[Security Solution] Innacurate generic timeline template

[MadameSheema]

Describe the bug:

• When an alert generated by a rule without a specific timeline template, is investigated on the timeline, the timeline displayed is not the expected one.

Kibana/Elasticsearch Stack version:

• 8.0

Steps to reproduce:

1. Create a rule without using a timeline template
2. Generate alerts for the created rule
3. Investigate one of the generated alerts on the timeline

Current behavior:

• The alert is filtered using a predefined filter

Expected behavior:

• The alert is filtered using the alert id on the data providers

Any additional context (logs, chat logs, magical formulas, etc.):

• This is happening for all the rule types except for Threshold rules that is working fine.

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[MadameSheema]

Tested on 8.0RC1 and is working properly there, so the issue must be introduced after 8.0rc1 was released.

[kqualters-elastic]

@MadameSheema I believe the id being populated as part of the description is only for threshold alerts, other types do not have it filled out.

[andrew-goldstein]

@MadameSheema I believe the id being populated as part of the description is only for threshold alerts, other types do not have it filled out.

While desk testing the fix, I also couldn't replicate _id being populated in the description in older releases (for non-threshold alerts) in 7.16, 7.14, and 7.10

[MadameSheema]

I updated the ticket accordingly, thanks

[MadameSheema]

@deepikakeshav-qasource @manishgupta-qasource can you please help to coordinate the testing of this on 8.0 latest branch? This is top priority, thanks :)

[ghost]

Hi @MadameSheema,

We have validated above issue on 8.0 main branch and it's fixed. ✅

Build Details:

Version: 8.0.0 branch
Build:9007199254740991

Screenshots:

Please let us know if we missed something !!

Thanks !