[Security Solution] Alert Detail flyout for Linux Session Alert overlaps Investigation Timeline.

[arvindersingh-qasource]

Describe the bug
Alerts Detail flyout for Linux Session Alert overlaps Investigation Timeline.

Build Details

VERSION: 8.14.0
BUILD: 73235
COMMIT: 619fa44280c5d89c3f3e1fe8bf8b92ba0d343be1

Browser Details
This issue is occurring on all browsers.

Preconditions

1. Kibana v8.14.0 must be available.
2. Linux Session Alert must be available.

Steps to Reproduce

1. Navigate to Security -> Alerts .
2. Open Session View for Linux Session Alert.
3. Open Alerts Detail flyout.
4. Under Insights, open alerts related by source event.
5. Click on Investigate in Timeline
6. Observe that Alert Detail flyout for Linux Session Alert overlaps Investigation Timeline.

Actual Result
Alerts Detail flyout for Linux Session Alert overlaps Investigation Timeline.

Expected Result
Alerts Detail flyout for Linux Session Alert should not overlaps Investigation Timeline.

What's Working

• N/A

What's Not Working

• N/A

Screen Recording

Alerts.-.Kibana.-.Google.Chrome.2024-04-12.15-36-48.mp4

[elasticmachine]

Pinging @elastic/security-detections-response (Team:Detections and Resp)

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[arvindersingh-qasource]

@karanbirsingh-qasource Please review this ticket.

Thanks.

[elasticmachine]

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

[elasticmachine]

Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations)

[PhilippeOberti]

@arvindersingh-qasource thanks for opening this ticket! I can indeed reproduce the issue locally. The issue actually happens not only from the Session View but also from the main alerts table...

Screen.Recording.2024-04-23.at.12.50.06.PM.mov

My guess is the bug was introduced by this PR but I will take a closer look. Another reason to get rid of this old flyout... we're spending time fixing something that's going away soon :(

[PhilippeOberti]

Actually it seems that the bug was introduced in a more recent PR that previously mentioned. Here's where we override to 1002 in the old flyout, which we shouldn't do as the timeline has a z-index of 1001 (introduced in the PR linked in my previous comment).

[PhilippeOberti]

Ok I think I understand a bit more what's happening. The last PR opened and merged by @michaelolo24 renders the old flyout on top of timeline. This works when that flyout is opened from within timeline, but it breaks everywhere the flyout is being used from (like alerts table).

@michaelolo24 I feel like this change should be reverted and I have a PR to do so. That means that for now the new tables in timeline won't have a flyout working (unless we use the expandable flyout using the expandableTimelineFlyoutEnabled feature flag), but at least we're not breaking the primary behavior for all users in 8.14.

What this means is we NEED to use expandableTimelineFlyoutEnabled along side unifiedComponentsInTimelineEnabled to have a flyout working.

Is that ok with you?

[PhilippeOberti]

@arvindersingh-qasource the PR to fix this issue was just merged. The fix should be available in BC3 (as BC2 was just built earlier today).

Please let me know if you confirm the fix when BC3 is available, thank you!

[ghost]

Hi @PhilippeOberti

This issue is fixed now, validated the issue on 8.14 BC3 ✅

Build Details:

Version: 8.14
Commit: 2a492e1625f24336f3259b2b8df62b2b18127e81
Build: 73762

Screen-Shot

Hence we are closing this issue and adding "QA:Validated" tag to it.

thanks !!