[Security Solution] “Author” and “License” Fields Are Editable in UI but Result in Errors When Updated #200251
Assignees
Labels
8.18 candidate
bug
Fixes for quality problems that affect the customer experience
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules area
Feature:Rule Edit
Security Solution Detection Rule Editing workflow
fixed
impact:medium
Addressing this issue will have a medium level of impact on the quality/strength of our product.
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
v8.17.0
v8.18.0
Comments
pborgonovi
added
bug
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
banderror
added
Feature:Prebuilt Detection Rules
|
@dplumlee Please prioritize fixing this in the next 2 weeks. We should also reflect this use case in the test plan for the customization workflow you're working on and cover it with tests. |
1 task
5 tasks
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Dec 4, 2024
…it form for prebuilt rule types (elastic#201887) ## Summary Fixes elastic#200251 > [!NOTE] > This bug/related fix is only visible with the `prebuiltRulesCustomizationEnabled` feature flag turned on. Disables `author` and `license` fields in rule edit form for prebuilt rule types as we throw API errors when they are changed from the existing rule value if the rule source is external. ### Screenshots - the same prebuilt rule in the Rule edit form **Before** <img width="738" alt="Screenshot 2024-11-26 at 5 32 00 PM" src="https://github.com/user-attachments/assets/6262cdb2-750a-47fb-b6b8-ec07f4acd8aa"> **After**  ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit 13fa525)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Dec 4, 2024
…it form for prebuilt rule types (elastic#201887) ## Summary Fixes elastic#200251 > [!NOTE] > This bug/related fix is only visible with the `prebuiltRulesCustomizationEnabled` feature flag turned on. Disables `author` and `license` fields in rule edit form for prebuilt rule types as we throw API errors when they are changed from the existing rule value if the rule source is external. ### Screenshots - the same prebuilt rule in the Rule edit form **Before** <img width="738" alt="Screenshot 2024-11-26 at 5 32 00 PM" src="https://github.com/user-attachments/assets/6262cdb2-750a-47fb-b6b8-ec07f4acd8aa"> **After**  ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit 13fa525)
|
@pborgonovi Feel free to validate the fix or close right away. |
|
I've validated the fix and it looks good: Screen.Recording.2024-12-05.at.9.32.38.AM.movClosing this ticket. |
SoniaSanzV
pushed a commit
to SoniaSanzV/kibana
that referenced
this issue
Dec 9, 2024
…it form for prebuilt rule types (elastic#201887) ## Summary Fixes elastic#200251 > [!NOTE] > This bug/related fix is only visible with the `prebuiltRulesCustomizationEnabled` feature flag turned on. Disables `author` and `license` fields in rule edit form for prebuilt rule types as we throw API errors when they are changed from the existing rule value if the rule source is external. ### Screenshots - the same prebuilt rule in the Rule edit form **Before** <img width="738" alt="Screenshot 2024-11-26 at 5 32 00 PM" src="https://github.com/user-attachments/assets/6262cdb2-750a-47fb-b6b8-ec07f4acd8aa"> **After**  ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
SoniaSanzV
pushed a commit
to SoniaSanzV/kibana
that referenced
this issue
Dec 9, 2024
…it form for prebuilt rule types (elastic#201887) ## Summary Fixes elastic#200251 > [!NOTE] > This bug/related fix is only visible with the `prebuiltRulesCustomizationEnabled` feature flag turned on. Disables `author` and `license` fields in rule edit form for prebuilt rule types as we throw API errors when they are changed from the existing rule value if the rule source is external. ### Screenshots - the same prebuilt rule in the Rule edit form **Before** <img width="738" alt="Screenshot 2024-11-26 at 5 32 00 PM" src="https://github.com/user-attachments/assets/6262cdb2-750a-47fb-b6b8-ec07f4acd8aa"> **After**  ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this issue
Dec 9, 2024
…it form for prebuilt rule types (elastic#201887) ## Summary Fixes elastic#200251 > [!NOTE] > This bug/related fix is only visible with the `prebuiltRulesCustomizationEnabled` feature flag turned on. Disables `author` and `license` fields in rule edit form for prebuilt rule types as we throw API errors when they are changed from the existing rule value if the rule source is external. ### Screenshots - the same prebuilt rule in the Rule edit form **Before** <img width="738" alt="Screenshot 2024-11-26 at 5 32 00 PM" src="https://github.com/user-attachments/assets/6262cdb2-750a-47fb-b6b8-ec07f4acd8aa"> **After**  ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
Samiul-TheSoccerFan
pushed a commit
to Samiul-TheSoccerFan/kibana
that referenced
this issue
Dec 10, 2024
…it form for prebuilt rule types (elastic#201887) ## Summary Fixes elastic#200251 > [!NOTE] > This bug/related fix is only visible with the `prebuiltRulesCustomizationEnabled` feature flag turned on. Disables `author` and `license` fields in rule edit form for prebuilt rule types as we throw API errors when they are changed from the existing rule value if the rule source is external. ### Screenshots - the same prebuilt rule in the Rule edit form **Before** <img width="738" alt="Screenshot 2024-11-26 at 5 32 00 PM" src="https://github.com/user-attachments/assets/6262cdb2-750a-47fb-b6b8-ec07f4acd8aa"> **After**  ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this issue
Dec 12, 2024
…it form for prebuilt rule types (elastic#201887) ## Summary Fixes elastic#200251 > [!NOTE] > This bug/related fix is only visible with the `prebuiltRulesCustomizationEnabled` feature flag turned on. Disables `author` and `license` fields in rule edit form for prebuilt rule types as we throw API errors when they are changed from the existing rule value if the rule source is external. ### Screenshots - the same prebuilt rule in the Rule edit form **Before** <img width="738" alt="Screenshot 2024-11-26 at 5 32 00 PM" src="https://github.com/user-attachments/assets/6262cdb2-750a-47fb-b6b8-ec07f4acd8aa"> **After**  ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug:
In the rule editing UI, the fields “Author” and “License” for prebuilt rules are currently enabled, allowing users to make edits. However, when the user attempts to save the changes, errors occur:
For the Author field: “Cannot update ‘author’ field for prebuilt rules (400)”
For the License field: “Cannot update ‘license’ field for prebuilt rules (400)”
The backend validation correctly blocks these changes, as these fields are not meant to be edited for prebuilt rules. However, the UI behavior is misleading, as it suggests that these fields can be modified.
Kibana/Elasticsearch Stack version:
8.x
Server OS version:
Browser and Browser OS versions:
Elastic Endpoint version:
Original install method (e.g. download page, yum, from source, etc.):
Functional Area (e.g. Endpoint management, timelines, resolver, etc.):
Steps to reproduce:
• For “Author”: “Cannot update ‘author’ field for prebuilt rules (400)”
• For “License”: “Cannot update ‘license’ field for prebuilt rules (400)”
Current behavior:
The “Author” and “License” fields are enabled and editable in the UI.
Expected behavior:
The “Author” and “License” fields should be disabled (read-only) in the UI for prebuilt rules, preventing users from attempting to edit them.
Screenshots (if relevant):
Screen.Recording.2024-11-14.at.11.49.38.AM.mov
Errors in browser console (if relevant):
Provide logs and/or server output (if relevant):
Any additional context (logs, chat logs, magical formulas, etc.):
The text was updated successfully, but these errors were encountered: