Security (Threat Monitoring) Incidents should not be included on the Operations -> Incidents page
Summary
Incidents that have been created from Security Alerts on the Security & Compliance -> Threat Management -> Alerts page currently show up on the Operations -> Incidents page. These should be removed from that list, as it will be confusing to users if security incidents are intermixed with cluster monitoring incidents.
Steps to reproduce
- Setup Security Alerts and trigger at least one alert
- Navigate to Security & Compliance -> Threat Monitoring -> Alerts and click on the generated Alert.
- Create a new Incident from the Alert.
- Navigate to Operations -> Incidents and observe that the Incident is included in the Operation Alerts list.
Example Project
https://staging.gitlab.com/defend-team-test/cnp-alert-demo/-/incidents
What is the current bug behavior?
Security Incidents are included on the Operations -> Incidents page.
What is the expected correct behavior?
The Operations -> Incidents page should only show Operations Incidents. Any Security Incidents should not be included in the list.
Relevant logs and/or screenshots
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)
Possible fixes
Implementation Plan
- ~~[-] backend modify
alert_management_enabled?
method to checkproject.alert_management_alerts.operations.any?
instead ofproject.alert_management_alerts.any?
in https://gitlab.com/gitlab-org/gitlab/blob/master/app/helpers/projects/alert_management_helper.rb#L37,~~ - ~~[-] frontend modify
https://gitlab.com/gitlab-org/gitlab/blob/master/app/assets/javascripts/alert_management/components/alert_management_table.vue#L124
to includedomain: operations
invariables()
inapollo.alerts
to fetch only alerts without threat monitoring alerts~~