[Security Solution] Able to create a rule by adding only a filter without adding any query #139080
Comments
ghost
added
bug
ghost
self-assigned this
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
@deepikakeshav-qasource I think this behavior is expected and correct. If the user specifies at least one filter, it will be used to build the final rule's query when the rule runs, so that query in the UI can be left empty. Query in the UI must be specified only if the user doesn't add any filters. @peluja1012 please correct me if I'm wrong. |
|
Hi @banderror, Thank you for sharing details!! If this is expected, Then we can enable the preview results button as well if user is able to create a rule by adding only a filter without adding any query!! Thank you!! |
++ That makes sense to me @deepikakeshav-qasource 👍 May I ask you to please open a separate bug for that? |
|
Hi @banderror , We have opened a separate bug for preview Results. We are good to close this ticket as it is working as expected. Please let us know if any other action is required on this ticket. Thanks you!! |
|
I'm going to double-check with @peluja1012 later today if we can close this one. Thank you! |
|
Alright, we can close it. |
Describe the bug
Able to create a rule by adding only a filter without adding any query
Build info
Preconditions
Steps to Reproduce
Actual Result
Able to create a rule by adding only a filter without adding any query
Expected Result
User should not be able to create the rule without adding any query
Or
Preview button should be enable if user is able to create a rule by adding only a filter without adding any query
Screen-cast
rule.with.filter.mp4
rule.zip
The text was updated successfully, but these errors were encountered: