[Security Solution][Investigations] - Add check for changing alert status from bulk options #169723
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
michaelolo24
added
bug
michaelolo24
force-pushed
the
fix-alert-status-vieweronly
branch
from
f5fde4e to
2010f05
Compare
michaelolo24
commented
Oct 25, 2023
| }); | ||
| }); | ||
|
|
||
| context('Marking alerts as acknowledged', () => { | ||
| context('User is readonly', () => { |
There was a problem hiding this comment.
These are the newly added tests, the other changes are just moving code to an encapsulated space
michaelolo24
force-pushed
the
fix-alert-status-vieweronly
branch
2 times, most recently
from
bef0656 to
d24ef5e
Compare
|
Excellent PR Mike! |
michaelolo24
force-pushed
the
fix-alert-status-vieweronly
branch
2 times, most recently
from
0c04ab9 to
749b3cd
Compare
michaelolo24
changed the title
|
@elasticmachine merge upstream |
1 similar comment
|
@elasticmachine merge upstream |
michaelolo24
force-pushed
the
fix-alert-status-vieweronly
branch
from
950578f to
077760d
Compare
logeekal
approved these changes
Oct 27, 2023
There was a problem hiding this comment.
Thanks @michaelolo24 for these changes. PR looks good. I just add one question.
| }); | ||
|
|
||
| it('should not allow users to change a single alert status', () => { | ||
| cy.get(TIMELINE_CONTEXT_MENU_BTN).should('not.exist'); |
There was a problem hiding this comment.
This will remove complete context menu btn? Are other actions such as Run Osquery , Add to Case, etc are also not allowed?
There was a problem hiding this comment.
I need to update the role used. The Roles.reader affects those as well. Wanted to avoid creating another user, but maybe it's worth it... 🤷🏾♂️
There was a problem hiding this comment.
@yctercero looking at it now. Reader may still be the most accurate. I don't know if there's really a defined role that has cases and osquery write access, but not alert status access?
|
@elasticmachine merge upstream |
michaelolo24
force-pushed
the
fix-alert-status-vieweronly
branch
2 times, most recently
from
201e57f to
a67e86a
Compare
yctercero
approved these changes
Nov 2, 2023
michaelolo24
force-pushed
the
fix-alert-status-vieweronly
branch
from
f30cff8 to
0a4a80b
Compare
jbudz
approved these changes
Nov 3, 2023
michaelolo24
force-pushed
the
fix-alert-status-vieweronly
branch
from
0a4a80b to
338d041
Compare
This comment was marked as outdated.
This comment was marked as outdated.
|
Closing this PR for now as there seems to be issues with utilizing the viewer role. Will re-open a more trimmed down PR. Sorry for the noise! |
michaelolo24
added a commit
that referenced
this pull request
Nov 7, 2023
…atus from bulk options (#170584) ## Summary Addresses #169684 This PR is a re-do of: #169723 (With cypress tests currently skipped until proper role is available). The alert privileges needs to be added for the alert table as it wasn't added when the migration took place. An example of the privileges elsewhere is below: https://github.com/elastic/kibana/blob/75e9d46b4b3a6ff5be4ffc324ba282cea0faea0c/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_alerts_actions.tsx#L33 Fix: https://github.com/elastic/kibana/assets/17211684/7b354906-9b96-4ba8-b30f-4080cf7e7c2f --------- Co-authored-by: Kibana Machine <[email protected]>
michaelolo24
added a commit
to michaelolo24/kibana
that referenced
this pull request
Nov 7, 2023
…atus from bulk options (elastic#170584) ## Summary Addresses elastic#169684 This PR is a re-do of: elastic#169723 (With cypress tests currently skipped until proper role is available). The alert privileges needs to be added for the alert table as it wasn't added when the migration took place. An example of the privileges elsewhere is below: https://github.com/elastic/kibana/blob/75e9d46b4b3a6ff5be4ffc324ba282cea0faea0c/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_alerts_actions.tsx#L33 Fix: https://github.com/elastic/kibana/assets/17211684/7b354906-9b96-4ba8-b30f-4080cf7e7c2f --------- Co-authored-by: Kibana Machine <[email protected]> (cherry picked from commit 3651571) # Conflicts: # x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/alert_status.cy.ts
michaelolo24
added a commit
to michaelolo24/kibana
that referenced
this pull request
Nov 7, 2023
…atus from bulk options (elastic#170584) ## Summary Addresses elastic#169684 This PR is a re-do of: elastic#169723 (With cypress tests currently skipped until proper role is available). The alert privileges needs to be added for the alert table as it wasn't added when the migration took place. An example of the privileges elsewhere is below: https://github.com/elastic/kibana/blob/75e9d46b4b3a6ff5be4ffc324ba282cea0faea0c/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_alerts_actions.tsx#L33 Fix: https://github.com/elastic/kibana/assets/17211684/7b354906-9b96-4ba8-b30f-4080cf7e7c2f --------- Co-authored-by: Kibana Machine <[email protected]> (cherry picked from commit 3651571) # Conflicts: # x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_alerts/alert_status.cy.ts
michaelolo24
referenced
this pull request
Nov 9, 2023
…lert status from bulk options (#170584) (#170780) # Backport This will backport the following commits from `main` to `8.11`: - [[Security Solution][Investigations] - Add check for changing alert status from bulk options (#170584)](#170584) <!--- Backport version: 8.9.8 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Michael Olorunnisola","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-11-07T17:01:23Z","message":"[Security Solution][Investigations] - Add check for changing alert status from bulk options (#170584)\n\n## Summary\r\nAddresses https://github.com/elastic/kibana/issues/169684\r\n\r\nThis PR is a re-do of: https://github.com/elastic/kibana/pull/169723\r\n(With cypress tests currently skipped until proper role is available).\r\nThe alert privileges needs to be added for the alert table as it wasn't\r\nadded when the migration took place. An example of the privileges\r\nelsewhere is below:\r\n\r\nhttps://github.com/elastic/kibana/blob/75e9d46b4b3a6ff5be4ffc324ba282cea0faea0c/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_alerts_actions.tsx#L33\r\n\r\n\r\nFix:\r\n\r\n\r\nhttps://github.com/elastic/kibana/assets/17211684/7b354906-9b96-4ba8-b30f-4080cf7e7c2f\r\n\r\n---------\r\n\r\nCo-authored-by: Kibana Machine <[email protected]>","sha":"36515713a69f6021db8b959b95f7a8ff851b0aa7","branchLabelMapping":{"^v8.12.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:Threat Hunting:Investigations","v8.12.0","v8.11.1","v8.10.5"],"number":170584,"url":"https://github.com/elastic/kibana/pull/170584","mergeCommit":{"message":"[Security Solution][Investigations] - Add check for changing alert status from bulk options (#170584)\n\n## Summary\r\nAddresses https://github.com/elastic/kibana/issues/169684\r\n\r\nThis PR is a re-do of: https://github.com/elastic/kibana/pull/169723\r\n(With cypress tests currently skipped until proper role is available).\r\nThe alert privileges needs to be added for the alert table as it wasn't\r\nadded when the migration took place. An example of the privileges\r\nelsewhere is below:\r\n\r\nhttps://github.com/elastic/kibana/blob/75e9d46b4b3a6ff5be4ffc324ba282cea0faea0c/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_alerts_actions.tsx#L33\r\n\r\n\r\nFix:\r\n\r\n\r\nhttps://github.com/elastic/kibana/assets/17211684/7b354906-9b96-4ba8-b30f-4080cf7e7c2f\r\n\r\n---------\r\n\r\nCo-authored-by: Kibana Machine <[email protected]>","sha":"36515713a69f6021db8b959b95f7a8ff851b0aa7"}},"sourceBranch":"main","suggestedTargetBranches":["8.11","8.10"],"targetPullRequestStates":[{"branch":"main","label":"v8.12.0","labelRegex":"^v8.12.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/170584","number":170584,"mergeCommit":{"message":"[Security Solution][Investigations] - Add check for changing alert status from bulk options (#170584)\n\n## Summary\r\nAddresses https://github.com/elastic/kibana/issues/169684\r\n\r\nThis PR is a re-do of: https://github.com/elastic/kibana/pull/169723\r\n(With cypress tests currently skipped until proper role is available).\r\nThe alert privileges needs to be added for the alert table as it wasn't\r\nadded when the migration took place. An example of the privileges\r\nelsewhere is below:\r\n\r\nhttps://github.com/elastic/kibana/blob/75e9d46b4b3a6ff5be4ffc324ba282cea0faea0c/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_alerts_actions.tsx#L33\r\n\r\n\r\nFix:\r\n\r\n\r\nhttps://github.com/elastic/kibana/assets/17211684/7b354906-9b96-4ba8-b30f-4080cf7e7c2f\r\n\r\n---------\r\n\r\nCo-authored-by: Kibana Machine <[email protected]>","sha":"36515713a69f6021db8b959b95f7a8ff851b0aa7"}},{"branch":"8.11","label":"v8.11.1","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.10","label":"v8.10.5","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Kibana Machine <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Addresses #169684
The alert privileges need to be added for the alert table as it wasn't added when the migration took place. An example of the privileges elsewhere is below:
kibana/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_alerts_actions.tsx
Line 33 in 75e9d46
Fix:
Screen.Recording.2023-10-25.at.12.24.18.PM.mov