Echoes level should not render when alerts have no children #1750
Description
Acknowledgements
- I have searched (https://github.com/utmstack/UTMStack/issues) for past instances of this issue
- I have verified that my UTMStack version is up-to-date
Describe the bug
In the Threat Management → Adversary View section, the Sankey chart is misinterpreting the data structure when an alert has no child nodes (echoes).
The visualization still attempts to render the Echoes level even when no echoes exist for that alert.
Regression Issue
- Select this option if this issue appears to be a regression.
Expected Behavior
If an alert has no children/echoes, the Sankey chart should not render the Echoes level.
The graph should only display:
Adversary → Alerts
Current Behavior
The Sankey chart always tries to render all three levels:
Adversary → Alerts → Echoes
Even when the alert has no children, resulting in:
Empty Echo nodes
Incorrect or misleading links
A visual interpretation that suggests echoes exist when they do not
Reproduction Steps
Navigate to Threat Management → Adversary View
Load data where at least one alert has no echoes
Observe the Sankey chart
Notice that the Echoes level is still rendered
Possible Solution
No response
Additional Information/Context
No response
UTMStack Version
11.2.2
Operating System and version
Ubuntu
Hypervisor and Version | Server Vendor and Model
Browser and version
Google Chrome
Metadata
Metadata
Assignees
Labels
Type
Projects
Status