-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution]Adding rule exception from alerts tab is closing all the alerts which match the added exception from other rules also. #145675
Comments
Pinging @elastic/security-solution (Team: SecuritySolution) |
@karanverma-qasource Please review this bug. |
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
@peluja1012 @dhurley14 can you please take a look at this issue? if the described behaviour is not expected this might be a critical/blocker issue. Thanks! |
## Closing alerts from flyout effect only alerts related to this rule Fix: #145675 For the exceptions component, we need to have `rule.rule_id` which wasn't initially in the timeline response. We can't safely use `rule.id`, it is [described here](#120053). Co-authored-by: Kibana Machine <[email protected]>
## Closing alerts from flyout effect only alerts related to this rule Fix: elastic#145675 For the exceptions component, we need to have `rule.rule_id` which wasn't initially in the timeline response. We can't safely use `rule.id`, it is [described here](elastic#120053). Co-authored-by: Kibana Machine <[email protected]> (cherry picked from commit 6102f0e)
# Backport This will backport the following commits from `main` to `8.6`: - [Fix close alerts from flyout (#145939)](#145939) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Khristinin Nikita","email":"[email protected]"},"sourceCommit":{"committedDate":"2022-11-23T17:21:04Z","message":"Fix close alerts from flyout (#145939)\n\n## Closing alerts from flyout effect only alerts related to this rule\r\n\r\nFix: https://github.com/elastic/kibana/issues/145675\r\n\r\nFor the exceptions component, we need to have `rule.rule_id` which\r\nwasn't initially in the timeline response.\r\nWe can't safely use `rule.id`, it is [described\r\nhere](https://github.com/elastic/kibana/pull/120053).\r\n\r\nCo-authored-by: Kibana Machine <[email protected]>","sha":"6102f0e39b1b4053886e1dc6ccd8696fe1bf6967","branchLabelMapping":{"^v8.7.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Security Solution Platform","backport:prev-minor","v8.7.0"],"number":145939,"url":"https://github.com/elastic/kibana/pull/145939","mergeCommit":{"message":"Fix close alerts from flyout (#145939)\n\n## Closing alerts from flyout effect only alerts related to this rule\r\n\r\nFix: https://github.com/elastic/kibana/issues/145675\r\n\r\nFor the exceptions component, we need to have `rule.rule_id` which\r\nwasn't initially in the timeline response.\r\nWe can't safely use `rule.id`, it is [described\r\nhere](https://github.com/elastic/kibana/pull/120053).\r\n\r\nCo-authored-by: Kibana Machine <[email protected]>","sha":"6102f0e39b1b4053886e1dc6ccd8696fe1bf6967"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.7.0","labelRegex":"^v8.7.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/145939","number":145939,"mergeCommit":{"message":"Fix close alerts from flyout (#145939)\n\n## Closing alerts from flyout effect only alerts related to this rule\r\n\r\nFix: https://github.com/elastic/kibana/issues/145675\r\n\r\nFor the exceptions component, we need to have `rule.rule_id` which\r\nwasn't initially in the timeline response.\r\nWe can't safely use `rule.id`, it is [described\r\nhere](https://github.com/elastic/kibana/pull/120053).\r\n\r\nCo-authored-by: Kibana Machine <[email protected]>","sha":"6102f0e39b1b4053886e1dc6ccd8696fe1bf6967"}}]}] BACKPORT--> Co-authored-by: Khristinin Nikita <[email protected]>
We have validated this issue on 8.6.0 BC4 build and observed that issue is Fixed. ✔️ Please find the below Testing Details: Build info
Screen recoding Alerts.-.Kibana.Mozilla.Firefox.2022-11-30.15-24-50.mp4Hence, We are marking this issue as QA Validated!! Thanks!! |
Describe the bug:
Adding rule exception from alerts tab is closing all the alerts which match the added exception from other rules also.
Build Details:
Preconditions
Steps to Reproduce
Actual Result
Adding rule exception from alerts tab is closing all the alerts which match the added exception from other rules also.
Expected Result
Adding rule exception from alerts tab Should close all the alerts which match the added exception of that rules only.
Whats working
It is working correctly when we add exception from rules detail page
Rules.-.Kibana.Mozilla.Firefox.2022-11-18.11-12-19.mp4
Screen-recording
Custom query rule
Alerts.-.Kibana.Mozilla.Firefox.2022-11-18.11-10-12.mp4
Threshold rule
Alerts.-.Kibana.Mozilla.Firefox.2022-11-18.11-08-31.mp4
Eql Rule
Alerts.-.Kibana.Mozilla.Firefox.2022-11-18.11-06-19.mp4
The text was updated successfully, but these errors were encountered: