[Cases] Case action tries to create stack cases on serverless project where stack case are not available #186270
Assignees
Labels
bug
Fixes for quality problems that affect the customer experience
Feature:Cases
Cases feature
Team:ResponseOps
Label for the ResponseOps team (formerly the Cases and Alerting teams)
Comments
cnasikas
added
bug
|
Pinging @elastic/response-ops (Team:ResponseOps) |
|
Pinging @elastic/response-ops-cases (Feature:Cases) |
This was referenced Oct 7, 2024
adcoelho
added a commit
that referenced
this issue
Oct 9, 2024
…5281) Fixes #186270 ## Summary This PR ensures that cases created by the case action in stack management rules in serverless security projects are assigned the correct owner. ### How to test 1. Add the following line to `serverless.yml` - `xpack.cloud.serverless.project_id: test-123` 2. Start elastic search in serverless security mode - `yarn es serverless --projectType security` 3. Start Kibana in serverless security mode - `yarn start --serverless=security` 4. Go to stack and create a rule with the cases action. 5. When an alert is triggered confirm you can view the case in `Security > Cases` --------- Co-authored-by: kibanamachine <[email protected]>
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Oct 9, 2024
…stic#195281) Fixes elastic#186270 ## Summary This PR ensures that cases created by the case action in stack management rules in serverless security projects are assigned the correct owner. ### How to test 1. Add the following line to `serverless.yml` - `xpack.cloud.serverless.project_id: test-123` 2. Start elastic search in serverless security mode - `yarn es serverless --projectType security` 3. Start Kibana in serverless security mode - `yarn start --serverless=security` 4. Go to stack and create a rule with the cases action. 5. When an alert is triggered confirm you can view the case in `Security > Cases` --------- Co-authored-by: kibanamachine <[email protected]> (cherry picked from commit 02cc5a8)
kibanamachine
added a commit
that referenced
this issue
Oct 9, 2024
#195281) (#195600) # Backport This will backport the following commits from `main` to `8.x`: - [[ResponseOps][Cases] Fix case actions bug in serverless security (#195281)](#195281) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Antonio","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-10-09T13:41:20Z","message":"[ResponseOps][Cases] Fix case actions bug in serverless security (#195281)\n\nFixes #186270\r\n\r\n## Summary\r\n\r\nThis PR ensures that cases created by the case action in stack\r\nmanagement rules in serverless security projects are assigned the\r\ncorrect owner.\r\n\r\n\r\n### How to test\r\n\r\n1. Add the following line to `serverless.yml` -\r\n`xpack.cloud.serverless.project_id: test-123`\r\n2. Start elastic search in serverless security mode - `yarn es\r\nserverless --projectType security`\r\n3. Start Kibana in serverless security mode - `yarn start\r\n--serverless=security`\r\n4. Go to stack and create a rule with the cases action.\r\n5. When an alert is triggered confirm you can view the case in `Security\r\n> Cases`\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"02cc5a83b860713bc61868b766deda2c4e114bda","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","Team:ResponseOps","v9.0.0","Feature:Cases","backport:prev-minor","v8.16.0"],"title":"[ResponseOps][Cases] Fix case actions bug in serverless security","number":195281,"url":"https://github.com/elastic/kibana/pull/195281","mergeCommit":{"message":"[ResponseOps][Cases] Fix case actions bug in serverless security (#195281)\n\nFixes #186270\r\n\r\n## Summary\r\n\r\nThis PR ensures that cases created by the case action in stack\r\nmanagement rules in serverless security projects are assigned the\r\ncorrect owner.\r\n\r\n\r\n### How to test\r\n\r\n1. Add the following line to `serverless.yml` -\r\n`xpack.cloud.serverless.project_id: test-123`\r\n2. Start elastic search in serverless security mode - `yarn es\r\nserverless --projectType security`\r\n3. Start Kibana in serverless security mode - `yarn start\r\n--serverless=security`\r\n4. Go to stack and create a rule with the cases action.\r\n5. When an alert is triggered confirm you can view the case in `Security\r\n> Cases`\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"02cc5a83b860713bc61868b766deda2c4e114bda"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/195281","number":195281,"mergeCommit":{"message":"[ResponseOps][Cases] Fix case actions bug in serverless security (#195281)\n\nFixes #186270\r\n\r\n## Summary\r\n\r\nThis PR ensures that cases created by the case action in stack\r\nmanagement rules in serverless security projects are assigned the\r\ncorrect owner.\r\n\r\n\r\n### How to test\r\n\r\n1. Add the following line to `serverless.yml` -\r\n`xpack.cloud.serverless.project_id: test-123`\r\n2. Start elastic search in serverless security mode - `yarn es\r\nserverless --projectType security`\r\n3. Start Kibana in serverless security mode - `yarn start\r\n--serverless=security`\r\n4. Go to stack and create a rule with the cases action.\r\n5. When an alert is triggered confirm you can view the case in `Security\r\n> Cases`\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"02cc5a83b860713bc61868b766deda2c4e114bda"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Antonio <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
In serverless, based on the project type, there is only one place where you can manage cases. For security, security solution cases and for o11y, o11y cases. For the search project cases are not available. Also, stack cases are not available to all project types. Now, if a user tries to create a stack rule with a case action from the stack management rule's page the case action will try to create a stack case. Because stack cases are not available the case action will fail with a
403error.Details
Each case has an
owner. Theownerdenotes to which solution the case belongs to. Cases have their own RBAC model based on theowner. This means that cases created in security solution cannot be viewed or created in o11y and vice-versa. The case action uses the rule'sconsumerto deduct to where it should create the case. If it an o11y in o11y, if it is a security rule in security, and if it is a stack rule it depends on the role visibility selection.DoD
The text was updated successfully, but these errors were encountered: