansol92 avatar dasansol92 commented on September 23, 2024

@ashokaditya could you take a closer look to this one?

from kibana.

tomsonpl avatar tomsonpl commented on September 23, 2024

Out of curiosity, is this expected only for S1 actions, or also Endpoint's ?

from kibana.

tomsonpl avatar tomsonpl commented on September 23, 2024

Thanks @paul-tavares :)

from kibana.

dasansol92 avatar dasansol92 commented on September 23, 2024

@ashokaditya @paul-tavares can we close this as won't do then?
cc: @arvindersingh-qasource

from kibana.

paul-tavares avatar paul-tavares commented on September 23, 2024

Yes - it should be closed. Its working as intended.

from kibana.

muskangulati-qasource avatar muskangulati-qasource commented on September 23, 2024

Thank you for the update @dasansol92 and @paul-tavares .

We are closing this issue as it is WORKING AS DESIGNED. We will keep note of the same.

Thank you!

from kibana.

sukhwindersingh-qasource avatar sukhwindersingh-qasource commented on September 23, 2024

Bug Conversion

No Test case is required since it is expected behavior!

Thanks!

from kibana.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.