Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Exception]Auto-Suggest field value not working for Rule Exception on 7.13.0-SNAPSHOT #95910

Closed
ghost opened this issue Mar 31, 2021 · 12 comments
Closed

[Security Solution][Exception]Auto-Suggest field value not working for Rule Exception on 7.13.0-SNAPSHOT #95910

ghost opened this issue Mar 31, 2021 · 12 comments
Assignees
@yctercero
Labels
bug Fixes for quality problems that affect the customer experience fixed impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v7.13.0

Comments

@ghost
Copy link

ghost commented Mar 31, 2021

Describe the bug
Auto-Suggest field value not working for Rule Exception on 7.13.0-SNAPSHOT

Build Details:
Version: 7.13.0-SNAPSHOT
Commit:e5f116a79c0d3acb783669693b42f030d32c2ac1
Build:39905

Browser Details
All

Preconditions

  1. Elastic Cloud version 7.13.0-SNAPSHOT should be available.
  2. Endpoint security should be installed.

Steps to Reproduce

  1. Navigate to Detection Tab of Security App.
  2. Generate detection Alert let say Malicious detection alert.
  3. Click on ... against the alert entry
  4. Select rule exception.
  5. Select "file.path.caseless" field with is operator
  6. Type few initial of the path
  7. Observed that auto suggestion for the field is not working , same is observed for file.hash.SHA256/MD5/SHA1

Actual Result
Auto-Suggest field value not working for Rule Exception on 7.13.0-SNAPSHOT.

Expected Result**
Auto-Suggest field value should work for Rule Exception on 7.13.0-SNAPSHOT.

Whats Working

  • Issue not occuring for Endpoint Exception Field on 7.13.0 SNAPSHOT
  • Issue not occuring for Rule Exception Filed on Released 7.12.0 Build
working-auto-fill.mp4

Whats Not Working

  • Issue also occuring on adding rule exception for Detection Rule

Screenshots

Issue-auto-fill.mp4

Logs
N/A
@ghost ghost added bug Fixes for quality problems that affect the customer experience Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Mar 31, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@ghost
Copy link
Author

ghost commented Mar 31, 2021

@manishgupta-qasource sir , please review

@manishgupta-qasource
Copy link

Reviewed & assigned to @peluja1012

@manishgupta-qasource manishgupta-qasource added the impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. label Mar 31, 2021
@ghost ghost mentioned this issue Mar 31, 2021
Merged
8 tasks
@yctercero
Copy link
Contributor

@karanbirsingh-qasource - this could be due to the last PR in this series not yet being merged into 7.13. It touches one of the QA files so it requires QA code owner review. When testing out this last PR locally, auto suggest works as expected:

image

image

Could we revisit this once all the code is merged as it seems to work?

@ghost
Copy link
Author

ghost commented Apr 1, 2021

sure @yctercero thanks for the update of last build failure .

we will re-test the issue once that respective PR get merged with all success builds .

@ghost
Copy link
Author

ghost commented Apr 2, 2021

thanks @yctercero for the update of passed job for the linked PR.

we have validated this on 7.13.0-SNAPSHOT and found it still occuring . Auto Suggest in not working on Rule Exception form fields.

Build Details:

Version: 7.13.0-SNAPSHOT
Commit:5443379a381211da2872be856417bdbfa656a7dd
Build:39998

Artifact Page: https://artifacts-api.elastic.co/v1/search/7.13.0-SNAPSHOT

Snap-Shoot:
image
image
image

@MadameSheema MadameSheema added the Team:Detections and Resp Security Detection Response Team label Apr 6, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@yctercero
Copy link
Contributor

Waiting on the CI to pass to merge that last PR #96358

@MadameSheema
Copy link
Member

Amazing @yctercero thanks :D

@yctercero
Copy link
Contributor

PR was merged! 😅 Finally 7.13 backport passed. Should now hopefully be ready for testing.

@ghost
Copy link
Author

ghost commented Apr 12, 2021

Thanks 👍 @yctercero for keeping us posted for PR merge.

we have validated this issue on 7.13.0-SNAPSHOT and found that issue is Fixed 🟢 . Auto suggest filed value are displayed in drop-down for Rule Exception Form fields.

Build Details:

Version: 7.13.0-SNAPSHOT
Commit:17fafeffdea652380ddfb4cb2701613cfad46d5e
Build:40169

Snap-Shoot:

  • File path auto suggestion
    image
  • File path auto suggestion
    image

Hence , we are closing this issue.

thanks !!

@ghost ghost closed this as completed Apr 12, 2021
@ghost
Copy link

ghost commented Jun 9, 2021

Bug Conversion:

Test-Case already exist for this Ticket
https://elastic.testrail.io/index.php?/cases/view/18011

Thanks!!

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yctercero yctercero

Labels
bug Fixes for quality problems that affect the customer experience fixed impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v7.13.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@peluja1012 @yctercero @elasticmachine @MadameSheema @manishgupta-qasource