[Security Solution] Cannot edit, add or remove filters on Custom Rule after upgrade to 8.12 #177838
Assignees
Labels
bug
Fixes for quality problems that affect the customer experience
fixed
QA:Validated
Issue has been validated by QA
Team:Detection Engine
Security Solution Detection Engine Area
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Comments
leandrojmp
added
bug
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Creating a new rule and trying to add a filter also does not show the filter as added. I've tried to create a new threshold rule and add some filters and could not see the fitlers added. Screencast.from.28-02-2024.11.35.16.webm |
MadameSheema
added
Team:Detections and Resp
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-detection-engine (Team:Detection Engine) |
e40pud
added a commit
to e40pud/kibana
that referenced
this issue
Mar 7, 2024
… after upgrade to 8.12 (elastic#177838)
|
Note for QA: this happens with data views not with index patterns. |
5 tasks
e40pud
added a commit
that referenced
this issue
Mar 12, 2024
… after upgrade to 8.12 (#177838) (#178207) ## Summary Addresses #177838 These changes fix the bug where users do not receive UI feedback on add/remove/edit filters inside security solution rules. It happens when user selects data view as a source and works correctly with index patterns. The issue was introduced with these changes https://github.com/elastic/kibana/pull/175433/files# where we update filters with the ad-hoc data view id. Since new state variable is updated only when current source is an index pattern. **Fix**: we should always update `searchBarFilters` state variable on source/filters updates. https://github.com/elastic/kibana/assets/2700761/5d8d3932-3fc7-4a5c-a647-4fa2ceda71b2 Also, I added e2e tests to verify that we are able to add filters on rule creation working with both source types. ### Checklist Delete any items that are not applicable to this PR. - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [x] [ESS 50 times](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5428) - [x] [Serverless 50 times](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5410) --------- Co-authored-by: Kibana Machine <[email protected]>
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Mar 12, 2024
… after upgrade to 8.12 (elastic#177838) (elastic#178207) ## Summary Addresses elastic#177838 These changes fix the bug where users do not receive UI feedback on add/remove/edit filters inside security solution rules. It happens when user selects data view as a source and works correctly with index patterns. The issue was introduced with these changes https://github.com/elastic/kibana/pull/175433/files# where we update filters with the ad-hoc data view id. Since new state variable is updated only when current source is an index pattern. **Fix**: we should always update `searchBarFilters` state variable on source/filters updates. https://github.com/elastic/kibana/assets/2700761/5d8d3932-3fc7-4a5c-a647-4fa2ceda71b2 Also, I added e2e tests to verify that we are able to add filters on rule creation working with both source types. ### Checklist Delete any items that are not applicable to this PR. - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [x] [ESS 50 times](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5428) - [x] [Serverless 50 times](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5410) --------- Co-authored-by: Kibana Machine <[email protected]> (cherry picked from commit 22365e6)
kibanamachine
added a commit
that referenced
this issue
Mar 12, 2024
…om Rule after upgrade to 8.12 (#177838) (#178207) (#178484) # Backport This will backport the following commits from `main` to `8.13`: - [[Security Solution] Cannot edit, add or remove filters on Custom Rule after upgrade to 8.12 (#177838) (#178207)](#178207) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Ievgen Sorokopud","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-03-12T10:55:37Z","message":"[Security Solution] Cannot edit, add or remove filters on Custom Rule after upgrade to 8.12 (#177838) (#178207)\n\n## Summary\r\n\r\nAddresses https://github.com/elastic/kibana/issues/177838\r\n\r\nThese changes fix the bug where users do not receive UI feedback on\r\nadd/remove/edit filters inside security solution rules. It happens when\r\nuser selects data view as a source and works correctly with index\r\npatterns.\r\n\r\nThe issue was introduced with these changes\r\nhttps://github.com//pull/175433/files# where we update\r\nfilters with the ad-hoc data view id. Since new state variable is\r\nupdated only when current source is an index pattern.\r\n\r\n**Fix**: we should always update `searchBarFilters` state variable on\r\nsource/filters updates.\r\n\r\n\r\nhttps://github.com/elastic/kibana/assets/2700761/5d8d3932-3fc7-4a5c-a647-4fa2ceda71b2\r\n\r\nAlso, I added e2e tests to verify that we are able to add filters on\r\nrule creation working with both source types.