Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Defend Workflows] CrowdStrike runscript --Raw response action is Visible in Response Console for the hosts running on Elastic Defend Integration #209460

Open
ishaansehgal-qasource opened this issue Feb 4, 2025 · 4 comments
Open

[Defend Workflows] CrowdStrike runscript --Raw response action is Visible in Response Console for the hosts running on Elastic Defend Integration #209460

ishaansehgal-qasource opened this issue Feb 4, 2025 · 4 comments
Assignees
@dasansol92
Labels
bug Fixes for quality problems that affect the customer experience grooming impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.18.0

Comments

@ishaansehgal-qasource
Copy link

ishaansehgal-qasource commented Feb 4, 2025
edited
Loading

Describe the bug:

  • CrowdStrike runscript --Raw response action is Visible in Response Console for the hosts running on Elastic Defend Integration.

Build Details:
VERSION: 8.18.0
BUILD: 82206
COMMIT: 33e6754

Login Credentials
https://p.elstc.co/paste/MP68ntcH#-Wl4aZyXm1OkEOTnUhe7GrVcR+QC1EwC69yR6uf/Bbi

Preconditions

  1. Kibana should be running.
  2. Elastic defend integration should be added

Steps to Reproduce

  1. Navigate to Endpoints under Assets tab and click on 3 dots.
  2. Select Respond and new window with response console will open.
  3. Click on help.
  4. Observe the commands run script Raw is available.

Expected Result

  • User should not be able to view Crowd strike commands on adding Elastic Defend Integration.

Actual Result

  • User is able to view Crowd strike command runscript --Raw on adding Defend Integration

Occurring on the Old stack 8.17.1

  • No it is not occurring on the 8.17.1 ❌

Occurring on the 9.0.0

  • Yes it is occurring on the 9.0.0-beta1 ✔️

Image

Screen-cast

Image

Logs

  • N/A
@ishaansehgal-qasource ishaansehgal-qasource added bug Fixes for quality problems that affect the customer experience impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v8.18.0 labels Feb 4, 2025
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

@ishaansehgal-qasource
Copy link
Author

@sukhwindersingh-qasource Please review

@sukhwindersingh-qasource
Copy link

Reviewed and assigned to @dasansol92

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dasansol92 dasansol92

Labels
bug Fixes for quality problems that affect the customer experience grooming impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.18.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dasansol92 @elasticmachine @sukhwindersingh-qasource @ishaansehgal-qasource