[Security Solution][Detections] Fix severity and risk score overrides when field mapping exists but the mapped fields do not #87004
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
banderror
added
Feature:Detection Rules
|
@MikePaquette @peluja1012 @spong As a future enhancement, do you think there's any value in letting the user type any field names in the overrides, even if the fields don't exist (yet)? So our combobox values can be used to assist users but not to restrict them, especially for cases when the user wants to create a rule before indexing any data? |
banderror
force-pushed
the
fix-severity-overrides-in-duplicated-rules
branch
2 times, most recently
from
c214140 to
fbe87af
Compare
banderror
force-pushed
the
fix-severity-overrides-in-duplicated-rules
branch
from
fbe87af to
ad7a2a0
Compare
💚 Build SucceededMetrics [docs]Async chunks
Distributable file count
History
To update your PR or re-run it, just comment with: |
rylnd
approved these changes
Jan 5, 2021
| @@ -101,7 +101,11 @@ export const REFERENCE_URLS_INPUT = | |||
|
|
|||
| export const REFRESH_BUTTON = '[data-test-subj="refreshButton"]'; | |||
|
|
|||
| export const RISK_INPUT = '.euiRangeInput'; | |||
| export const DEFAULT_RISK_SCORE_INPUT = | |||
There was a problem hiding this comment.
Is it possible to omit the .eui* from these selectors? The data-test-subjs are much preferred, but these selectors will still be brittle to EUI changes as they are now.
There was a problem hiding this comment.
Yeah, I don't like this too... Unfortunately, not possible w/o submitting a PR to EUI.
<EuiRange data-test-subj="detectionEngineStepAboutRuleRiskScore-defaultRiskRange"/>This guy renders two inputs under the hood (first one is fancy slider, second one is the normal input) and passes this data-test-subj to both of them. So to select one of them we can use either its order or its classnames.
| selectedFields: IFieldType[], | ||
| fieldTypeFilter: string[] | ||
| ): IFieldType[] => { | ||
| const map = new Map<string, IFieldType>(); |
There was a problem hiding this comment.
Nit: maybe this could be fieldsByName instead of map?
There was a problem hiding this comment.
Great naming suggestions, thank you! Sometimes I skip making names descriptive if the scope is small 🙂 Here I think it makes sense, I'll submit a quick PR.
| existingFields.forEach((f) => map.set(f.name, f)); | ||
| selectedFields.forEach((f) => map.set(f.name, f)); | ||
|
|
||
| const array = Array.from(map.values()); |
There was a problem hiding this comment.
similar nit:
Suggested change
| const array = Array.from(map.values()); | |
| const uniqueFields = Array.from(map.values()); |
rylnd
pushed a commit
to rylnd/kibana
that referenced
this pull request
Jan 5, 2021
… when field mapping exists but the mapped fields do not (elastic#87004) * Fix Source field combobox in Severity override and Risk score override sections * Clean up * Fix unit and Cypress tests
rylnd
pushed a commit
to rylnd/kibana
that referenced
this pull request
Jan 5, 2021
… when field mapping exists but the mapped fields do not (elastic#87004) * Fix Source field combobox in Severity override and Risk score override sections * Clean up * Fix unit and Cypress tests
spong
pushed a commit
that referenced
this pull request
Jan 6, 2021
… when field mapping exists but the mapped fields do not (#87004) (#87412) * Fix Source field combobox in Severity override and Risk score override sections * Clean up * Fix unit and Cypress tests Co-authored-by: Georgii Gorbachev <[email protected]>
spong
pushed a commit
that referenced
this pull request
Jan 6, 2021
… when field mapping exists but the mapped fields do not (#87004) (#87411) * Fix Source field combobox in Severity override and Risk score override sections * Clean up * Fix unit and Cypress tests Co-authored-by: Georgii Gorbachev <[email protected]>
banderror
added a commit
to banderror/kibana
that referenced
this pull request
Jan 6, 2021
1 task
banderror
added a commit
that referenced
this pull request
Jan 6, 2021
banderror
added a commit
to banderror/kibana
that referenced
this pull request
Jan 6, 2021
…lastic#87516) ## Summary This is a follow-up PR addressing some of the comments in: - elastic#86908 - elastic#87004
banderror
added a commit
to banderror/kibana
that referenced
this pull request
Jan 6, 2021
…lastic#87516) ## Summary This is a follow-up PR addressing some of the comments in: - elastic#86908 - elastic#87004
banderror
added a commit
that referenced
this pull request
Jan 7, 2021
banderror
added a commit
that referenced
this pull request
Jan 7, 2021
FrankHassanabad
added a commit
that referenced
this pull request
Jul 13, 2021
…nd marks other duplicated code (#105374) ## Summary * Removes dead duplicated code from `security_solution` and `lists` * Adds notes and TODO's where we still have duplicated logic * Adds notes where I saw that the original deviated from the copy from modifications in one file but not the other. * DOES NOT fix the bugs existing in one copy but not the other. That should be done when the copied chunks are collapsed into a package. Instead see this issue where I marked those areas: #105378 See these two files where things have deviated from our duplications as an example: [security_solution/public/common/components/autocomplete/field.tsx](https://github.com/elastic/kibana/blob/master/x-pack/plugins/security_solution/public/common/components/autocomplete/field.tsx ) [lists/public/exceptions/components/autocomplete/field.tsx](https://github.com/elastic/kibana/blob/master/x-pack/plugins/lists/public/exceptions/components/autocomplete/field.tsx) Ref PR where fixes are applied to one of the files but not the other (could be other PR's in addition to this one): #87004 ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jul 13, 2021
…nd marks other duplicated code (elastic#105374) ## Summary * Removes dead duplicated code from `security_solution` and `lists` * Adds notes and TODO's where we still have duplicated logic * Adds notes where I saw that the original deviated from the copy from modifications in one file but not the other. * DOES NOT fix the bugs existing in one copy but not the other. That should be done when the copied chunks are collapsed into a package. Instead see this issue where I marked those areas: elastic#105378 See these two files where things have deviated from our duplications as an example: [security_solution/public/common/components/autocomplete/field.tsx](https://github.com/elastic/kibana/blob/master/x-pack/plugins/security_solution/public/common/components/autocomplete/field.tsx ) [lists/public/exceptions/components/autocomplete/field.tsx](https://github.com/elastic/kibana/blob/master/x-pack/plugins/lists/public/exceptions/components/autocomplete/field.tsx) Ref PR where fixes are applied to one of the files but not the other (could be other PR's in addition to this one): elastic#87004 ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
kibanamachine
added a commit
that referenced
this pull request
Jul 14, 2021
…nd marks other duplicated code (#105374) (#105524) ## Summary * Removes dead duplicated code from `security_solution` and `lists` * Adds notes and TODO's where we still have duplicated logic * Adds notes where I saw that the original deviated from the copy from modifications in one file but not the other. * DOES NOT fix the bugs existing in one copy but not the other. That should be done when the copied chunks are collapsed into a package. Instead see this issue where I marked those areas: #105378 See these two files where things have deviated from our duplications as an example: [security_solution/public/common/components/autocomplete/field.tsx](https://github.com/elastic/kibana/blob/master/x-pack/plugins/security_solution/public/common/components/autocomplete/field.tsx ) [lists/public/exceptions/components/autocomplete/field.tsx](https://github.com/elastic/kibana/blob/master/x-pack/plugins/lists/public/exceptions/components/autocomplete/field.tsx) Ref PR where fixes are applied to one of the files but not the other (could be other PR's in addition to this one): #87004 ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios Co-authored-by: Frank Hassanabad <[email protected]>
1 task
FrankHassanabad
added a commit
that referenced
this pull request
Jul 22, 2021
…e and moves duplicate code between lists and security_solution there (#105382) ## Summary Creates an autocomplete package from `lists` and removes duplicate code between `lists` and `security_solutions` * Consolidates different PR's where we were changing different parts of autocomplete in different ways. * Existing Cypress tests should cover any mistakes hopefully Manual Testing: * Ensure this bug does not crop up again #87004 * Make sure that the exception list autocomplete looks alright ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jul 22, 2021
…e and moves duplicate code between lists and security_solution there (elastic#105382) ## Summary Creates an autocomplete package from `lists` and removes duplicate code between `lists` and `security_solutions` * Consolidates different PR's where we were changing different parts of autocomplete in different ways. * Existing Cypress tests should cover any mistakes hopefully Manual Testing: * Ensure this bug does not crop up again elastic#87004 * Make sure that the exception list autocomplete looks alright ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
FrankHassanabad
added a commit
to FrankHassanabad/kibana
that referenced
this pull request
Jul 22, 2021
…e and moves duplicate code between lists and security_solution there (elastic#105382) ## Summary Creates an autocomplete package from `lists` and removes duplicate code between `lists` and `security_solutions` * Consolidates different PR's where we were changing different parts of autocomplete in different ways. * Existing Cypress tests should cover any mistakes hopefully Manual Testing: * Ensure this bug does not crop up again elastic#87004 * Make sure that the exception list autocomplete looks alright ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios # Conflicts: # x-pack/plugins/translations/translations/ja-JP.json
FrankHassanabad
added a commit
that referenced
this pull request
Jul 23, 2021
…e and moves duplicate code between lists and security_solution there (#105382) (#106612) ## Summary Creates an autocomplete package from `lists` and removes duplicate code between `lists` and `security_solutions` * Consolidates different PR's where we were changing different parts of autocomplete in different ways. * Existing Cypress tests should cover any mistakes hopefully Manual Testing: * Ensure this bug does not crop up again #87004 * Make sure that the exception list autocomplete looks alright ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios # Conflicts: # x-pack/plugins/translations/translations/ja-JP.json
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Addresses: #85951 and a similar bug in Risk score override section.
Summary
Check the bug description and steps to reproduce.
When a field does not exist, but specified in severity or risk score override of an existing rule, and the user opens this rule for editing, we should show all the mapped fields, even if they don't exist. Maybe the rule has been activated (e.g. a built-in rule) but the data hasn't been indexed yet. Or maybe the data existed before, but was deleted for any reason.
The components we use to display the mapping contained strict logic for making sure that any value we display in a combobox must correspond to a real field or field value, existing right now in the indices specified in the rule. In order to be able to fix the bug, I removed this logic for "initial state" (first render), but left for the case when the user starts typing something in the combobox. In other words:
This should fix the filed bug.
Screen recording
Video
Checklist
[ ] Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support[ ] Documentation was added for features that require explanation or tutorials[ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: FF, Chrome)[ ] This renders correctly on smaller devices using a responsive layout. (You can test this in your browser)[ ] This was checked for cross-browser compatibilityFor maintainers