Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] Unable to select the custom field when create the endpoint exception #149814

Closed
ghost opened this issue Jan 30, 2023 · 6 comments
Assignees
Labels
bug Fixes for quality problems that affect the customer experience Feature:Rule Exceptions Security Solution Detection Rule Exceptions area fixed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team:Detections and Resp Security Detection Response Team Team:Security Solution Platform Security Solution Platform Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.7.0

Comments

@ghost
Copy link

ghost commented Jan 30, 2023

Describe the bug
Unable to select the custom field when create the endpoint exception

Build info

VERSION: 8.7.0 Snapshot
BUILD: 60186
COMMIT: 457aeb875025d04b9c1264da1e2c61b7dd95120b

Preconditions

  • Kibana should be running
  • Malware alerts should be created

Steps to Reproduce

  • Navigate to Security > Alerts page
  • Click on endpoint exception
  • Delete all pre filled fields
  • Add the custom field and select the same
  • Observe that unable to select the custom field

Actual Result

  • Unable to select the custom field when create the endpoint exception

Expected Result

  • User should be able to select the custom field when create the endpoint exception

Screen-cast

Alerts.-.Kibana.-.Google.Chrome.2023-01-30.14-00-33.mp4
@ghost ghost added bug Fixes for quality problems that affect the customer experience triage_needed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.7.0 labels Jan 30, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@ghost
Copy link
Author

ghost commented Jan 30, 2023

@karanbirsingh-qasource please review!!

@ghost ghost assigned MadameSheema Jan 30, 2023
@MadameSheema MadameSheema added Team:Detections and Resp Security Detection Response Team Team:Security Solution Platform Security Solution Platform Team labels Jan 30, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@peluja1012 peluja1012 added Feature:Rule Exceptions Security Solution Detection Rule Exceptions area and removed triage_needed labels Feb 10, 2023
@yctercero yctercero assigned yctercero and unassigned dhurley14 Feb 22, 2023
@yctercero
Copy link
Contributor

After chatting with @peluja1012 - the desired behavior is that users not write in a custom option for endpoint and that it stays as it has been where for endpoint they just select from whitelisted fields in the UI.

@MadameSheema
Copy link
Member

Thanks @yctercero!! That mean custom fields are not part of that whitelisted fields?

yctercero added a commit that referenced this issue Mar 8, 2023
…stom field option for endpoint exception (#152619)

## Summary

Addresses #149814
kibanamachine pushed a commit to kibanamachine/kibana that referenced this issue Mar 8, 2023
…stom field option for endpoint exception (elastic#152619)

## Summary

Addresses elastic#149814

(cherry picked from commit 586f9a1)
kibanamachine referenced this issue Mar 8, 2023
… in custom field option for endpoint exception (#152619) (#152882)

# Backport

This will backport the following commits from `main` to `8.7`:
- [[Security Solution][Exceptions] - Fix bug allowing user to type in
custom field option for endpoint exception
(#152619)](#152619)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Yara
Tercero","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-03-08T08:32:16Z","message":"[Security
Solution][Exceptions] - Fix bug allowing user to type in custom field
option for endpoint exception (#152619)\n\n## Summary\r\n\r\nAddresses
https://github.com/elastic/kibana/issues/149814","sha":"586f9a14613ce2f22836affe4c1f6c56181e6836","branchLabelMapping":{"^v8.8.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","Team:
SecuritySolution","Feature:Rule Exceptions","Team:Security Solution
Platform","backport:prev-minor","v8.7.0","v8.8.0"],"number":152619,"url":"https://github.com/elastic/kibana/pull/152619","mergeCommit":{"message":"[Security
Solution][Exceptions] - Fix bug allowing user to type in custom field
option for endpoint exception (#152619)\n\n## Summary\r\n\r\nAddresses
https://github.com/elastic/kibana/issues/149814","sha":"586f9a14613ce2f22836affe4c1f6c56181e6836"}},"sourceBranch":"main","suggestedTargetBranches":["8.7"],"targetPullRequestStates":[{"branch":"8.7","label":"v8.7.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.8.0","labelRegex":"^v8.8.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/152619","number":152619,"mergeCommit":{"message":"[Security
Solution][Exceptions] - Fix bug allowing user to type in custom field
option for endpoint exception (#152619)\n\n## Summary\r\n\r\nAddresses
https://github.com/elastic/kibana/issues/149814","sha":"586f9a14613ce2f22836affe4c1f6c56181e6836"}}]}]
BACKPORT-->

Co-authored-by: Yara Tercero <[email protected]>
@yctercero yctercero added the fixed label Mar 9, 2023
bmorelli25 pushed a commit to bmorelli25/kibana that referenced this issue Mar 10, 2023
…stom field option for endpoint exception (elastic#152619)

## Summary

Addresses elastic#149814
@ghost
Copy link

ghost commented Mar 24, 2023

Hi @MadameSheema

we have validated this issue on 8.7.0 BC9 and found the issue to be fixed ✔️ . The Custom field is not the part of exception field modal selection.

Build Details:

Version: 8.7.0 BC9
Commit: 8eda067283f541c673beb406ae5480da6dab9296
Build: 61093

Screen-Cast:

image

Alerts.-.Kibana.Mozilla.Firefox.2023-03-24.11-06-45.mp4

Hence we are closing this issue and adding QA:Validated tag to it.

thanks !!

@ghost ghost closed this as completed Mar 24, 2023
@ghost ghost added the QA:Validated Issue has been validated by QA label Mar 24, 2023
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Fixes for quality problems that affect the customer experience Feature:Rule Exceptions Security Solution Detection Rule Exceptions area fixed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team:Detections and Resp Security Detection Response Team Team:Security Solution Platform Security Solution Platform Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.7.0
Projects
None yet
Development

No branches or pull requests

5 participants