Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Some default values on IM rule creation are not present #130770

Closed
MadameSheema opened this issue Apr 21, 2022 · 7 comments · Fixed by #132834 or #133160
Closed

[Security Solution] Some default values on IM rule creation are not present #130770

MadameSheema opened this issue Apr 21, 2022 · 7 comments · Fixed by #132834 or #133160
Assignees
@banderror @nkhristinin
Labels
8.3 candidate bug Fixes for quality problems that affect the customer experience Feature:Indicator Match Rule Security Solution Indicator Match rule type Feature:Rule Creation Security Solution Detection Rule Creation workflow fixed impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team:Security Solution Platform Security Solution Platform Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.3.0

Comments

@MadameSheema
Copy link
Member

Describe the bug:

  • Some default values on IM rule creation are not present

Kibana/Elasticsearch Stack version:

Steps to reproduce:

  1. Create an indicator match rule

Current behavior:

  • Some expected default values are not present

Expected behavior:

  • All the expected values are present

Additional information:

  • This issue is making some Cypress tests fail that needs to be skipped.
@MadameSheema MadameSheema added bug Fixes for quality problems that affect the customer experience triage_needed Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Apr 21, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@MadameSheema MadameSheema mentioned this issue Apr 21, 2022
Merged
@banderror banderror added Team:Detections and Resp Security Detection Response Team Feature:Rule Management Security Solution Detection Rule Management area Team:Detection Rule Management Security Detection Rule Management Team labels Apr 21, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@banderror banderror self-assigned this Apr 21, 2022
@banderror
Copy link
Contributor

banderror commented Apr 21, 2022
edited
Loading

More details regarding what's missing when you open a Rule Creation page and select the Indicator Match rule type:

  • Custom query: expected a default value, actual empty.
  • Indicator prefix override: expected a default value, actual empty.
  • Schedule:
    • Runs every: expected 1 hours, actual 5 minutes.
    • Look-back: expected 5 minutes, actual 1 minute.

@banderror banderror mentioned this issue Apr 21, 2022
Closed
@banderror banderror linked a pull request Apr 21, 2022 that will close this issue
[Security Solution][Detections] Fix rule creation/editing forms #130825
Closed
@banderror banderror added impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. 8.3 candidate v8.3.0 labels Apr 26, 2022
@MadameSheema MadameSheema mentioned this issue May 4, 2022
Closed
@peluja1012 peluja1012 added Feature:Rule Creation Security Solution Detection Rule Creation workflow Feature:Indicator Match Rule Security Solution Indicator Match rule type Team:Security Solution Platform Security Solution Platform Team and removed Feature:Rule Management Security Solution Detection Rule Management area labels May 19, 2022
@peluja1012
Copy link
Contributor

Hey @banderror, the security platform team could help with this one. @yctercero I added it to your board.

@banderror
Copy link
Contributor

Ok cool, thank you. @yctercero I was going to get back to this one post-FF after the epic I'm working on right now. If/when you get a chance to look into it before that, please ping me. There's an in-progress #130825 that needs to be finalized that addresses this and one more related bug.

@nkhristinin nkhristinin mentioned this issue May 25, 2022
Merged
1 task
banderror pushed a commit that referenced this issue May 30, 2022
@nkhristinin
Security form fix (#132834)
52bdf9a 
**Addresses:** #130767, #130770

Related to [this PR](#130825).

@banderror described the reason for the problems in his PR. There was [ask ](#130825 (review)) to not return the `useEffect` to the form lib.

The fix of the form clears the values [in this commit](df0b7bb)

Then I cherry-pick commits from @banderror PR to fix form stripping undefined values and also fixed some tests

### Checklist

Delete any items that are not applicable to this PR.

- [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
@banderror banderror removed a link to a pull request May 30, 2022
[Security Solution][Detections] Fix rule creation/editing forms #130825
Closed
@banderror banderror linked a pull request May 30, 2022 that will close this issue
Security form fix #132834
Merged
1 task
kibanamachine pushed a commit that referenced this issue May 30, 2022
@nkhristinin
Security form fix (#132834)
2badeea 
**Addresses:** #130767, #130770

Related to [this PR](#130825).

@banderror described the reason for the problems in his PR. There was [ask ](#130825 (review)) to not return the `useEffect` to the form lib.

The fix of the form clears the values [in this commit](df0b7bb)

Then I cherry-pick commits from @banderror PR to fix form stripping undefined values and also fixed some tests

### Checklist

Delete any items that are not applicable to this PR.

- [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios

(cherry picked from commit 52bdf9a)
@banderror
Copy link
Contributor

Fixed in #132834

banderror pushed a commit to banderror/kibana that referenced this issue May 30, 2022
@nkhristinin @banderror
Security form fix (elastic#132834)
c138f0e 
**Addresses:** elastic#130767, elastic#130770

Related to [this PR](elastic#130825).

@banderror described the reason for the problems in his PR. There was [ask ](elastic#130825 (review)) to not return the `useEffect` to the form lib.

The fix of the form clears the values [in this commit](elastic@df0b7bb)

Then I cherry-pick commits from @banderror PR to fix form stripping undefined values and also fixed some tests

### Checklist

Delete any items that are not applicable to this PR.

- [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios

(cherry picked from commit 52bdf9a)
@banderror banderror linked a pull request May 30, 2022 that will close this issue
[8.3] Security form fix (#132834) #133160
Merged
kibanamachine added a commit that referenced this issue May 30, 2022
@kibanamachine @nkhristinin
Security form fix (#132834) (#133160)
7577370 
**Addresses:** #130767, #130770

Related to [this PR](#130825).

@banderror described the reason for the problems in his PR. There was [ask ](#130825 (review)) to not return the `useEffect` to the form lib.

The fix of the form clears the values [in this commit](df0b7bb)

Then I cherry-pick commits from @banderror PR to fix form stripping undefined values and also fixed some tests

### Checklist

Delete any items that are not applicable to this PR.

- [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios

(cherry picked from commit 52bdf9a)

Co-authored-by: Khristinin Nikita <[email protected]>
@ghost
Copy link

ghost commented Jun 6, 2022

Hi @banderror ,

We have validated this issue on 8.3.0 BC2 and observed that issue is now Fixed. 🟢

  • threat.indicator value is displayed under Indicator prefix override
    filed by default

Please find below the testing details:

Build Details:

Version : 8.3.0 BC2
Build : 53231
Commit : 25476b531ba9f32292bde85508d342aa5e1c29eb

Screenshots

indicator.mp4

Hence, We are closing this issue and marking as QA Validated

cc: @MadameSheema
Thanks!!

@ghost ghost added the QA:Validated Issue has been validated by QA label Jun 6, 2022
@ghost ghost closed this as completed Jun 6, 2022
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@banderror banderror

@nkhristinin nkhristinin

Labels
8.3 candidate bug Fixes for quality problems that affect the customer experience Feature:Indicator Match Rule Security Solution Indicator Match rule type Feature:Rule Creation Security Solution Detection Rule Creation workflow fixed impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team:Security Solution Platform Security Solution Platform Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.3.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Security form fix nkhristinin/kibana
[8.3] Security form fix (#132834) elastic/kibana
5 participants
@peluja1012 @banderror @nkhristinin @elasticmachine @MadameSheema