[7.x] [Security Solution][Detection Engine] Fixes agnostic type bug (#108610) #108745
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…c#108610) ## Summary Fixes agnostic type bug where in part 1 (elastic#108225), I incorrectly used the same saved object type for both `single` and `agnostic`. Before the references for SO's were: ```json "references" : [ { "name" : "param:exceptionsList_0", "id" : "endpoint_list", "type" : "exception-list" <--- This should have been "exception-list-agnostic" type }, { "name" : "param:exceptionsList_1", "id" : "50e3bd70-ef1b-11eb-ad71-7de7959be71c", "type" : "exception-list" } ], ``` After: ```json "references" : [ { "name" : "param:exceptionsList_0", "id" : "endpoint_list", "type" : "exception-list-agnostic" <--- This should now be the "exception-list-agnostic" type }, { "name" : "param:exceptionsList_1", "id" : "50e3bd70-ef1b-11eb-ad71-7de7959be71c", "type" : "exception-list" } ], ``` Manual testing: Add a new `security_solution` alert and exception list as well as an endpoint list to it. Then save it <img width="1581" alt="Screen Shot 2021-08-13 at 5 00 39 PM" src="https://user-images.githubusercontent.com/1151048/129425847-78025aba-6d7a-4a5a-9d4f-950ec664596c.png"> <img width="1571" alt="Screen Shot 2021-08-13 at 5 00 47 PM" src="https://user-images.githubusercontent.com/1151048/129425848-42018331-cac6-4411-8153-3441a8af6f34.png"> Do this query in dev tools: ```json GET .kibana-hassanabad19/_search { "query": { "terms": { "alert.alertTypeId": [ "siem.signals" ] } }, "size": 10000 } ``` And check to ensure that the references look like the after picture where type has : `"type" : "exception-list-agnostic"` if we have an agnostic list. Ensure that on a page reload that the exception types are still there on the rule. Ensure that there are no errors in the console about not finding the correct SO type or anything else odd. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
1 task
💚 Build SucceededMetrics [docs]
To update your PR or re-run it, just comment with: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backports the following commits to 7.x: