Closed
Description
What is the bug?
In the alert details flyout, findings that caused the alert are shown. However, the table lists all the findings (even ones that are not related to the current alert) generated by the detector that has the alert's trigger condition.
How can one reproduce the bug?
Steps to reproduce the behavior:
- Create a detector with an alert condition and execution frequency of 1 min.
- Ingest multiple logs matching the detector configuration such that the finding would result in an alert
- Wait for the findings and alerts to be generated
-
- Once alerts come in, open one of the alert details, you will see multiple findings listed in the Findings table.
What is the expected behavior?
Only one finding should be listed in the table, since only that finding is related to the generated alert
What is your host/environment?
NA
Do you have any screenshots?
Do you have any additional context?
Add any other context about the problem.