Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] All detection rules cannot be selected with one operation - limited to 300 max #86784

Closed
MikePaquette opened this issue Dec 22, 2020 · 4 comments
Closed

[Security Solution] All detection rules cannot be selected with one operation - limited to 300 max #86784

MikePaquette opened this issue Dec 22, 2020 · 4 comments
Assignees
@dplumlee
Labels
bug Fixes for quality problems that affect the customer experience Feature:Rule Actions Security Solution Detection Rule Actions area fixed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v7.11.0

Comments

@MikePaquette
Copy link

Describe the bug:

  • Users need to repeat bulk operations on rules if the number of rules exceeds 300, causing extra work, and risk of inconsistent operations.

Kibana/Elasticsearch Stack version:

  • 7.11.0 BC1

Functional Area (e.g. Endpoint management, timelines, resolver, etc.):

  • Detection rules
  • Rule management

Preconditions:

  • None

Steps to reproduce:

  1. Navigate to Security > Detections
  2. Click on Manage detection rules button

Current behavior:

  • User can check the checkbox next to "Rules" to select all rules currently in rules table.
  • The number of rows in the rules table is limited to 300
  • The number of prebuilt rules exceeds 300
  • Result is that the user must repeat any bulk operation multiple times when number of rules exceeds number of table rows.
  • This causes extra work on the detection engineer, causing frustration.

Expected behavior:

  • User needs some way to select all rules in rules table

Errors in browser console (if relevant):
None

Errors in browser console (if relevant):
None

Provide logs and/or server output (if relevant):
None

Any additional context:

  • Condition was present in 7.10 when prebuilt rules exceeded 300

Screenshots (if relevant):
image

Errors in browser console (if relevant):
None

Provide logs and/or server output (if relevant):
None
@MikePaquette MikePaquette added bug Fixes for quality problems that affect the customer experience v7.11.0 Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Feature:Rule Actions Security Solution Detection Rule Actions area labels Dec 22, 2020
@MadameSheema MadameSheema added enhancement New value added to drive a business result and removed bug Fixes for quality problems that affect the customer experience labels Jan 4, 2021
@MikePaquette
Copy link
Author

@MadameSheema I think this is higher priority, and should be treated like a bug, since it causes the analyst/rule_author to perform extra work, causes frustration, and can introduce errors. Can we get this fixed in 7.11.0?

@MadameSheema MadameSheema added bug Fixes for quality problems that affect the customer experience impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. and removed enhancement New value added to drive a business result labels Jan 5, 2021
@MadameSheema
Copy link
Member

@spong @peluja1012 can we tackle this issue on 7.11?

@dplumlee dplumlee mentioned this issue Jan 5, 2021
Merged
2 tasks
@peluja1012
Copy link
Contributor

PR here #87410

@MadameSheema
Copy link
Member

Lots of thanks for the fix @peluja1012 ❤️

@peluja1012 peluja1012 mentioned this issue May 6, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dplumlee dplumlee

Labels
bug Fixes for quality problems that affect the customer experience Feature:Rule Actions Security Solution Detection Rule Actions area fixed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v7.11.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@peluja1012 @MadameSheema @MikePaquette @dplumlee