[Security Solution] Exceptions TTL Follow-up #151952
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dplumlee
added
bug
x-pack/plugins/lists/server/services/exception_lists/put_update_exception_list_item.ts
Outdated
Show resolved
Hide resolved
|
@elasticmachine merge upstream |
dplumlee
force-pushed
the
expire-time-follow-up
branch
from
da1023e to
128ee1c
Compare
💚 Build Succeeded
Metrics [docs]Public APIs missing comments
Async chunks
Unknown metric groupsAPI count
ESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: cc @dplumlee |
banderror
approved these changes
Mar 1, 2023
dhurley14
approved these changes
Mar 3, 2023
yctercero
approved these changes
Mar 3, 2023
There was a problem hiding this comment.
Code LGTM. Pulled down and tested:
- creating non endpoint exception item with ttl
- waiting to see it expire and it switch over to only showing under expired filter in rule details exceptions tab
- edited ttl
- removed ttl from item
- created endpoint exception and made sure it wasn't showing there
- created trusted apps and made sure it wasn't showing there
- made sure I could not create an endpoint exception item with TTL via API
- made sure I could not modify
created_byduring update
It would be great to add cypress tests for this flow.
| @@ -579,6 +578,11 @@ export class ExceptionListClient { | |||
|
|
|||
| /** | |||
| * Update an existing exception list item | |||
| * | |||
| * NOTE: This method will PATCH the targeted exception list item, not fully overwrite it. | |||
There was a problem hiding this comment.
Should we update the exception docs? This may already be in the works, but this is what we have right now I think - https://www.elastic.co/guide/en/security/current/exceptions-api-update-item.html
There was a problem hiding this comment.
Hmm probably worth updating them since the behavior will be different, I'll reach out to docs team
|
@yctercero Agreed, have cypress tests coming for this and a few other workflows in this PR |
dplumlee
added
the
backport:prev-minor
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Mar 4, 2023
(cherry picked from commit 203fa3a)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Mar 4, 2023
# Backport This will backport the following commits from `main` to `8.7`: - [[Security Solution] Exceptions TTL Follow-up (#151952)](#151952) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Davis Plumlee","email":"56367316+dplumlee@users.noreply.github.com"},"sourceCommit":{"committedDate":"2023-03-03T23:56:39Z","message":"[Security Solution] Exceptions TTL Follow-up (#151952)","sha":"203fa3a9552bdcef37cf62473af5792cc8d23a79","branchLabelMapping":{"^v8.8.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","Team:Detection Alerts","v8.7.0","v8.8.0"],"number":151952,"url":"https://github.com/elastic/kibana/pull/151952","mergeCommit":{"message":"[Security Solution] Exceptions TTL Follow-up (#151952)","sha":"203fa3a9552bdcef37cf62473af5792cc8d23a79"}},"sourceBranch":"main","suggestedTargetBranches":["8.7"],"targetPullRequestStates":[{"branch":"8.7","label":"v8.7.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.8.0","labelRegex":"^v8.8.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/151952","number":151952,"mergeCommit":{"message":"[Security Solution] Exceptions TTL Follow-up (#151952)","sha":"203fa3a9552bdcef37cf62473af5792cc8d23a79"}}]}] BACKPORT--> --------- Co-authored-by: Davis Plumlee <56367316+dplumlee@users.noreply.github.com> Co-authored-by: Davis Plumlee <davis.plumlee@elastic.co>
4 tasks
dplumlee
added a commit
that referenced
this pull request
Mar 5, 2023
bmorelli25
pushed a commit
to bmorelli25/kibana
that referenced
this pull request
Mar 10, 2023
bmorelli25
pushed a commit
to bmorelli25/kibana
that referenced
this pull request
Mar 10, 2023
Addresses elastic#152653 Fixes a merge conflict that somehow made its way into main between these two PRs ([1](elastic#152301), [2](elastic#151952))
15 tasks
15 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Addresses a number of bugs that were found in the original Exceptions TTL PR:
Also strips out the UI elements for endpoint exception TTL - to be reimplemented in a later PR
PUT update route
Adds another update method to the exceptions list client as our existing method uses a PATCH style update wherein any
undefinedvalues don't get unset, they just remain unchanged. For theexpire_timefield, we couldn't use this style, and so this PR switches the update exception list item route to utilize the new method which should act identical in all cases from the users perspective except fixing the existing bug listed above whereexpire_timefields are unable to be unset.Checklist
Delete any items that are not applicable to this PR.
For maintainers