Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Error is displayed after importing rules with Elastic-cloud-SMTP connector #157253

Closed
vgomez-el opened this issue May 10, 2023 · 5 comments
Closed

[Security Solution] Error is displayed after importing rules with Elastic-cloud-SMTP connector #157253

vgomez-el opened this issue May 10, 2023 · 5 comments
Assignees
@maximpn
Labels
8.13 candidate bug Fixes for quality problems that affect the customer experience Feature:Rule Actions Security Solution Detection Rule Actions area Feature:Rule Import/Export Security Solution Detection Rule Import & Export workflow fixed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.12.2 v8.13.0

Comments

@vgomez-el
Copy link

vgomez-el commented May 10, 2023
edited by maximpn
Loading

Describe the bug:

  • Error is displayed after importing rules with Elastic-cloud-SMTP connector

Kibana/Elasticsearch Stack version:

  • 8.8.0-BC2

Original install method (e.g. download page, yum, from source, etc.):

  • Cloud instance

Functional Area (e.g. Endpoint management, timelines, resolver, etc.):

Detection Rules

Initial setup

  • user has more than one rule with at least one Rule action with Elastic-cloud-SMTP connector each
  • User is on Rules Management page

Steps to reproduce:

  1. Export a Rule which has an Elastic-cloud-SMTP connector
  2. Click on "Import Rules" button
  3. Select the previous exported file
  4. Check all the 3 checkboxes
  5. Press Import button

Steps to reproduce locally (dev environment):

  1. Preconfigure a connector locally in kibana.dev.yml/kibana.yml as described here.
  2. Create a rule with an action using a preconfigured connector.
  3. Export the rule with connector
  4. Click on "Import Rules" button
  5. Select the previous exported file
  6. Check all the 3 checkboxes
  7. Press Import button

Current behavior:

  • An error message is displayed checking the 3 options when importing, but the error does not appear when leaving uncheck the " Overwrite existing connectors with conflicting action "id"".

Expected behavior:

-File should be imported successfully and connectors should be overwritten if necessary

Screen recording

REC-20230510131242.mp4

Errors in browser console (if relevant):

Provide logs and/or server output (if relevant):

Any additional context (logs, chat logs, magical formulas, etc.):

Error message displayed:

{
  "name": "Network errors",
  "raw_network_error": {
    "success": false,
    "success_count": 0,
    "rules_count": 1,
    "errors": [
      {
        "id": "elastic-cloud-email",
        "rule_id": "86f36b3b-4991-4090-aa4b-0f46569b1864",
        "error": {
          "status_code": 404,
          "message": "1 connector is missing. Connector id missing is: elastic-cloud-email"
        }
      }
    ],
    "exceptions_errors": [],
    "exceptions_success": true,
    "exceptions_success_count": 0,
    "action_connectors_success": false,
    "action_connectors_success_count": 0,
    "action_connectors_errors": [
      {
        "id": "elastic-cloud-email",
        "rule_id": "86f36b3b-4991-4090-aa4b-0f46569b1864",
        "error": {
          "status_code": 404,
          "message": "1 connector is missing. Connector id missing is: elastic-cloud-email"
        }
      }
    ]
  },
  "message": "1 connector is missing. Connector id missing is: elastic-cloud-email"
}
@vgomez-el vgomez-el added bug Fixes for quality problems that affect the customer experience triage_needed Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Detection Rule Management Security Detection Rule Management Team labels May 10, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@vgomez-el
Copy link
Author

The error message is displayed only when checking the 3 options when importing, it does not happen when user just checks, the first one or the first and the second

REC-20230510132024.mp4

@banderror banderror added impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Feature:Rule Actions Security Solution Detection Rule Actions area Feature:Rule Import/Export Security Solution Detection Rule Import & Export workflow and removed triage_needed labels May 25, 2023
@banderror banderror removed their assignment May 25, 2023
@maximpn maximpn self-assigned this Feb 5, 2024
@maximpn maximpn mentioned this issue Feb 6, 2024
Merged
2 tasks
maximpn added a commit that referenced this issue Feb 13, 2024
@maximpn
[Security Solution] Fix importing rules referencing preconfigured con…
934a06c 
…nectors (#176284)

**Fixes:** #157253

## Summary

This PR fixes rules import with `overwrite_action_connectors` set to true when ndjson contains rules with actions referencing preconfigured action connectors.

## Details

A user can preconfigure action connectors as described [here](https://www.elastic.co/guide/en/kibana/current/pre-configured-connectors.html). At the same time Elastic Could instances have Elastic-cloud-SMTP connector preconfigured. In particular import doesn't work as expected in Elastic Cloud for rules having actions referencing the preconfigured Elastic-cloud-SMTP connector.

This is fixed by filtering out preconfigured connector ids so importing logic only handles custom action connectors.

On top of this functional tests have been added to make sure the problem won't come back.

### Checklist

- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
- [x] [Ran](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5139) in Flaky test runner for ESS and Serverless and no flakiness has been revealed
maximpn added a commit to maximpn/kibana that referenced this issue Feb 14, 2024
@maximpn
[Security Solution] Fix importing rules referencing preconfigured con…
b8aac4d 
…nectors (elastic#176284)

**Fixes:** elastic#157253

## Summary

This PR fixes rules import with `overwrite_action_connectors` set to true when ndjson contains rules with actions referencing preconfigured action connectors.

## Details

A user can preconfigure action connectors as described [here](https://www.elastic.co/guide/en/kibana/current/pre-configured-connectors.html). At the same time Elastic Could instances have Elastic-cloud-SMTP connector preconfigured. In particular import doesn't work as expected in Elastic Cloud for rules having actions referencing the preconfigured Elastic-cloud-SMTP connector.

This is fixed by filtering out preconfigured connector ids so importing logic only handles custom action connectors.

On top of this functional tests have been added to make sure the problem won't come back.

### Checklist

- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
- [x] [Ran](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5139) in Flaky test runner for ESS and Serverless and no flakiness has been revealed

(cherry picked from commit 934a06c)

# Conflicts:
#	x-pack/test/detection_engine_api_integration/security_and_spaces/group10/import_connectors.ts
#	x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/migrations/index.ts
maximpn referenced this issue Feb 14, 2024
@maximpn
[8.12] [Security Solution] Fix importing rules referencing preconfigu…
78cb16c 
…red connectors (#176284) (#176887)

# Backport

This will backport the following commits from `main` to `8.12`:
- [[Security Solution] Fix importing rules referencing preconfigured
connectors (#176284)](#176284)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Maxim
Palenov","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-02-13T15:30:25Z","message":"[Security
Solution] Fix importing rules referencing preconfigured connectors
(#176284)\n\n**Fixes:**
https://github.com/elastic/kibana/issues/157253\r\n\r\n##
Summary\r\n\r\nThis PR fixes rules import with
`overwrite_action_connectors` set to true when ndjson contains rules
with actions referencing preconfigured action connectors.\r\n\r\n##
Details\r\n\r\nA user can preconfigure action connectors as described
[here](https://www.elastic.co/guide/en/kibana/current/pre-configured-connectors.html).
At the same time Elastic Could instances have Elastic-cloud-SMTP
connector preconfigured. In particular import doesn't work as expected
in Elastic Cloud for rules having actions referencing the preconfigured
Elastic-cloud-SMTP connector.\r\n\r\nThis is fixed by filtering out
preconfigured connector ids so importing logic only handles custom
action connectors.\r\n\r\nOn top of this functional tests have been
added to make sure the problem won't come back.\r\n\r\n###
Checklist\r\n\r\n- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios\r\n- [x]
[Ran](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5139)
in Flaky test runner for ESS and Serverless and no flakiness has been
revealed","sha":"934a06ccf7c599685e04469ff0801e461ee9c2d5","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","impact:medium","Team:Detections
and Resp","Team: SecuritySolution","Feature:Rule
Actions","Team:Detection Rule Management","Feature:Rule
Import/Export","v8.13.0","v8.12.2"],"number":176284,"url":"https://github.com/elastic/kibana/pull/176284","mergeCommit":{"message":"[Security
Solution] Fix importing rules referencing preconfigured connectors
(#176284)\n\n**Fixes:**
https://github.com/elastic/kibana/issues/157253\r\n\r\n##
Summary\r\n\r\nThis PR fixes rules import with
`overwrite_action_connectors` set to true when ndjson contains rules
with actions referencing preconfigured action connectors.\r\n\r\n##
Details\r\n\r\nA user can preconfigure action connectors as described
[here](https://www.elastic.co/guide/en/kibana/current/pre-configured-connectors.html).
At the same time Elastic Could instances have Elastic-cloud-SMTP
connector preconfigured. In particular import doesn't work as expected
in Elastic Cloud for rules having actions referencing the preconfigured
Elastic-cloud-SMTP connector.\r\n\r\nThis is fixed by filtering out
preconfigured connector ids so importing logic only handles custom
action connectors.\r\n\r\nOn top of this functional tests have been
added to make sure the problem won't come back.\r\n\r\n###
Checklist\r\n\r\n- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios\r\n- [x]
[Ran](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5139)
in Flaky test runner for ESS and Serverless and no flakiness has been
revealed","sha":"934a06ccf7c599685e04469ff0801e461ee9c2d5"}},"sourceBranch":"main","suggestedTargetBranches":["8.12"],"targetPullRequestStates":[{"branch":"main","label":"v8.13.0","labelRegex":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/176284","number":176284,"mergeCommit":{"message":"[Security
Solution] Fix importing rules referencing preconfigured connectors
(#176284)\n\n**Fixes:**
https://github.com/elastic/kibana/issues/157253\r\n\r\n##
Summary\r\n\r\nThis PR fixes rules import with
`overwrite_action_connectors` set to true when ndjson contains rules
with actions referencing preconfigured action connectors.\r\n\r\n##
Details\r\n\r\nA user can preconfigure action connectors as described
[here](https://www.elastic.co/guide/en/kibana/current/pre-configured-connectors.html).
At the same time Elastic Could instances have Elastic-cloud-SMTP
connector preconfigured. In particular import doesn't work as expected
in Elastic Cloud for rules having actions referencing the preconfigured
Elastic-cloud-SMTP connector.\r\n\r\nThis is fixed by filtering out
preconfigured connector ids so importing logic only handles custom
action connectors.\r\n\r\nOn top of this functional tests have been
added to make sure the problem won't come back.\r\n\r\n###
Checklist\r\n\r\n- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios\r\n- [x]
[Ran](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5139)
in Flaky test runner for ESS and Serverless and no flakiness has been
revealed","sha":"934a06ccf7c599685e04469ff0801e461ee9c2d5"}},{"branch":"8.12","label":"v8.12.2","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
@maximpn
Copy link
Contributor

maximpn commented Feb 14, 2024

@vgomez-el Could you please validate the #176284? It has been backported to 8.12 and will be released in 8.12.2.

CoenWarmer pushed a commit to CoenWarmer/kibana that referenced this issue Feb 15, 2024
@maximpn @CoenWarmer
[Security Solution] Fix importing rules referencing preconfigured con…
2a586f1 
…nectors (elastic#176284)

**Fixes:** elastic#157253

## Summary

This PR fixes rules import with `overwrite_action_connectors` set to true when ndjson contains rules with actions referencing preconfigured action connectors.

## Details

A user can preconfigure action connectors as described [here](https://www.elastic.co/guide/en/kibana/current/pre-configured-connectors.html). At the same time Elastic Could instances have Elastic-cloud-SMTP connector preconfigured. In particular import doesn't work as expected in Elastic Cloud for rules having actions referencing the preconfigured Elastic-cloud-SMTP connector.

This is fixed by filtering out preconfigured connector ids so importing logic only handles custom action connectors.

On top of this functional tests have been added to make sure the problem won't come back.

### Checklist

- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
- [x] [Ran](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5139) in Flaky test runner for ESS and Serverless and no flakiness has been revealed
@vgomez-el vgomez-el added the QA:Validated Issue has been validated by QA label Feb 21, 2024
@vgomez-el
Copy link
Author

Bug is fixed and validated for 8.13 BC1:

REC-20240221112717.mp4

thanks @maximpn and @banderror for your fix!

fkanout pushed a commit to fkanout/kibana that referenced this issue Mar 4, 2024
@maximpn @fkanout
[Security Solution] Fix importing rules referencing preconfigured con…
92e5032 
…nectors (elastic#176284)

**Fixes:** elastic#157253

## Summary

This PR fixes rules import with `overwrite_action_connectors` set to true when ndjson contains rules with actions referencing preconfigured action connectors.

## Details

A user can preconfigure action connectors as described [here](https://www.elastic.co/guide/en/kibana/current/pre-configured-connectors.html). At the same time Elastic Could instances have Elastic-cloud-SMTP connector preconfigured. In particular import doesn't work as expected in Elastic Cloud for rules having actions referencing the preconfigured Elastic-cloud-SMTP connector.

This is fixed by filtering out preconfigured connector ids so importing logic only handles custom action connectors.

On top of this functional tests have been added to make sure the problem won't come back.

### Checklist

- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
- [x] [Ran](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5139) in Flaky test runner for ESS and Serverless and no flakiness has been revealed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@maximpn maximpn

Labels
8.13 candidate bug Fixes for quality problems that affect the customer experience Feature:Rule Actions Security Solution Detection Rule Actions area Feature:Rule Import/Export Security Solution Detection Rule Import & Export workflow fixed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.12.2 v8.13.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@maximpn @banderror @elasticmachine @vgomez-el