[Defend Workflows[Bug] Unable to download files retrieved via the "Get-File" response action from the SentinelOne response console.

[sukhwindersingh-qasource]

Describe the bug:

• Unable to download files retrieved via the "Get-File" response action from the SentinelOne response console.

Build Details:

VERSION: 8.17.0 BC6
BUILD: 80521
COMMIT: e8a820624a03a412433584d3e3df951838e4c63c

Login Credentials

• https://p.elstc.co/paste/zoPD-JFi#wd+wwZAIaJBRrMAAYmhplEw+F3zLG8pgnGDRpO64rgz

Preconditions

• Kibana should be running.
• Sentinel Alerts should be present

Steps to Reproduce

• Navigate to the response console through the sentinel alerts flyout
• Now run the get-file response action on the SentinelOne response console
• Wait for the results to show up
• Now Click on the Click here to download link
• Observe that user is Unable to download files retrieved via the "Get-File" response action from the SentinelOne response console.

Whats working :

• It is Working fine for the Defend get-file download option ✔
• File download is also working for the processes response action of the SentinelOne ✔

Actual result

• Unable to download files retrieved via the "Get-File" response action from the SentinelOne response console.

Expected Result

• User should be able to download files retrieved via the "Get-File" response action from the SentinelOne response console.

Occurring on the Old stack 8.16.0

• we are not able to test this on 8.16.0 due to this [Defend Workflows] SentinelOne response actions failing with error: Response validation failed (Error: [data.0.rangerVersion]: expected value of type [string] but got [null]) #202398

Screen-cast

Alerts.-.Kibana.Mozilla.Firefox.2024-12-11.14-43-33.mp4

Error

{"statusCode":500,"error":"Internal Server Error","message":"Attempt to send [downloadAgentFile] to SentinelOne failed: Response validation failed (Error: expected a plain object value, but found [Object] instead.)"}

[elasticmachine]

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[sukhwindersingh-qasource]

Please review this @amolnater-qasource

[amolnater-qasource]

Reviewed & assigned to @dasansol92

[paul-tavares]

PR with fix is up: #203820

target is main and 8.17.1

[paul-tavares]

Fix is merged

[sukhwindersingh-qasource]

Hi @paul-tavares ,

We have validated this ticket on the latest 8.16.2 BC1 build and found the issue is NOT FIXED. ❌

Please find below the testing details

Build Details:
VERSION: 8.16.2 BC1
BUILD: 79858
COMMIT: c5bc2be

Screen Recording :

Alerts.-.Kibana.Mozilla.Firefox.2024-12-17.12-06-25.mp4

Please Let us know if anything else is required from our end.

Thanks!!

[sukhwindersingh-qasource]

Hi @paul-tavares ,

We have validated this ticket on the latest 8.16.3 BC1 build and found the issue is FIXED. ✔

Please find below the testing details

Build Details:

VERSION: 8.16.3 BC1
BUILD: 79924
COMMIT: 2e63133

Screen Recording :

Alerts.-.Kibana.Mozilla.Firefox.2025-01-10.12-09-51.mp4

We will be validating this on 8.17.1, after which the ticket will be closed and marked as QA Validated.

Thanks!!

[sukhwindersingh-qasource]

Hi @paul-tavares ,

We have validated this ticket on the latest 8.17.1 BC3 build and found the issue is FIXED. ✔

Please find below the testing details

Build Details:

VERSION: 8.17.1 BC3
BUILD: 80642
COMMIT: 9b07116

Screen Recording :

Alerts.-.Kibana.Mozilla.Firefox.2025-01-13.12-42-20.mp4

Hence we are closing this ticket and marking it as QA Validated.

Thanks!!