Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SECURITY_SOLUTIONS] Only query security alerts with current user #174216

Merged
merged 8 commits into from
Jan 4, 2024
Merged

[SECURITY_SOLUTIONS] Only query security alerts with current user #174216

merged 8 commits into from
Jan 4, 2024

Conversation

XavierM
Copy link
Contributor

@XavierM XavierM commented Jan 3, 2024
edited by kibanamachine
Loading

Summary

We just got an SDH#814 that tell us that some feature like KPIs and grouping are not acting as they should be.

@PhilippeOberti is doing an investigation to check which feature has been impacted by this bug. This bug has been introduced in this #112113 since 8.0.0

I think this simple solution should not impact any features.

@XavierM XavierM added bug Fixes for quality problems that affect the customer experience release_note:fix impact:critical This issue should be addressed immediately due to a critical level of impact on the product. Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) Team:Detection Alerts Security Detection Alerts Area Team v8.12.0 v8.11.4 labels Jan 3, 2024
@XavierM XavierM force-pushed the alert-use-current-user branch from f26b804 to 6db785b Compare January 3, 2024 19:57
@elastic elastic deleted a comment from PhilippeOberti Jan 4, 2024
@XavierM XavierM marked this pull request as ready for review January 4, 2024 19:02
@XavierM XavierM requested a review from a team as a code owner January 4, 2024 19:02
@XavierM XavierM requested a review from nkhristinin January 4, 2024 19:02
@elasticmachine
Copy link
Contributor

Pinging @elastic/response-ops (Team:ResponseOps)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-engine (Team:Detection Alerts)

marshallmain
marshallmain approved these changes Jan 4, 2024
View reviewed changes
Copy link
Contributor

@marshallmain marshallmain left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code changes and tests LGTM, thanks for the quick turnaround on this!

...ution_api_integration/test_suites/detections_response/default_license/alerts/query_alerts.ts Outdated
],
},
};
const roleToAccessSecuritySolutionWithDsl = {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: all instances of dsl should be dls

Copy link
Contributor Author

@XavierM XavierM Jan 4, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh Zut, I will change that

@XavierM XavierM enabled auto-merge (squash) January 4, 2024 21:10
@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@XavierM XavierM merged commit 4af36fe into elastic:main Jan 4, 2024
37 checks passed
@kibanamachine kibanamachine mentioned this pull request Jan 4, 2024
Merged
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Jan 4, 2024
@XavierM
[SECURITY_SOLUTIONS] Only query security alerts with current user (el…
187a163 
…astic#174216)

## Summary

We just got an
[SDH#814](elastic/sdh-security-team#814) that
tell us that some feature like `KPIs` and `grouping` are not acting as
they should be.

@PhilippeOberti is doing an investigation to check which feature has
been impacted by this bug. This bug has been introduced in this
elastic#112113 since 8.0.0

I think this simple solution should not impact any features.

(cherry picked from commit 4af36fe)
@kibanamachine
Copy link
Contributor

💔 Some backports could not be created

Status Branch Result
8.11 Backport failed because of merge conflicts
8.12

Note: Successful backport PRs will be merged automatically after passing CI.

Manual backport

To create the backport manually run:

node scripts/backport --pr 174216

Questions ?

Please refer to the Backport tool documentation

XavierM added a commit that referenced this pull request Jan 4, 2024
@XavierM
[SECURITY_SOLUTIONS] Only query security alerts with current user (#1…
e9e2eaf 
…74216)

We just got an
[SDH#814](elastic/sdh-security-team#814) that
tell us that some feature like `KPIs` and `grouping` are not acting as
they should be.

@PhilippeOberti is doing an investigation to check which feature has
been impacted by this bug. This bug has been introduced in this
#112113 since 8.0.0

I think this simple solution should not impact any features.

(cherry picked from commit 4af36fe)
@XavierM XavierM mentioned this pull request Jan 4, 2024
Merged
kibanamachine added a commit that referenced this pull request Jan 4, 2024
@kibanamachine @XavierM
[8.12] [SECURITY_SOLUTIONS] Only query security alerts with current u…
23b6f02 
…ser (#174216) (#174304)

# Backport

This will backport the following commits from `main` to `8.12`:
- [[SECURITY_SOLUTIONS] Only query security alerts with current user
(#174216)](#174216)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Xavier
Mouligneau","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-01-04T21:41:30Z","message":"[SECURITY_SOLUTIONS]
Only query security alerts with current user (#174216)\n\n##
Summary\r\n\r\nWe just got
an\r\n[SDH#814](elastic/sdh-security-team#814)
that\r\ntell us that some feature like `KPIs` and `grouping` are not
acting as\r\nthey should be.\r\n\r\n@PhilippeOberti is doing an
investigation to check which feature has\r\nbeen impacted by this bug.
This bug has been introduced in
this\r\nhttps://github.com//pull/112113 since
8.0.0\r\n\r\nI think this simple solution should not impact any
features.","sha":"4af36fece290263c4fd86f0e06d3e12bdb05f81b","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","blocker","release_note:fix","impact:critical","Team:ResponseOps","Team:Detection
Alerts","v8.12.0","v8.13.0","v8.11.4"],"title":"[SECURITY_SOLUTIONS]
Only query security alerts with current
user","number":174216,"url":"https://github.com/elastic/kibana/pull/174216","mergeCommit":{"message":"[SECURITY_SOLUTIONS]
Only query security alerts with current user (#174216)\n\n##
Summary\r\n\r\nWe just got
an\r\n[SDH#814](elastic/sdh-security-team#814)
that\r\ntell us that some feature like `KPIs` and `grouping` are not
acting as\r\nthey should be.\r\n\r\n@PhilippeOberti is doing an
investigation to check which feature has\r\nbeen impacted by this bug.
This bug has been introduced in
this\r\nhttps://github.com//pull/112113 since
8.0.0\r\n\r\nI think this simple solution should not impact any
features.","sha":"4af36fece290263c4fd86f0e06d3e12bdb05f81b"}},"sourceBranch":"main","suggestedTargetBranches":["8.12","8.11"],"targetPullRequestStates":[{"branch":"8.12","label":"v8.12.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.13.0","branchLabelMappingKey":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/174216","number":174216,"mergeCommit":{"message":"[SECURITY_SOLUTIONS]
Only query security alerts with current user (#174216)\n\n##
Summary\r\n\r\nWe just got
an\r\n[SDH#814](elastic/sdh-security-team#814)
that\r\ntell us that some feature like `KPIs` and `grouping` are not
acting as\r\nthey should be.\r\n\r\n@PhilippeOberti is doing an
investigation to check which feature has\r\nbeen impacted by this bug.
This bug has been introduced in
this\r\nhttps://github.com//pull/112113 since
8.0.0\r\n\r\nI think this simple solution should not impact any
features.","sha":"4af36fece290263c4fd86f0e06d3e12bdb05f81b"}},{"branch":"8.11","label":"v8.11.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Xavier Mouligneau <[email protected]>
XavierM added a commit that referenced this pull request Jan 5, 2024
@XavierM @kibanamachine
[8.11] [SECURITY_SOLUTIONS] Only query security alerts with current u…
4273961 
…ser (#174216) (#174306)

# Backport

This will backport the following commits from `main` to `8.11`:
- [[SECURITY_SOLUTIONS] Only query security alerts with current user
(#174216)](#174216)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Xavier
Mouligneau","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-01-04T21:41:30Z","message":"[SECURITY_SOLUTIONS]
Only query security alerts with current user (#174216)\n\n##
Summary\r\n\r\nWe just got
an\r\n[SDH#814](elastic/sdh-security-team#814)
that\r\ntell us that some feature like `KPIs` and `grouping` are not
acting as\r\nthey should be.\r\n\r\n@PhilippeOberti is doing an
investigation to check which feature has\r\nbeen impacted by this bug.
This bug has been introduced in
this\r\nhttps://github.com//pull/112113 since
8.0.0\r\n\r\nI think this simple solution should not impact any
features.","sha":"4af36fece290263c4fd86f0e06d3e12bdb05f81b","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","blocker","release_note:fix","impact:critical","Team:ResponseOps","Team:Detection
Alerts","v8.12.0","v8.13.0","v8.11.4"],"title":"[SECURITY_SOLUTIONS]
Only query security alerts with current
user","number":174216,"url":"https://github.com/elastic/kibana/pull/174216","mergeCommit":{"message":"[SECURITY_SOLUTIONS]
Only query security alerts with current user (#174216)\n\n##
Summary\r\n\r\nWe just got
an\r\n[SDH#814](elastic/sdh-security-team#814)
that\r\ntell us that some feature like `KPIs` and `grouping` are not
acting as\r\nthey should be.\r\n\r\n@PhilippeOberti is doing an
investigation to check which feature has\r\nbeen impacted by this bug.
This bug has been introduced in
this\r\nhttps://github.com//pull/112113 since
8.0.0\r\n\r\nI think this simple solution should not impact any
features.","sha":"4af36fece290263c4fd86f0e06d3e12bdb05f81b"}},"sourceBranch":"main","suggestedTargetBranches":["8.12","8.11"],"targetPullRequestStates":[{"branch":"8.12","label":"v8.12.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.13.0","branchLabelMappingKey":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/174216","number":174216,"mergeCommit":{"message":"[SECURITY_SOLUTIONS]
Only query security alerts with current user (#174216)\n\n##
Summary\r\n\r\nWe just got
an\r\n[SDH#814](elastic/sdh-security-team#814)
that\r\ntell us that some feature like `KPIs` and `grouping` are not
acting as\r\nthey should be.\r\n\r\n@PhilippeOberti is doing an
investigation to check which feature has\r\nbeen impacted by this bug.
This bug has been introduced in
this\r\nhttps://github.com//pull/112113 since
8.0.0\r\n\r\nI think this simple solution should not impact any
features.","sha":"4af36fece290263c4fd86f0e06d3e12bdb05f81b"}},{"branch":"8.11","label":"v8.11.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

---------

Co-authored-by: Kibana Machine <[email protected]>
@marshallmain marshallmain mentioned this pull request Jan 11, 2024
Merged
marshallmain added a commit that referenced this pull request Jan 22, 2024
@marshallmain
[Security Solution] Use current user instead of internal user when qu…
f87a348 
…erying for threshold rule history (#174723)

## Summary

Follow up to #174216
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Jan 22, 2024
@marshallmain
[Security Solution] Use current user instead of internal user when qu…
86db5ee 
…erying for threshold rule history (elastic#174723)

## Summary

Follow up to elastic#174216

(cherry picked from commit f87a348)
kibanamachine referenced this pull request Jan 22, 2024
@kibanamachine @marshallmain
[8.12] [Security Solution] Use current user instead of internal user …
ced122e 
…when querying for threshold rule history (#174723) (#175270)

# Backport

This will backport the following commits from `main` to `8.12`:
- [[Security Solution] Use current user instead of internal user when
querying for threshold rule history
(#174723)](#174723)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Marshall
Main","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-01-22T21:22:07Z","message":"[Security
Solution] Use current user instead of internal user when querying for
threshold rule history (#174723)\n\n## Summary\r\n\r\nFollow up to
https://github.com/elastic/kibana/pull/174216","sha":"f87a34838659fed1bd22f21f9de0bc1162ae917b","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection
Engine","v8.12.1","v8.13.0"],"title":"[Security Solution] Use current
user instead of internal user when querying for threshold rule
history","number":174723,"url":"https://github.com/elastic/kibana/pull/174723","mergeCommit":{"message":"[Security
Solution] Use current user instead of internal user when querying for
threshold rule history (#174723)\n\n## Summary\r\n\r\nFollow up to
https://github.com/elastic/kibana/pull/174216","sha":"f87a34838659fed1bd22f21f9de0bc1162ae917b"}},"sourceBranch":"main","suggestedTargetBranches":["8.12"],"targetPullRequestStates":[{"branch":"8.12","label":"v8.12.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.13.0","branchLabelMappingKey":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/174723","number":174723,"mergeCommit":{"message":"[Security
Solution] Use current user instead of internal user when querying for
threshold rule history (#174723)\n\n## Summary\r\n\r\nFollow up to
https://github.com/elastic/kibana/pull/174216","sha":"f87a34838659fed1bd22f21f9de0bc1162ae917b"}}]}]
BACKPORT-->

Co-authored-by: Marshall Main <[email protected]>
CoenWarmer pushed a commit to CoenWarmer/kibana that referenced this pull request Feb 15, 2024
@marshallmain @CoenWarmer
[Security Solution] Use current user instead of internal user when qu…
29358b8 
…erying for threshold rule history (elastic#174723)

## Summary

Follow up to elastic#174216
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marshallmain marshallmain marshallmain approved these changes

@nkhristinin nkhristinin Awaiting requested review from nkhristinin nkhristinin was automatically assigned from elastic/security-detection-engine

Assignees
No one assigned
Labels
blocker bug Fixes for quality problems that affect the customer experience impact:critical This issue should be addressed immediately due to a critical level of impact on the product. release_note:fix Team:Detection Alerts Security Detection Alerts Area Team Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) v8.11.4 v8.12.0 v8.13.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@XavierM @elasticmachine @kibana-ci @kibanamachine @marshallmain @rayafratkina