[Security Solution] Unable to upgrade rules with missing base version
#200904
Assignees
Labels
8.17 candidate
bug
Fixes for quality problems that affect the customer experience
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules area
impact:high
Addressing this issue will have a high level of impact on the quality/strength of our product.
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
v8.16.2
v8.17.0
v8.18.0
Comments
xcrzx
added
8.18 candidate
bug
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
xcrzx
changed the title
base version
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Nov 25, 2024
…ules with missing base version (elastic#201301) **Resolves: elastic#200904 ## Summary This PR unlocks Prebuilt Rules Customization workflow for rules with missing base version. ## Details Each Prebuilt Rule update contains `version` diff. `version` is a special non-customizable field we use to track prebuilt rule version. It always gets target rule version's value after rule upgrade. A generic `numberDiffAlgorithm` algorithm was used for `version` field. It produces a `SOLVABLE` conflict when rule's base version is missing. It blocked the workflow in UI. We check the number of field with conflicts versus resolved conflicts to decide when a rule is ready for upgrade. In case `version` field got a conflict user had no possibility to resolve it. The fix adds a new `forceTargetVersionDiffAlgorithm` diff algorithm applied only for `version` field. It produces a non-conflict diff all the time even when base version is missing. The reason behind is that `version` always gets target rule's version. (cherry picked from commit dea9312)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Nov 25, 2024
…ules with missing base version (elastic#201301) **Resolves: elastic#200904 ## Summary This PR unlocks Prebuilt Rules Customization workflow for rules with missing base version. ## Details Each Prebuilt Rule update contains `version` diff. `version` is a special non-customizable field we use to track prebuilt rule version. It always gets target rule version's value after rule upgrade. A generic `numberDiffAlgorithm` algorithm was used for `version` field. It produces a `SOLVABLE` conflict when rule's base version is missing. It blocked the workflow in UI. We check the number of field with conflicts versus resolved conflicts to decide when a rule is ready for upgrade. In case `version` field got a conflict user had no possibility to resolve it. The fix adds a new `forceTargetVersionDiffAlgorithm` diff algorithm applied only for `version` field. It produces a non-conflict diff all the time even when base version is missing. The reason behind is that `version` always gets target rule's version. (cherry picked from commit dea9312)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Nov 25, 2024
…ules with missing base version (elastic#201301) **Resolves: elastic#200904 ## Summary This PR unlocks Prebuilt Rules Customization workflow for rules with missing base version. ## Details Each Prebuilt Rule update contains `version` diff. `version` is a special non-customizable field we use to track prebuilt rule version. It always gets target rule version's value after rule upgrade. A generic `numberDiffAlgorithm` algorithm was used for `version` field. It produces a `SOLVABLE` conflict when rule's base version is missing. It blocked the workflow in UI. We check the number of field with conflicts versus resolved conflicts to decide when a rule is ready for upgrade. In case `version` field got a conflict user had no possibility to resolve it. The fix adds a new `forceTargetVersionDiffAlgorithm` diff algorithm applied only for `version` field. It produces a non-conflict diff all the time even when base version is missing. The reason behind is that `version` always gets target rule's version. (cherry picked from commit dea9312)
paulinashakirova
pushed a commit
to paulinashakirova/kibana
that referenced
this issue
Nov 26, 2024
…ules with missing base version (elastic#201301) **Resolves: elastic#200904 ## Summary This PR unlocks Prebuilt Rules Customization workflow for rules with missing base version. ## Details Each Prebuilt Rule update contains `version` diff. `version` is a special non-customizable field we use to track prebuilt rule version. It always gets target rule version's value after rule upgrade. A generic `numberDiffAlgorithm` algorithm was used for `version` field. It produces a `SOLVABLE` conflict when rule's base version is missing. It blocked the workflow in UI. We check the number of field with conflicts versus resolved conflicts to decide when a rule is ready for upgrade. In case `version` field got a conflict user had no possibility to resolve it. The fix adds a new `forceTargetVersionDiffAlgorithm` diff algorithm applied only for `version` field. It produces a non-conflict diff all the time even when base version is missing. The reason behind is that `version` always gets target rule's version.
8 tasks
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this issue
Dec 12, 2024
…ules with missing base version (elastic#201301) **Resolves: elastic#200904 ## Summary This PR unlocks Prebuilt Rules Customization workflow for rules with missing base version. ## Details Each Prebuilt Rule update contains `version` diff. `version` is a special non-customizable field we use to track prebuilt rule version. It always gets target rule version's value after rule upgrade. A generic `numberDiffAlgorithm` algorithm was used for `version` field. It produces a `SOLVABLE` conflict when rule's base version is missing. It blocked the workflow in UI. We check the number of field with conflicts versus resolved conflicts to decide when a rule is ready for upgrade. In case `version` field got a conflict user had no possibility to resolve it. The fix adds a new `forceTargetVersionDiffAlgorithm` diff algorithm applied only for `version` field. It produces a non-conflict diff all the time even when base version is missing. The reason behind is that `version` always gets target rule's version.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Epic: #174168
Related to: #200286
Summary
When a rule has a missing
baseversion, the update to theversionfield is treated as a conflict, which blocks the update flow.Steps to Reproduce
baseversion.Expected Result
Users should be able to resolve conflicts and update the rule successfully.
Actual Result
Rule update is not possible, even after resolving all conflicts, due to an "invisible" conflict in the
versionfield:The text was updated successfully, but these errors were encountered: