[Security Solution] Make Rule Execution Errors more user friendly and actionable #128340
Comments
spong
added
triage_needed
enhancement
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Added it to several backlogs. cc @jethr0null @peluja1012 for visibility. I think it's a great idea but it could take a lot of effort to figure out and formalize all the possible (or at least typical/well-known) errors. Sounds like an epic maybe? If we want to address this, maybe we could first try to figure out a better way of showing this particular error from the description. Also, it would be useful to collect other not-so-clear warnings and errors we show. |
|
With regards to ML Rule failures, we should surface the underlying job/datafeed error(s) as the current job missing/not running error is not helpful in guiding the user to the ML App to determine why their ML Jobs are not operational. We should also include a link to (and expand) the ML Rule Troubleshooting documentation to aid in the user resolving these issues on their own. |
banderror
changed the title
yctercero
added
Team:Detection Engine
|
Another option here is bringing in our robot reinforcements... 😀 Thanks for #166778 @dhurley14! |
We do a pretty good job surfacing the many different types of errors that may occur during rule execution, however often these errors are quite lengthy and require a bit of deciphering on the user's part. This issue is for providing more friendly and actionable rule execution errors, perhaps by introducing dedicated
error_code's that can be referenced in documentation, UI, telemetry, etc.Most recent discuss post where this was raised:
https://discuss.elastic.co/t/elastic-security-rule-exception/300273
The text was updated successfully, but these errors were encountered: