Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Warning is shown for updated Prebuilt rule with filter containing "AND" or "OR" condition #203615

Open
jkelas opened this issue Dec 10, 2024 · 3 comments
Open

[Security Solution] Warning is shown for updated Prebuilt rule with filter containing "AND" or "OR" condition #203615

jkelas opened this issue Dec 10, 2024 · 3 comments
Assignees
@banderror
Labels
8.18 candidate bug Fixes for quality problems that affect the customer experience Feature:Rule Details Security Solution Detection Rule Details page impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. triage_needed

Comments

@jkelas
Copy link
Contributor

jkelas commented Dec 10, 2024

Follow-up to: #178908

Summary

When updating a Prebuilt rule which has a filter with AND or OR condition, in the Rule Update Flyout there is a Warning displayed in the "Custom query" field.

Steps to reproduce

  1. Launch a clean Kibana + ES environment.
  2. Create some valid indices with source events. Locally, one easy way to do this would be using the resolver_generator script that generates fake endpoint events (events generated by Endpoint Security aka Elastic Defend): node x-pack/plugins/security_solution/scripts/endpoint/resolver_generator.js --node http://elastic:[email protected]:9200 --kibana http://elastic:[email protected]:5601/kbn --numHosts=5 --numDocs=2.
  3. Install at least one predefined rule, e.g. "Malware - Detected - Elastic Endgame".
  4. Using Kibana API create an earlier version of the rule, adding a filter containing "AND" condition (see the curl command below).
  5. A new tab "Rules Updates" will appear in the Rules page. Click it.
  6. Click the updated rule.
  7. Expand the "KQL query" tab. In the "Filters" there should be no issue with the Warning.
  8. Click "Edit" button. The filters displayed in the "Custom query" field will display a Warning. See the screenshot and recording below.

Expected behavior: There should be no Warning flashing in the "Custom query" field.

Screenshot:
Image

Recording:
https://github.com/user-attachments/assets/7cd6d2fc-9df4-453c-9a3e-242f3760a224

Curl command to trigger rule update:

curl --location --request PATCH 'http://localhost:5601/kbn/api/detection_engine/rules' \
--header 'kbn-xsrf: 123' \
--header 'Content-Type: application/json' \
--header 'elastic-api-version: 2023-10-31' \
--header 'Authorization: Basic ZWxhc3RpYzpjaGFuZ2VtZQ==' \
--data '{
    "rule_id": "0a97b20f-4144-49ea-be32-b540ecc445de",
    "version": 102,
    "tags": [
        "test"
    ],
    "filters": [
        {
            "$state": {
                "store": "appState"
            },
            "meta": {
                "type": "combined",
                "relation": "AND",
                "params": [
                    {
                        "query": {
                            "match_phrase": {
                                "host.name": "Host-1rt0y8ynu8"
                            }
                        },
                        "meta": {
                            "negate": false,
                            "index": "logs-*",
                            "key": "host.name",
                            "field": "host.name",
                            "params": {
                                "query": "Host-1rt0y8ynu8"
                            },
                            "type": "phrase",
                            "disabled": false,
                            "alias": null
                        }
                    },
                    {
                        "meta": {
                            "negate": false,
                            "index": "logs-*",
                            "key": "host.os.family",
                            "field": "host.os.family",
                            "params": {
                                "query": "windows"
                            },
                            "type": "phrase",
                            "disabled": false,
                            "alias": null
                        },
                        "query": {
                            "match_phrase": {
                                "host.os.family": "windows"
                            }
                        }
                    }
                ],
                "index": "logs-*",
                "disabled": false,
                "negate": false,
                "alias": null
            },
            "query": {}
        }
    ]
}'
@jkelas jkelas added 8.18 candidate bug Fixes for quality problems that affect the customer experience Feature:Rule Details Security Solution Detection Rule Details page impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team triage_needed labels Dec 10, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@jkelas jkelas mentioned this issue Dec 10, 2024
Merged
2 tasks
jkelas added a commit that referenced this issue Dec 18, 2024
@jkelas @nikitaindik
[Security Solution] Remove warning for rule filter (#201776)
2e3a748 
**Resolves: #178908**

## Summary

This PR fixes a warning displayed for the rule when certain filter is
present.
I followed the suggestion from @nikitaindik in the original ticket and
pulled his fix and tested that it works, but it also needed some
modification borrowed from QueryBar component, namely to update the
filters before displaying the FilterItems component.

Note: This PR only covers the Rule Creation / Rules Details page. Two
new tickets have been created to cover issues found in other places:
#203600 and #203615

# BEFORE
<img width="899" alt="image"
src="https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0">

# AFTER
<img width="901" alt="image"
src="https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907">


### Checklist

Check the PR satisfies following conditions. 

Reviewers should verify this PR satisfies this list as well.

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed

---------

Co-authored-by: Nikita Indik <[email protected]>
kibanamachine pushed a commit to kibanamachine/kibana that referenced this issue Dec 18, 2024
@jkelas
[Security Solution] Remove warning for rule filter (elastic#201776)
1d9c23f 
**Resolves: elastic#178908**

## Summary

This PR fixes a warning displayed for the rule when certain filter is
present.
I followed the suggestion from @nikitaindik in the original ticket and
pulled his fix and tested that it works, but it also needed some
modification borrowed from QueryBar component, namely to update the
filters before displaying the FilterItems component.

Note: This PR only covers the Rule Creation / Rules Details page. Two
new tickets have been created to cover issues found in other places:
elastic#203600 and elastic#203615

# BEFORE
<img width="899" alt="image"
src="https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0">

# AFTER
<img width="901" alt="image"
src="https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907">

### Checklist

Check the PR satisfies following conditions.

Reviewers should verify this PR satisfies this list as well.

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed

---------

Co-authored-by: Nikita Indik <[email protected]>
(cherry picked from commit 2e3a748)
kibanamachine added a commit that referenced this issue Dec 18, 2024
@kibanamachine @jkelas
[8.x] [Security Solution] Remove warning for rule filter (#201776) (#…
2ea0205 
…204704)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[Security Solution] Remove warning for rule filter
(#201776)](#201776)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Jacek
Kolezynski","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-12-18T09:47:05Z","message":"[Security
Solution] Remove warning for rule filter (#201776)\n\n**Resolves:
#178908**\n\n## Summary\n\nThis PR fixes a warning displayed for the
rule when certain filter is\npresent.\nI followed the suggestion from
@nikitaindik in the original ticket and\npulled his fix and tested that
it works, but it also needed some\nmodification borrowed from QueryBar
component, namely to update the\nfilters before displaying the
FilterItems component.\n\nNote: This PR only covers the Rule Creation /
Rules Details page. Two\nnew tickets have been created to cover issues
found in other places:\n#203600 and #203615\n\n# BEFORE\n<img
width=\"899\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0\">\n\n#
AFTER\n<img width=\"901\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907\">\n\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [ ] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [ ] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n\n---------\n\nCo-authored-by: Nikita
Indik
<[email protected]>","sha":"2e3a74829d953e3a968c75e0edaed21dce332c03","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","v9.0.0","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection Rule
Management","Feature:Rule Creation","Feature:Rule Details","Feature:Rule
Edit","backport:version","v8.18.0","v8.16.3","v8.17.1"],"title":"[Security
Solution] Remove warning for rule
filter","number":201776,"url":"https://github.com/elastic/kibana/pull/201776","mergeCommit":{"message":"[Security
Solution] Remove warning for rule filter (#201776)\n\n**Resolves:
#178908**\n\n## Summary\n\nThis PR fixes a warning displayed for the
rule when certain filter is\npresent.\nI followed the suggestion from
@nikitaindik in the original ticket and\npulled his fix and tested that
it works, but it also needed some\nmodification borrowed from QueryBar
component, namely to update the\nfilters before displaying the
FilterItems component.\n\nNote: This PR only covers the Rule Creation /
Rules Details page. Two\nnew tickets have been created to cover issues
found in other places:\n#203600 and #203615\n\n# BEFORE\n<img
width=\"899\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0\">\n\n#
AFTER\n<img width=\"901\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907\">\n\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [ ] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [ ] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n\n---------\n\nCo-authored-by: Nikita
Indik
<[email protected]>","sha":"2e3a74829d953e3a968c75e0edaed21dce332c03"}},"sourceBranch":"main","suggestedTargetBranches":["8.x","8.16","8.17"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/201776","number":201776,"mergeCommit":{"message":"[Security
Solution] Remove warning for rule filter (#201776)\n\n**Resolves:
#178908**\n\n## Summary\n\nThis PR fixes a warning displayed for the
rule when certain filter is\npresent.\nI followed the suggestion from
@nikitaindik in the original ticket and\npulled his fix and tested that
it works, but it also needed some\nmodification borrowed from QueryBar
component, namely to update the\nfilters before displaying the
FilterItems component.\n\nNote: This PR only covers the Rule Creation /
Rules Details page. Two\nnew tickets have been created to cover issues
found in other places:\n#203600 and #203615\n\n# BEFORE\n<img
width=\"899\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0\">\n\n#
AFTER\n<img width=\"901\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907\">\n\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [ ] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [ ] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n\n---------\n\nCo-authored-by: Nikita
Indik
<[email protected]>","sha":"2e3a74829d953e3a968c75e0edaed21dce332c03"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.16","label":"v8.16.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.17","label":"v8.17.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Jacek Kolezynski <[email protected]>
jkelas added a commit to jkelas/kibana that referenced this issue Dec 18, 2024
@jkelas
[Security Solution] Remove warning for rule filter (elastic#201776)
d5a28b1 
**Resolves: elastic#178908**

## Summary

This PR fixes a warning displayed for the rule when certain filter is
present.
I followed the suggestion from @nikitaindik in the original ticket and
pulled his fix and tested that it works, but it also needed some
modification borrowed from QueryBar component, namely to update the
filters before displaying the FilterItems component.

Note: This PR only covers the Rule Creation / Rules Details page. Two
new tickets have been created to cover issues found in other places:
elastic#203600 and elastic#203615

# BEFORE
<img width="899" alt="image"
src="https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0">

# AFTER
<img width="901" alt="image"
src="https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907">

### Checklist

Check the PR satisfies following conditions.

Reviewers should verify this PR satisfies this list as well.

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed

---------

Co-authored-by: Nikita Indik <[email protected]>
(cherry picked from commit 2e3a748)

# Conflicts:
#	x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/rule_definition_section.tsx
#	x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/hooks/use_data_view.ts
jkelas added a commit that referenced this issue Dec 18, 2024
@jkelas
[8.17] [Security Solution] Remove warning for rule filter (#201776) (#…
6643cc3 
…204718)

# Backport

This will backport the following commits from `main` to `8.17`:
- [[Security Solution] Remove warning for rule filter
(#201776)](#201776)

<!--- Backport version: 9.6.2 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Jacek
Kolezynski","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-12-18T09:47:05Z","message":"[Security
Solution] Remove warning for rule filter (#201776)\n\n**Resolves:
#178908**\n\n## Summary\n\nThis PR fixes a warning displayed for the
rule when certain filter is\npresent.\nI followed the suggestion from
@nikitaindik in the original ticket and\npulled his fix and tested that
it works, but it also needed some\nmodification borrowed from QueryBar
component, namely to update the\nfilters before displaying the
FilterItems component.\n\nNote: This PR only covers the Rule Creation /
Rules Details page. Two\nnew tickets have been created to cover issues
found in other places:\n#203600 and #203615\n\n# BEFORE\n<img
width=\"899\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0\">\n\n#
AFTER\n<img width=\"901\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907\">\n\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [ ] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [ ] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n\n---------\n\nCo-authored-by: Nikita
Indik
<[email protected]>","sha":"2e3a74829d953e3a968c75e0edaed21dce332c03","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","v9.0.0","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection Rule
Management","Feature:Rule Creation","Feature:Rule Details","Feature:Rule
Edit","backport:version","v8.18.0","v8.16.3","v8.17.1"],"title":"[Security
Solution] Remove warning for rule
filter","number":201776,"url":"https://github.com/elastic/kibana/pull/201776","mergeCommit":{"message":"[Security
Solution] Remove warning for rule filter (#201776)\n\n**Resolves:
#178908**\n\n## Summary\n\nThis PR fixes a warning displayed for the
rule when certain filter is\npresent.\nI followed the suggestion from
@nikitaindik in the original ticket and\npulled his fix and tested that
it works, but it also needed some\nmodification borrowed from QueryBar
component, namely to update the\nfilters before displaying the
FilterItems component.\n\nNote: This PR only covers the Rule Creation /
Rules Details page. Two\nnew tickets have been created to cover issues
found in other places:\n#203600 and #203615\n\n# BEFORE\n<img
width=\"899\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0\">\n\n#
AFTER\n<img width=\"901\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907\">\n\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [ ] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [ ] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n\n---------\n\nCo-authored-by: Nikita
Indik
<[email protected]>","sha":"2e3a74829d953e3a968c75e0edaed21dce332c03"}},"sourceBranch":"main","suggestedTargetBranches":["8.16","8.17"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/201776","number":201776,"mergeCommit":{"message":"[Security
Solution] Remove warning for rule filter (#201776)\n\n**Resolves:
#178908**\n\n## Summary\n\nThis PR fixes a warning displayed for the
rule when certain filter is\npresent.\nI followed the suggestion from
@nikitaindik in the original ticket and\npulled his fix and tested that
it works, but it also needed some\nmodification borrowed from QueryBar
component, namely to update the\nfilters before displaying the
FilterItems component.\n\nNote: This PR only covers the Rule Creation /
Rules Details page. Two\nnew tickets have been created to cover issues
found in other places:\n#203600 and #203615\n\n# BEFORE\n<img
width=\"899\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0\">\n\n#
AFTER\n<img width=\"901\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907\">\n\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [ ] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [ ] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n\n---------\n\nCo-authored-by: Nikita
Indik
<[email protected]>","sha":"2e3a74829d953e3a968c75e0edaed21dce332c03"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/204704","number":204704,"state":"OPEN"},{"branch":"8.16","label":"v8.16.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.17","label":"v8.17.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
jkelas added a commit that referenced this issue Dec 18, 2024
@jkelas
[8.16] [Security Solution] Remove warning for rule filter (#201776) (#…
56a60e8 
…204728)

# Backport

This will backport the following commits from `main` to `8.16`:
- [[Security Solution] Remove warning for rule filter
(#201776)](#201776)

<!--- Backport version: 9.6.2 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Jacek
Kolezynski","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-12-18T09:47:05Z","message":"[Security
Solution] Remove warning for rule filter (#201776)\n\n**Resolves:
#178908**\n\n## Summary\n\nThis PR fixes a warning displayed for the
rule when certain filter is\npresent.\nI followed the suggestion from
@nikitaindik in the original ticket and\npulled his fix and tested that
it works, but it also needed some\nmodification borrowed from QueryBar
component, namely to update the\nfilters before displaying the
FilterItems component.\n\nNote: This PR only covers the Rule Creation /
Rules Details page. Two\nnew tickets have been created to cover issues
found in other places:\n#203600 and #203615\n\n# BEFORE\n<img
width=\"899\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0\">\n\n#
AFTER\n<img width=\"901\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907\">\n\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [ ] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [ ] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n\n---------\n\nCo-authored-by: Nikita
Indik
<[email protected]>","sha":"2e3a74829d953e3a968c75e0edaed21dce332c03","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","v9.0.0","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection Rule
Management","Feature:Rule Creation","Feature:Rule Details","Feature:Rule
Edit","backport:version","v8.18.0","v8.16.3","v8.17.1"],"title":"[Security
Solution] Remove warning for rule
filter","number":201776,"url":"https://github.com/elastic/kibana/pull/201776","mergeCommit":{"message":"[Security
Solution] Remove warning for rule filter (#201776)\n\n**Resolves:
#178908**\n\n## Summary\n\nThis PR fixes a warning displayed for the
rule when certain filter is\npresent.\nI followed the suggestion from
@nikitaindik in the original ticket and\npulled his fix and tested that
it works, but it also needed some\nmodification borrowed from QueryBar
component, namely to update the\nfilters before displaying the
FilterItems component.\n\nNote: This PR only covers the Rule Creation /
Rules Details page. Two\nnew tickets have been created to cover issues
found in other places:\n#203600 and #203615\n\n# BEFORE\n<img
width=\"899\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0\">\n\n#
AFTER\n<img width=\"901\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907\">\n\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [ ] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [ ] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n\n---------\n\nCo-authored-by: Nikita
Indik
<[email protected]>","sha":"2e3a74829d953e3a968c75e0edaed21dce332c03"}},"sourceBranch":"main","suggestedTargetBranches":["8.16"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/201776","number":201776,"mergeCommit":{"message":"[Security
Solution] Remove warning for rule filter (#201776)\n\n**Resolves:
#178908**\n\n## Summary\n\nThis PR fixes a warning displayed for the
rule when certain filter is\npresent.\nI followed the suggestion from
@nikitaindik in the original ticket and\npulled his fix and tested that
it works, but it also needed some\nmodification borrowed from QueryBar
component, namely to update the\nfilters before displaying the
FilterItems component.\n\nNote: This PR only covers the Rule Creation /
Rules Details page. Two\nnew tickets have been created to cover issues
found in other places:\n#203600 and #203615\n\n# BEFORE\n<img
width=\"899\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0\">\n\n#
AFTER\n<img width=\"901\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907\">\n\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [ ] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [ ] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n\n---------\n\nCo-authored-by: Nikita
Indik
<[email protected]>","sha":"2e3a74829d953e3a968c75e0edaed21dce332c03"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/204704","number":204704,"state":"MERGED","mergeCommit":{"sha":"2ea020542b5c30066b3728d8b718670c5732ca1e","message":"[8.x]
[Security Solution] Remove warning for rule filter (#201776)
(#204704)\n\n# Backport\n\nThis will backport the following commits from
`main` to `8.x`:\n- [[Security Solution] Remove warning for rule
filter\n(#201776)](https://github.com/elastic/kibana/pull/201776)\n\n<!---
Backport version: 9.4.3 -->\n\n### Questions ?\nPlease refer to the
[Backport
tool\ndocumentation](https://github.com/sqren/backport)\n\n<!--BACKPORT
[{\"author\":{\"name\":\"Jacek\nKolezynski\",\"email\":\"[email protected]\"},\"sourceCommit\":{\"committedDate\":\"2024-12-18T09:47:05Z\",\"message\":\"[Security\nSolution]
Remove warning for rule filter
(#201776)\\n\\n**Resolves:\n#178908**\\n\\n## Summary\\n\\nThis PR fixes
a warning displayed for the\nrule when certain filter is\\npresent.\\nI
followed the suggestion from\n@nikitaindik in the original ticket
and\\npulled his fix and tested that\nit works, but it also needed
some\\nmodification borrowed from QueryBar\ncomponent, namely to update
the\\nfilters before displaying the\nFilterItems component.\\n\\nNote:
This PR only covers the Rule Creation /\nRules Details page. Two\\nnew
tickets have been created to cover issues\nfound in other
places:\\n#203600 and #203615\\n\\n#
BEFORE\\n<img\nwidth=\\\"899\\\"\nalt=\\\"image\\\"\\nsrc=\\\"https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0\\\">\\n\\n#\nAFTER\\n<img
width=\\\"901\\\"\nalt=\\\"image\\\"\\nsrc=\\\"https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907\\\">\\n\\n\\n###\nChecklist\\n\\nCheck
the PR satisfies following conditions. \\n\\nReviewers\nshould verify
this PR satisfies this list as well.\\n\\n- [ ] [Unit
or\nfunctional\\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\\nwere\nupdated
or added to match the most common scenarios\\n- [ ]
[Flaky\nTest\\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)\nwas\\nused
on any tests changed\\n\\n---------\\n\\nCo-authored-by:
Nikita\nIndik\n<[email protected]>\",\"sha\":\"2e3a74829d953e3a968c75e0edaed21dce332c03\",\"branchLabelMapping\":{\"^v9.0.0$\":\"main\",\"^v8.18.0$\":\"8.x\",\"^v(\\\\d+).(\\\\d+).\\\\d+$\":\"$1.$2\"}},\"sourcePullRequest\":{\"labels\":[\"bug\",\"release_note:fix\",\"v9.0.0\",\"Team:Detections\nand
Resp\",\"Team: SecuritySolution\",\"Team:Detection
Rule\nManagement\",\"Feature:Rule Creation\",\"Feature:Rule
Details\",\"Feature:Rule\nEdit\",\"backport:version\",\"v8.18.0\",\"v8.16.3\",\"v8.17.1\"],\"title\":\"[Security\nSolution]
Remove warning for
rule\nfilter\",\"number\":201776,\"url\":\"https://github.com/elastic/kibana/pull/201776\",\"mergeCommit\":{\"message\":\"[Security\nSolution]
Remove warning for rule filter
(#201776)\\n\\n**Resolves:\n#178908**\\n\\n## Summary\\n\\nThis PR fixes
a warning displayed for the\nrule when certain filter is\\npresent.\\nI
followed the suggestion from\n@nikitaindik in the original ticket
and\\npulled his fix and tested that\nit works, but it also needed
some\\nmodification borrowed from QueryBar\ncomponent, namely to update
the\\nfilters before displaying the\nFilterItems component.\\n\\nNote:
This PR only covers the Rule Creation /\nRules Details page. Two\\nnew
tickets have been created to cover issues\nfound in other
places:\\n#203600 and #203615\\n\\n#
BEFORE\\n<img\nwidth=\\\"899\\\"\nalt=\\\"image\\\"\\nsrc=\\\"https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0\\\">\\n\\n#\nAFTER\\n<img
width=\\\"901\\\"\nalt=\\\"image\\\"\\nsrc=\\\"https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907\\\">\\n\\n\\n###\nChecklist\\n\\nCheck
the PR satisfies following conditions. \\n\\nReviewers\nshould verify
this PR satisfies this list as well.\\n\\n- [ ] [Unit
or\nfunctional\\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\\nwere\nupdated
or added to match the most common scenarios\\n- [ ]
[Flaky\nTest\\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)\nwas\\nused
on any tests changed\\n\\n---------\\n\\nCo-authored-by:
Nikita\nIndik\n<[email protected]>\",\"sha\":\"2e3a74829d953e3a968c75e0edaed21dce332c03\"}},\"sourceBranch\":\"main\",\"suggestedTargetBranches\":[\"8.x\",\"8.16\",\"8.17\"],\"targetPullRequestStates\":[{\"branch\":\"main\",\"label\":\"v9.0.0\",\"branchLabelMappingKey\":\"^v9.0.0$\",\"isSourceBranch\":true,\"state\":\"MERGED\",\"url\":\"https://github.com/elastic/kibana/pull/201776\",\"number\":201776,\"mergeCommit\":{\"message\":\"[Security\nSolution]
Remove warning for rule filter
(#201776)\\n\\n**Resolves:\n#178908**\\n\\n## Summary\\n\\nThis PR fixes
a warning displayed for the\nrule when certain filter is\\npresent.\\nI
followed the suggestion from\n@nikitaindik in the original ticket
and\\npulled his fix and tested that\nit works, but it also needed
some\\nmodification borrowed from QueryBar\ncomponent, namely to update
the\\nfilters before displaying the\nFilterItems component.\\n\\nNote:
This PR only covers the Rule Creation /\nRules Details page. Two\\nnew
tickets have been created to cover issues\nfound in other
places:\\n#203600 and #203615\\n\\n#
BEFORE\\n<img\nwidth=\\\"899\\\"\nalt=\\\"image\\\"\\nsrc=\\\"https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0\\\">\\n\\n#\nAFTER\\n<img
width=\\\"901\\\"\nalt=\\\"image\\\"\\nsrc=\\\"https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907\\\">\\n\\n\\n###\nChecklist\\n\\nCheck
the PR satisfies following conditions. \\n\\nReviewers\nshould verify
this PR satisfies this list as well.\\n\\n- [ ] [Unit
or\nfunctional\\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\\nwere\nupdated
or added to match the most common scenarios\\n- [ ]
[Flaky\nTest\\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)\nwas\\nused
on any tests changed\\n\\n---------\\n\\nCo-authored-by:
Nikita\nIndik\n<[email protected]>\",\"sha\":\"2e3a74829d953e3a968c75e0edaed21dce332c03\"}},{\"branch\":\"8.x\",\"label\":\"v8.18.0\",\"branchLabelMappingKey\":\"^v8.18.0$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"},{\"branch\":\"8.16\",\"label\":\"v8.16.3\",\"branchLabelMappingKey\":\"^v(\\\\d+).(\\\\d+).\\\\d+$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"},{\"branch\":\"8.17\",\"label\":\"v8.17.1\",\"branchLabelMappingKey\":\"^v(\\\\d+).(\\\\d+).\\\\d+$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"}]}]\nBACKPORT-->\n\nCo-authored-by:
Jacek Kolezynski
<[email protected]>"}},{"branch":"8.16","label":"v8.16.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.17","label":"v8.17.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/204718","number":204718,"state":"OPEN"}]}]
BACKPORT-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@banderror banderror

Labels
8.18 candidate bug Fixes for quality problems that affect the customer experience Feature:Rule Details Security Solution Detection Rule Details page impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. triage_needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@banderror @elasticmachine @jkelas