\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [x] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n- [x] [ESS 50\r\ntimes](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5428)\r\n- [x] [Serverless 50\r\ntimes](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5410)\r\n\r\n---------\r\n\r\nCo-authored-by: Kibana Machine <[email protected]>","sha":"22365e6d4a14e06c6de559bc98c117088ce4f37d","branchLabelMapping":{"^v8.14.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team: SecuritySolution","backport:prev-minor","Team:Detection Engine","v8.13.0","v8.14.0","v8.13.1"],"title":"[Security Solution] Cannot edit, add or remove filters on Custom Rule after upgrade to 8.12 (#177838)","number":178207,"url":"https://github.com/elastic/kibana/pull/178207","mergeCommit":{"message":"[Security Solution] Cannot edit, add or remove filters on Custom Rule after upgrade to 8.12 (#177838) (#178207)\n\n## Summary\r\n\r\nAddresses https://github.com/elastic/kibana/issues/177838\r\n\r\nThese changes fix the bug where users do not receive UI feedback on\r\nadd/remove/edit filters inside security solution rules. It happens when\r\nuser selects data view as a source and works correctly with index\r\npatterns.\r\n\r\nThe issue was introduced with these changes\r\nhttps://github.com//pull/175433/files# where we update\r\nfilters with the ad-hoc data view id. Since new state variable is\r\nupdated only when current source is an index pattern.\r\n\r\n**Fix**: we should always update `searchBarFilters` state variable on\r\nsource/filters updates.\r\n\r\n\r\nhttps://github.com/elastic/kibana/assets/2700761/5d8d3932-3fc7-4a5c-a647-4fa2ceda71b2\r\n\r\nAlso, I added e2e tests to verify that we are able to add filters on\r\nrule creation working with both source types.\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [x] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n- [x] [ESS 50\r\ntimes](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5428)\r\n- [x] [Serverless 50\r\ntimes](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5410)\r\n\r\n---------\r\n\r\nCo-authored-by: Kibana Machine <[email protected]>","sha":"22365e6d4a14e06c6de559bc98c117088ce4f37d"}},"sourceBranch":"main","suggestedTargetBranches":["8.13"],"targetPullRequestStates":[{"branch":"8.13","label":"v8.13.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.14.0","branchLabelMappingKey":"^v8.14.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/178207","number":178207,"mergeCommit":{"message":"[Security Solution] Cannot edit, add or remove filters on Custom Rule after upgrade to 8.12 (#177838) (#178207)\n\n## Summary\r\n\r\nAddresses https://github.com/elastic/kibana/issues/177838\r\n\r\nThese changes fix the bug where users do not receive UI feedback on\r\nadd/remove/edit filters inside security solution rules. It happens when\r\nuser selects data view as a source and works correctly with index\r\npatterns.\r\n\r\nThe issue was introduced with these changes\r\nhttps://github.com//pull/175433/files# where we update\r\nfilters with the ad-hoc data view id. Since new state variable is\r\nupdated only when current source is an index pattern.\r\n\r\n**Fix**: we should always update `searchBarFilters` state variable on\r\nsource/filters updates.\r\n\r\n\r\nhttps://github.com/elastic/kibana/assets/2700761/5d8d3932-3fc7-4a5c-a647-4fa2ceda71b2\r\n\r\nAlso, I added e2e tests to verify that we are able to add filters on\r\nrule creation working with both source types.\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [x] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n- [x] [ESS 50\r\ntimes](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5428)\r\n- [x] [Serverless 50\r\ntimes](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5410)\r\n\r\n---------\r\n\r\nCo-authored-by: Kibana Machine <[email protected]>","sha":"22365e6d4a14e06c6de559bc98c117088ce4f37d"}}]}] BACKPORT--> Co-authored-by: Ievgen Sorokopud <[email protected]>
|
@vgomez-el @MadameSheema the fix has been merged into |
|
There was recently another BC for 8.13 - it may have made it into 8.13.0 |
|
Bug is fixed and validated in 8.13 BC7: REC-20240325162934.mp4Thanks @e40pud for the fix! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug:
After upgrade to 8.12.1 we are not able to edit or add new filters to custom rules.
Kibana/Elasticsearch Stack version:
8.12.1
Server OS version:
Rocky Linux 8.6
Browser and Browser OS versions:
Vivaldi 6.5.3206.63 (Stable channel) stable (64-bit) on Ubuntu 22.04
Original install method (e.g. download page, yum, from source, etc.):
yum
Current behavior:
When trying to edit or add filters in a custom rule we got no response from Kibana the filter is not added, changed or deleted.
Expected behavior:
We expect to being able to edit, add or delete a filter on a custom rule.
Screenshots (if relevant):
Screencast.from.28-02-2024.10.39.23.webm
The text was updated successfully, but these errors were encountered: