[Security Solution] Adding Actions to Prebuilt Rules Incorrectly Marks Them as Customized #203484
Assignees
Labels
8.18 candidate
bug
Fixes for quality problems that affect the customer experience
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules area
impact:high
Addressing this issue will have a high level of impact on the quality/strength of our product.
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
v8.18.0
Comments
pborgonovi
added
bug
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
I'm unable to repro with the new package version which leads me to believe its the same bug |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description:
When adding an action (e.g., Case) to a prebuilt rule, the rule is incorrectly marked as Customized (is_customized: true). Adding actions should not categorize a prebuilt rule as customized.
Kibana/Elasticsearch Stack version:
8.x
Functional Area (e.g. Endpoint management, timelines, resolver, etc.):
Prebuilt Rules
Pre requisites:
prebuiltRulesCustomizationEnabledflag is enabledSteps to reproduce:
Current behavior:
The rule is marked as Customized (is_customized: true) after adding an action.
Expected behavior:
Adding actions to prebuilt rules should not categorize the rule as customized.
Evidences:
Screen.Recording.2024-12-09.at.10.41.58.AM.mov
The text was updated successfully, but these errors were encountered: