-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution][Exceptions] Exception modal bulk close option only closes alerts generated by same rule #77402
Merged
peluja1012
merged 2 commits into
elastic:master
from
peluja1012:bulk-close-only-rule-alerts
Sep 15, 2020
Merged
[Security Solution][Exceptions] Exception modal bulk close option only closes alerts generated by same rule #77402
peluja1012
merged 2 commits into
elastic:master
from
peluja1012:bulk-close-only-rule-alerts
Sep 15, 2020
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
peluja1012
added
Team:SIEM
v8.0.0
v7.10.0
Feature:Detection Rules
Security Solution rules and Detection Engine
labels
Sep 14, 2020
Pinging @elastic/siem (Team:SIEM) |
dplumlee
approved these changes
Sep 14, 2020
jloleysens
added a commit
to jloleysens/kibana
that referenced
this pull request
Sep 16, 2020
…s-for-710 * 'master' of github.com:elastic/kibana: (95 commits) log request body in new ES client (elastic#77150) use `navigateToUrl` to navigate to recent nav links (elastic#77446) Move core config service to `kbn/config` package (elastic#76874) [UBI] Copy license to /licenses folder (elastic#77563) Skip flaky Events Viewer Cypress test [Lens] Remove dynamic names in telemetry fields (elastic#76988) [Maps] Add DynamicStyleProperty#getMbPropertyName and DynamicStyleProperty#getMbPropertyValue (elastic#77366) [Enterprise Search] Add flag to restrict width of layout (elastic#77539) [Security Solutions][Cases - Timeline] Fix bug when adding a timeline to a case (elastic#76967) [Security Solution][Detections] Integration test for Editing a Rule (elastic#77090) [Ingest pipelines] Polish pipeline debugging workflow (elastic#76058) [@kbn/utils] Adds missing dependency (elastic#77536) Add the Enterprise Search logo to the Overview search result (elastic#77514) [Logs UI] [Metrics UI] Remove saved object field mappings (elastic#75482) [Security Solution][Exceptions] Exception modal bulk close option only closes alerts generated by same rule (elastic#77402) Adds @kbn/utils package (elastic#76518) Map layout changes (elastic#77132) [Security Solution] [Detections] EQL Rule Creation (elastic#76831) Adding test user to maps tests under documents source folder (elastic#77245) Suppress error logs when clients connect over HTTP instead of HTTPS (elastic#77397) ... # Conflicts: # x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/components/index.ts # x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/phases/warm_phase.tsx
Friendly reminder: Looks like this PR hasn’t been backported yet. |
kibanamachine
added
the
backport missing
Added to PRs automatically when the are determined to be missing a backport.
label
Sep 17, 2020
spong
pushed a commit
to spong/kibana
that referenced
this pull request
Sep 17, 2020
…y closes alerts generated by same rule (elastic#77402) * Exception modal bulk close option only closes alerts generated by same rule * update modal text
spong
added a commit
that referenced
this pull request
Sep 18, 2020
…y closes alerts generated by same rule (#77402) (#77839) * Exception modal bulk close option only closes alerts generated by same rule * update modal text Co-authored-by: Pedro Jaramillo <[email protected]>
kibanamachine
removed
the
backport missing
Added to PRs automatically when the are determined to be missing a backport.
label
Sep 18, 2020
MindyRS
added
the
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
label
Sep 23, 2021
Pinging @elastic/security-solution (Team: SecuritySolution) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Feature:Detection Rules
Security Solution rules and Detection Engine
release_note:enhancement
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Team:SIEM
v7.10.0
v8.0.0
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Previosly, the "close all alerts..." checkbox in the exception modal would close all alerts that match the exception regardless of which rule generated the alert. This PR updates this behavior such that only alerts triggered by the current alert's rule are closed.
Testing
I tested the functionality from 3 entry points: the Detection Alerts page, the Exception Viewer in the Rule Details page, and from the Timeline.
Checklist
Delete any items that are not applicable to this PR.