[BUG] research.splunk.com not showing datasources correctly when looking at a specific detection

Question

[BUG] research.splunk.com not showing datasources correctly when looking at a specific detection

Closed this issue 4 months ago · 2 comments

Describe the bug

When looking through https://research.splunk.com/detections/ there are detection rules with multiple data sources. If you open up a specific detection rule it seems to only show the first data source in the list of data sources. For example on the detection rule Windows AdFind Exe we see the following data sources from the /detections/ website:
CrowdStrike ProcessRollup2, Windows icon Sysmon EventID 1, Windows icon Windows Event Log Security 4688

But if we open up Windows AdFind Exe specifically https://research.splunk.com/endpoint/bd3b0187-189b-46c0-be45-f52da2bae67f/ it only lists CrowdStrike ProcessRollup2 as a data source.

This seems to be the case with other detection rules as well.

Expected behavior

All data sources should be shown when looking at a specific detection rule.

Screenshots

App Version:

Firefox 131.0.3
Edge Version 130.0.2849.56

Answer 1 · 2024-11-06T15:37:11.000Z

Thanks for the report- we've been tracking this for a bit and are almost ready to ship a fix. We'll circle back and close this once it ships.

Answer 2 · 2024-11-06T18:55:46.000Z

These are now fixed.