[SIEM][Detection Engine] - signals search endpoint not accepting size 0 requests #70613
Labels
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Team:SIEM
Kibana version:
7.8
Describe the bug:
On initial render of the SIEM pages, a 400 error was showing for
POST http://localhost:5601/api/detection_engine/signals/search
. This initial call is being used to populate theLast alert
text that shows at the top of a number of the pages. The reason thesize
was0
is because we weren't interested in the signals themselves, just the timestamp of the last alert. Teamed up with @XavierM and it seems to us that the issue is the server side validation. It may be Hapi misreading the0
asfalse
or our updated validation not accepting size0
.Steps to reproduce:
Expected behavior:
This request should be allowed through to Elastic, as size of 0 is a valid parameter
Screenshots (if relevant):
![bug](https://user-images.githubusercontent.com/10927944/86378599-d4684000-bc57-11ea-928a-1515ea792071.gif)
Errors in browser console (if relevant):
The text was updated successfully, but these errors were encountered: