Skip to content

Security (Threat Monitoring) Incidents should not be included on the Operations -> Incidents page

Summary

Incidents that have been created from Security Alerts on the Security & Compliance -> Threat Management -> Alerts page currently show up on the Operations -> Incidents page. These should be removed from that list, as it will be confusing to users if security incidents are intermixed with cluster monitoring incidents.

Steps to reproduce

  1. Setup Security Alerts and trigger at least one alert
  2. Navigate to Security & Compliance -> Threat Monitoring -> Alerts and click on the generated Alert.
  3. Create a new Incident from the Alert.
  4. Navigate to Operations -> Incidents and observe that the Incident is included in the Operation Alerts list.

Example Project

https://staging.gitlab.com/defend-team-test/cnp-alert-demo/-/incidents

What is the current bug behavior?

Security Incidents are included on the Operations -> Incidents page.

What is the expected correct behavior?

The Operations -> Incidents page should only show Operations Incidents. Any Security Incidents should not be included in the list.

Relevant logs and/or screenshots

Output of checks

Results of GitLab environment info

Expand for output related to GitLab environment info 

(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`)

(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)

Results of GitLab application Check

Expand for output related to the GitLab application check 
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)


(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)


(we will only investigate if the tests are passing)

Possible fixes

Implementation Plan

Edited by Alan (Maciej) Paruszewski