Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[7.x] [Security Solution][Detections] - rule query preview bug fix (#80750) #81196

Merged
merged 1 commit into from
Oct 20, 2020
Merged

[7.x] [Security Solution][Detections] - rule query preview bug fix (#80750) #81196

merged 1 commit into from
Oct 20, 2020

Conversation

yctercero
Copy link
Contributor

Backports the following commits to 7.x:

@yctercero
[Security Solution][Detections] - rule query preview bug fix (elastic…
fe8945a 
…#80750)

### Summary 

This PR addresses the remaining query preview bugs. 

- it adds index, and request information to eql inspect - it seems that for some reason the eql search strategy response returns `null` for the `params.body` in complete responses, but not in partial responses and does not include index info. As a workaround, I set the inspect info on partial responses and manually add index info
  - added to-dos pointing this out in the code
- updated eql sequence queries preview to use the last event timestamp of a sequence to display the hits within a histogram
- it checks buckets length to determine noise warning for threshold rules, as opposed to total hit count
- remove unused i18n text
- fixes bug where threshold is being passed in for all rule types as it's always defined in the creation step, added a check to only pass through to `useMatrixHistogram` hook when rule type is threshold
@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

async chunks size

id before after diff
securitySolution 8.1MB 8.1MB +1.6KB

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@yctercero yctercero merged commit a92a3d1 into elastic:7.x Oct 20, 2020
@MindyRS MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Oct 27, 2020
@yctercero yctercero deleted the backport/7.x/pr-80750 branch December 6, 2020 19:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
backport Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@yctercero @kibanamachine @MindyRS