Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a note in 8.8 docs about known legacy action migration issue #3572

Closed
e40pud opened this issue Jul 17, 2023 · 1 comment · Fixed by #3722
Closed

Add a note in 8.8 docs about known legacy action migration issue #3572

e40pud opened this issue Jul 17, 2023 · 1 comment · Fixed by #3722
Assignees
@nastasha-solomon
Labels
Effort: Small Issues that can be resolved quickly Priority: Medium Issues that have relevance, but aren't urgent release-notes Team: Detection Engine v8.8.0 v8.8.1 v8.8.2 v8.9.0

Comments

@e40pud
Copy link
Contributor

e40pud commented Jul 17, 2023

Description

In 8.8 we introduced conditional actions and moved legacy actions migration code to the alerting framework.

As part of these changes we introduced the issue which can happen during the migration. The issue happens when the frequency of legacy action is shorter than the rule execution interval. In this case during the migration alerting framework will convert and delete legacy actions and then do validation (action frequency cannot be shorter than rule interval) and throw an exception which leads to data loss (all actions will be lost in this case).

We will add the fix for this issue in v8.9.1 and need to report a known issue for v8.8.

There are few possible workarounds:

  1. Users can manually set rule interval to be greater or equal to rule's interval and save the rule.
  2. Users can export a rule, fix it manually and import it again.
  3. Users can remove legacy action from rule in UI. Save rule, and try to create new action afterwards for this rule.
  4. Users can just re-create the whole rule from scratch.
@e40pud e40pud mentioned this issue Jul 17, 2023
Merged
@nastasha-solomon nastasha-solomon mentioned this issue Jul 6, 2023
Closed
21 tasks
@jmikell821 jmikell821 mentioned this issue Jul 20, 2023
Merged
@nastasha-solomon nastasha-solomon added Priority: Medium Issues that have relevance, but aren't urgent Effort: Small Issues that can be resolved quickly labels Aug 6, 2023
@nastasha-solomon
Copy link
Contributor

Am using the summary that was reviewed/confirmed here.

@nastasha-solomon nastasha-solomon mentioned this issue Aug 14, 2023
Merged
@e40pud e40pud mentioned this issue Aug 16, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nastasha-solomon nastasha-solomon

Labels
Effort: Small Issues that can be resolved quickly Priority: Medium Issues that have relevance, but aren't urgent release-notes Team: Detection Engine v8.8.0 v8.8.1 v8.8.2 v8.9.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add a note in 8.8 docs about known legacy action migration issue elastic/security-docs
2 participants
@e40pud @nastasha-solomon