[ResponseOps][Rules] Fix case action templates in stack for security serverless #195599
Labels
bug
Fixes for quality problems that affect the customer experience
Feature:Alerting/RuleActions
Issues related to the Actions attached to Rules on the Alerting Framework
Team:ResponseOps
Label for the ResponseOps team (formerly the Cases and Alerting teams)
Comments
adcoelho
added
bug
|
Pinging @elastic/response-ops (Team:ResponseOps) |
adcoelho
added a commit
that referenced
this issue
Oct 14, 2024
…serverless (#195763) Fixes #195599 ## Summary This PR ensures that we can use templates in the case action when: 1. the project is serverless security, and 2. the rule is created in stack management ### How to test 1. Add the following line to `serverless.yml` - `xpack.cloud.serverless.project_id: test-123` 3. Start Elastic search in serverless security mode - `yarn es serverless --projectType security` 4. Start Kibana in serverless security mode - `yarn start --serverless=security` 5. Go to Security > Cases > Settings and add a template. 6. Go to stack and create a rule with the case action. 7. Confirm the template created in step 5 can be selected. <img width="586" alt="Screenshot 2024-10-10 at 15 00 46" src="https://github.com/user-attachments/assets/5379e1d1-f0eb-4829-9604-ee5a0e3d050b"> **Please double-check also that the templates in the case action still work as expected in normal scenarios.** --------- Co-authored-by: kibanamachine <[email protected]>
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Oct 14, 2024
…serverless (elastic#195763) Fixes elastic#195599 ## Summary This PR ensures that we can use templates in the case action when: 1. the project is serverless security, and 2. the rule is created in stack management ### How to test 1. Add the following line to `serverless.yml` - `xpack.cloud.serverless.project_id: test-123` 3. Start Elastic search in serverless security mode - `yarn es serverless --projectType security` 4. Start Kibana in serverless security mode - `yarn start --serverless=security` 5. Go to Security > Cases > Settings and add a template. 6. Go to stack and create a rule with the case action. 7. Confirm the template created in step 5 can be selected. <img width="586" alt="Screenshot 2024-10-10 at 15 00 46" src="https://github.com/user-attachments/assets/5379e1d1-f0eb-4829-9604-ee5a0e3d050b"> **Please double-check also that the templates in the case action still work as expected in normal scenarios.** --------- Co-authored-by: kibanamachine <[email protected]> (cherry picked from commit 97322a8)
kibanamachine
added a commit
that referenced
this issue
Oct 14, 2024
…urity serverless (#195763) (#196110) # Backport This will backport the following commits from `main` to `8.x`: - [[ResponseOps][Rules] Fix case action templates in stack for security serverless (#195763)](#195763) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Antonio","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-10-14T11:25:29Z","message":"[ResponseOps][Rules] Fix case action templates in stack for security serverless (#195763)\n\nFixes #195599\r\n\r\n## Summary\r\n\r\nThis PR ensures that we can use templates in the case action when:\r\n1. the project is serverless security, and\r\n2. the rule is created in stack management\r\n\r\n### How to test\r\n\r\n1. Add the following line to `serverless.yml` -\r\n`xpack.cloud.serverless.project_id: test-123`\r\n3. Start Elastic search in serverless security mode - `yarn es\r\nserverless --projectType security`\r\n4. Start Kibana in serverless security mode - `yarn start\r\n--serverless=security`\r\n5. Go to Security > Cases > Settings and add a template.\r\n6. Go to stack and create a rule with the case action.\r\n7. Confirm the template created in step 5 can be selected.\r\n\r\n<img width=\"586\" alt=\"Screenshot 2024-10-10 at 15 00 46\"\r\nsrc=\"https://github.com/user-attachments/assets/5379e1d1-f0eb-4829-9604-ee5a0e3d050b\">\r\n\r\n**Please double-check also that the templates in the case action still\r\nwork as expected in normal scenarios.**\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"97322a871357ba69e7c64543831fbf1597ca8ff9","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","Team:ResponseOps","v9.0.0","Feature:Cases","backport:prev-minor","v8.16.0"],"title":"[ResponseOps][Rules] Fix case action templates in stack for security serverless","number":195763,"url":"https://github.com/elastic/kibana/pull/195763","mergeCommit":{"message":"[ResponseOps][Rules] Fix case action templates in stack for security serverless (#195763)\n\nFixes #195599\r\n\r\n## Summary\r\n\r\nThis PR ensures that we can use templates in the case action when:\r\n1. the project is serverless security, and\r\n2. the rule is created in stack management\r\n\r\n### How to test\r\n\r\n1. Add the following line to `serverless.yml` -\r\n`xpack.cloud.serverless.project_id: test-123`\r\n3. Start Elastic search in serverless security mode - `yarn es\r\nserverless --projectType security`\r\n4. Start Kibana in serverless security mode - `yarn start\r\n--serverless=security`\r\n5. Go to Security > Cases > Settings and add a template.\r\n6. Go to stack and create a rule with the case action.\r\n7. Confirm the template created in step 5 can be selected.\r\n\r\n<img width=\"586\" alt=\"Screenshot 2024-10-10 at 15 00 46\"\r\nsrc=\"https://github.com/user-attachments/assets/5379e1d1-f0eb-4829-9604-ee5a0e3d050b\">\r\n\r\n**Please double-check also that the templates in the case action still\r\nwork as expected in normal scenarios.**\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"97322a871357ba69e7c64543831fbf1597ca8ff9"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/195763","number":195763,"mergeCommit":{"message":"[ResponseOps][Rules] Fix case action templates in stack for security serverless (#195763)\n\nFixes #195599\r\n\r\n## Summary\r\n\r\nThis PR ensures that we can use templates in the case action when:\r\n1. the project is serverless security, and\r\n2. the rule is created in stack management\r\n\r\n### How to test\r\n\r\n1. Add the following line to `serverless.yml` -\r\n`xpack.cloud.serverless.project_id: test-123`\r\n3. Start Elastic search in serverless security mode - `yarn es\r\nserverless --projectType security`\r\n4. Start Kibana in serverless security mode - `yarn start\r\n--serverless=security`\r\n5. Go to Security > Cases > Settings and add a template.\r\n6. Go to stack and create a rule with the case action.\r\n7. Confirm the template created in step 5 can be selected.\r\n\r\n<img width=\"586\" alt=\"Screenshot 2024-10-10 at 15 00 46\"\r\nsrc=\"https://github.com/user-attachments/assets/5379e1d1-f0eb-4829-9604-ee5a0e3d050b\">\r\n\r\n**Please double-check also that the templates in the case action still\r\nwork as expected in normal scenarios.**\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"97322a871357ba69e7c64543831fbf1597ca8ff9"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Antonio <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
When creating cases using the case action in a rule the user can pick a template to populate some of the case's fields.
To show the available templates we use the case settings from the application where the rule is being created. Security Case Settings when creating a Security Rule, Stack Cases when creating a stack rule, etc.
The problem here is similar to what happened with #186270. For security serverless projects there are no cases in stack management so the cases action creates a case in security.
It would now make sense that the case action showed templates from security case settings.
How to reproduce
DoD
The text was updated successfully, but these errors were encountered: