[Security Solution][Investigations][Timeline] - Update getExceptions to use parameters #145889
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
michaelolo24
added
bug
michaelolo24
force-pushed
the
fix-threshold-exceptions-filter
branch
from
5acba6f to
e77189e
Compare
|
@elasticmachine merge upstream |
💛 Build succeeded, but was flaky
Failed CI StepsMetrics [docs]Async chunks
Unknown metric groupsESLint disabled in files
ESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: |
logeekal
approved these changes
Nov 28, 2022
| exceptionsList = parametersObject?.exceptions_list ?? []; | ||
| } | ||
| } catch (error) { | ||
| // do nothing, just fail silently as parametersObject is initialized |
There was a problem hiding this comment.
parametersObject
Did you mean exceptionList?
There was a problem hiding this comment.
Yea, I updated the code, but not the comment, will do a follow up cleanup PR for this. Thanks!
| const exceptionsLists = (getField(ecsData, ALERT_RULE_EXCEPTIONS_LIST) ?? []).reduce( | ||
| (acc: ExceptionListId[], next: string) => { | ||
| const parsedList = JSON.parse(next); | ||
| // This pulls exceptions list information from `_source` |
| const detectionExceptionsLists = exceptionsList.reduce( | ||
| (acc: ExceptionListId[], next: string | object) => { | ||
| // parsed rule.parameters returns an object else use the default string representation | ||
| const parsedList = typeof next === 'string' ? JSON.parse(next) : next; |
There was a problem hiding this comment.
Do you think that this line(JSON.parse) might result in exception when ......next === ''
There was a problem hiding this comment.
I'm not sure exceptions list will ever actually be ''. The existing code didn't have checks for this either, but it may be worth guarding against, will add a change for this as well, thanks!
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Nov 28, 2022
…to use parameters (elastic#145889) ## Summary Fixes: elastic#136772 The issue was introduced by a couple of changes: First: https://github.com/elastic/kibana/pull/136163/files#diff-02d33a1ed6679f7775dc01941ca21b085d7c008ecffe5e029f5967407a5e5b13L23 in 8.4. The bug: A filter on the timeline UI relied on the `exceptions_list` field provided on `_source` to auto-generate a filter when investigating in timeline labelled `Not Exceptions` which would filter out the exceptions from the timeline. This PR resolves that issue by pulling the `exceptions_list` field from `kibana.alert.rule.parameters`. Second: https://github.com/elastic/kibana/pull/133254/files#diff-0f69b69fd9cefef6ed04a048d7df86b7e385e816bdf17309212437dc3f69726cL74 The filter actually stopped being passed to timeline entirely because of the above change. With the fixes in place: https://user-images.githubusercontent.com/17211684/203111748-7a0c2eb5-a46f-4f88-9d77-3628204625ac.mov (cherry picked from commit b32c8b9)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Nov 28, 2022
…to use parameters (elastic#145889) ## Summary Fixes: elastic#136772 The issue was introduced by a couple of changes: First: https://github.com/elastic/kibana/pull/136163/files#diff-02d33a1ed6679f7775dc01941ca21b085d7c008ecffe5e029f5967407a5e5b13L23 in 8.4. The bug: A filter on the timeline UI relied on the `exceptions_list` field provided on `_source` to auto-generate a filter when investigating in timeline labelled `Not Exceptions` which would filter out the exceptions from the timeline. This PR resolves that issue by pulling the `exceptions_list` field from `kibana.alert.rule.parameters`. Second: https://github.com/elastic/kibana/pull/133254/files#diff-0f69b69fd9cefef6ed04a048d7df86b7e385e816bdf17309212437dc3f69726cL74 The filter actually stopped being passed to timeline entirely because of the above change. With the fixes in place: https://user-images.githubusercontent.com/17211684/203111748-7a0c2eb5-a46f-4f88-9d77-3628204625ac.mov (cherry picked from commit b32c8b9)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Nov 28, 2022
…tions to use parameters (#145889) (#146414) # Backport This will backport the following commits from `main` to `8.5`: - [[Security Solution][Investigations][Timeline] - Update getExceptions to use parameters (#145889)](#145889) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Michael Olorunnisola","email":"[email protected]"},"sourceCommit":{"committedDate":"2022-11-28T15:08:48Z","message":"[Security Solution][Investigations][Timeline] - Update getExceptions to use parameters (#145889)\n\n## Summary\r\n\r\nFixes: https://github.com/elastic/kibana/issues/136772\r\n\r\nThe issue was introduced by a couple of changes:\r\n\r\nFirst:\r\nhttps://github.com//pull/136163/files#diff-02d33a1ed6679f7775dc01941ca21b085d7c008ecffe5e029f5967407a5e5b13L23\r\nin 8.4.\r\n\r\nThe bug: A filter on the timeline UI relied on the `exceptions_list`\r\nfield provided on `_source` to auto-generate a filter when investigating\r\nin timeline labelled `Not Exceptions` which would filter out the\r\nexceptions from the timeline. This PR resolves that issue by pulling the\r\n`exceptions_list` field from `kibana.alert.rule.parameters`.\r\n\r\nSecond:\r\nhttps://github.com//pull/133254/files#diff-0f69b69fd9cefef6ed04a048d7df86b7e385e816bdf17309212437dc3f69726cL74\r\n\r\nThe filter actually stopped being passed to timeline entirely because of\r\nthe above change.\r\n\r\nWith the fixes in place:\r\n\r\n\r\nhttps://user-images.githubusercontent.com/17211684/203111748-7a0c2eb5-a46f-4f88-9d77-3628204625ac.mov","sha":"b32c8b9df89188cdcb149bd1d9494d3f99999ad6","branchLabelMapping":{"^v8.7.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","backport","release_note:fix","Team:Threat Hunting:Investigations","v8.5.0","v8.6.0","v8.7.0"],"number":145889,"url":"https://github.com/elastic/kibana/pull/145889","mergeCommit":{"message":"[Security Solution][Investigations][Timeline] - Update getExceptions to use parameters (#145889)\n\n## Summary\r\n\r\nFixes: https://github.com/elastic/kibana/issues/136772\r\n\r\nThe issue was introduced by a couple of changes:\r\n\r\nFirst:\r\nhttps://github.com//pull/136163/files#diff-02d33a1ed6679f7775dc01941ca21b085d7c008ecffe5e029f5967407a5e5b13L23\r\nin 8.4.\r\n\r\nThe bug: A filter on the timeline UI relied on the `exceptions_list`\r\nfield provided on `_source` to auto-generate a filter when investigating\r\nin timeline labelled `Not Exceptions` which would filter out the\r\nexceptions from the timeline. This PR resolves that issue by pulling the\r\n`exceptions_list` field from `kibana.alert.rule.parameters`.\r\n\r\nSecond:\r\nhttps://github.com//pull/133254/files#diff-0f69b69fd9cefef6ed04a048d7df86b7e385e816bdf17309212437dc3f69726cL74\r\n\r\nThe filter actually stopped being passed to timeline entirely because of\r\nthe above change.\r\n\r\nWith the fixes in place:\r\n\r\n\r\nhttps://user-images.githubusercontent.com/17211684/203111748-7a0c2eb5-a46f-4f88-9d77-3628204625ac.mov","sha":"b32c8b9df89188cdcb149bd1d9494d3f99999ad6"}},"sourceBranch":"main","suggestedTargetBranches":["8.5","8.6"],"targetPullRequestStates":[{"branch":"8.5","label":"v8.5.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.6","label":"v8.6.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.7.0","labelRegex":"^v8.7.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/145889","number":145889,"mergeCommit":{"message":"[Security Solution][Investigations][Timeline] - Update getExceptions to use parameters (#145889)\n\n## Summary\r\n\r\nFixes: https://github.com/elastic/kibana/issues/136772\r\n\r\nThe issue was introduced by a couple of changes:\r\n\r\nFirst:\r\nhttps://github.com//pull/136163/files#diff-02d33a1ed6679f7775dc01941ca21b085d7c008ecffe5e029f5967407a5e5b13L23\r\nin 8.4.\r\n\r\nThe bug: A filter on the timeline UI relied on the `exceptions_list`\r\nfield provided on `_source` to auto-generate a filter when investigating\r\nin timeline labelled `Not Exceptions` which would filter out the\r\nexceptions from the timeline. This PR resolves that issue by pulling the\r\n`exceptions_list` field from `kibana.alert.rule.parameters`.\r\n\r\nSecond:\r\nhttps://github.com//pull/133254/files#diff-0f69b69fd9cefef6ed04a048d7df86b7e385e816bdf17309212437dc3f69726cL74\r\n\r\nThe filter actually stopped being passed to timeline entirely because of\r\nthe above change.\r\n\r\nWith the fixes in place:\r\n\r\n\r\nhttps://user-images.githubusercontent.com/17211684/203111748-7a0c2eb5-a46f-4f88-9d77-3628204625ac.mov","sha":"b32c8b9df89188cdcb149bd1d9494d3f99999ad6"}}]}] BACKPORT--> Co-authored-by: Michael Olorunnisola <[email protected]>
kibanamachine
added a commit
that referenced
this pull request
Nov 28, 2022
…tions to use parameters (#145889) (#146415) # Backport This will backport the following commits from `main` to `8.6`: - [[Security Solution][Investigations][Timeline] - Update getExceptions to use parameters (#145889)](#145889) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Michael Olorunnisola","email":"[email protected]"},"sourceCommit":{"committedDate":"2022-11-28T15:08:48Z","message":"[Security Solution][Investigations][Timeline] - Update getExceptions to use parameters (#145889)\n\n## Summary\r\n\r\nFixes: https://github.com/elastic/kibana/issues/136772\r\n\r\nThe issue was introduced by a couple of changes:\r\n\r\nFirst:\r\nhttps://github.com//pull/136163/files#diff-02d33a1ed6679f7775dc01941ca21b085d7c008ecffe5e029f5967407a5e5b13L23\r\nin 8.4.\r\n\r\nThe bug: A filter on the timeline UI relied on the `exceptions_list`\r\nfield provided on `_source` to auto-generate a filter when investigating\r\nin timeline labelled `Not Exceptions` which would filter out the\r\nexceptions from the timeline. This PR resolves that issue by pulling the\r\n`exceptions_list` field from `kibana.alert.rule.parameters`.\r\n\r\nSecond:\r\nhttps://github.com//pull/133254/files#diff-0f69b69fd9cefef6ed04a048d7df86b7e385e816bdf17309212437dc3f69726cL74\r\n\r\nThe filter actually stopped being passed to timeline entirely because of\r\nthe above change.\r\n\r\nWith the fixes in place:\r\n\r\n\r\nhttps://user-images.githubusercontent.com/17211684/203111748-7a0c2eb5-a46f-4f88-9d77-3628204625ac.mov","sha":"b32c8b9df89188cdcb149bd1d9494d3f99999ad6","branchLabelMapping":{"^v8.7.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","backport","release_note:fix","Team:Threat Hunting:Investigations","v8.5.0","v8.6.0","v8.7.0"],"number":145889,"url":"https://github.com/elastic/kibana/pull/145889","mergeCommit":{"message":"[Security Solution][Investigations][Timeline] - Update getExceptions to use parameters (#145889)\n\n## Summary\r\n\r\nFixes: https://github.com/elastic/kibana/issues/136772\r\n\r\nThe issue was introduced by a couple of changes:\r\n\r\nFirst:\r\nhttps://github.com//pull/136163/files#diff-02d33a1ed6679f7775dc01941ca21b085d7c008ecffe5e029f5967407a5e5b13L23\r\nin 8.4.\r\n\r\nThe bug: A filter on the timeline UI relied on the `exceptions_list`\r\nfield provided on `_source` to auto-generate a filter when investigating\r\nin timeline labelled `Not Exceptions` which would filter out the\r\nexceptions from the timeline. This PR resolves that issue by pulling the\r\n`exceptions_list` field from `kibana.alert.rule.parameters`.\r\n\r\nSecond:\r\nhttps://github.com//pull/133254/files#diff-0f69b69fd9cefef6ed04a048d7df86b7e385e816bdf17309212437dc3f69726cL74\r\n\r\nThe filter actually stopped being passed to timeline entirely because of\r\nthe above change.\r\n\r\nWith the fixes in place:\r\n\r\n\r\nhttps://user-images.githubusercontent.com/17211684/203111748-7a0c2eb5-a46f-4f88-9d77-3628204625ac.mov","sha":"b32c8b9df89188cdcb149bd1d9494d3f99999ad6"}},"sourceBranch":"main","suggestedTargetBranches":["8.5","8.6"],"targetPullRequestStates":[{"branch":"8.5","label":"v8.5.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.6","label":"v8.6.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.7.0","labelRegex":"^v8.7.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/145889","number":145889,"mergeCommit":{"message":"[Security Solution][Investigations][Timeline] - Update getExceptions to use parameters (#145889)\n\n## Summary\r\n\r\nFixes: https://github.com/elastic/kibana/issues/136772\r\n\r\nThe issue was introduced by a couple of changes:\r\n\r\nFirst:\r\nhttps://github.com//pull/136163/files#diff-02d33a1ed6679f7775dc01941ca21b085d7c008ecffe5e029f5967407a5e5b13L23\r\nin 8.4.\r\n\r\nThe bug: A filter on the timeline UI relied on the `exceptions_list`\r\nfield provided on `_source` to auto-generate a filter when investigating\r\nin timeline labelled `Not Exceptions` which would filter out the\r\nexceptions from the timeline. This PR resolves that issue by pulling the\r\n`exceptions_list` field from `kibana.alert.rule.parameters`.\r\n\r\nSecond:\r\nhttps://github.com//pull/133254/files#diff-0f69b69fd9cefef6ed04a048d7df86b7e385e816bdf17309212437dc3f69726cL74\r\n\r\nThe filter actually stopped being passed to timeline entirely because of\r\nthe above change.\r\n\r\nWith the fixes in place:\r\n\r\n\r\nhttps://user-images.githubusercontent.com/17211684/203111748-7a0c2eb5-a46f-4f88-9d77-3628204625ac.mov","sha":"b32c8b9df89188cdcb149bd1d9494d3f99999ad6"}}]}] BACKPORT--> Co-authored-by: Michael Olorunnisola <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Fixes: #136772
The issue was introduced by a couple of changes:
First: https://github.com/elastic/kibana/pull/136163/files#diff-02d33a1ed6679f7775dc01941ca21b085d7c008ecffe5e029f5967407a5e5b13L23 in 8.4.
The bug: A filter on the timeline UI relied on the
exceptions_listfield provided on_sourceto auto-generate a filter when investigating in timeline labelledNot Exceptionswhich would filter out the exceptions from the timeline. This PR resolves that issue by pulling theexceptions_listfield fromkibana.alert.rule.parameters.Second: https://github.com/elastic/kibana/pull/133254/files#diff-0f69b69fd9cefef6ed04a048d7df86b7e385e816bdf17309212437dc3f69726cL74
The filter actually stopped being passed to timeline entirely because of the above change.
With the fixes in place:
Screen.Recording.2022-11-21.at.11.40.17.AM.mov