[Security Solution] [Exceptions] Fix Exception Auto-populate from Alert actions #159908
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…topopulate-rule-exception-with-highlightedfields
…topopulate-rule-exception-with-highlightedfields
…topopulate-rule-exception-with-highlightedfields
…topopulate-rule-exception-with-highlightedfields
…topopulate-rule-exception-with-highlightedfields
…topopulate-rule-exception-with-highlightedfields
…topopulate-rule-exception-with-highlightedfields
…topopulate-rule-exception-with-highlightedfields
…pointexception-autopopulateAlertActions
…pointexception-autopopulateAlertActions
WafaaNasr
added
release_note:fix
ci:cloud-deploy
…pointexception-autopopulateAlertActions
…pointexception-autopopulateAlertActions
…pointexception-autopopulateAlertActions
…pointexception-autopopulateAlertActions
|
@elasticmachine merge upstream |
yctercero
reviewed
Jun 27, 2023
| @@ -419,6 +419,7 @@ export const EventFiltersForm: React.FC<ArtifactFormComponentProps & { allowSele | |||
| comments: exception?.comments ?? [], | |||
| os_types: exception?.os_types ?? [OperatingSystem.WINDOWS], | |||
| tags: exception?.tags ?? [], | |||
| meta: exception.meta, | |||
There was a problem hiding this comment.
Is this change related to the bug fix or something else you found?
There was a problem hiding this comment.
It is related to the Event Filters component
The component was throwing the below issue, when we updated useEffect with the deps
yctercero
approved these changes
Jun 27, 2023
There was a problem hiding this comment.
Pulled down and tested the fix - it all seems to be working as expected now 👍🏽 We also tested together during an earlier meeting today. Didn't see values resetting to initial state like before.
I do agree with others that it's not our ideal fix, but you had noted this from the beginning and we'd chatted about whether to do a more in depth fix to revisit how we're setting initial state. We're in that post feature freeze time where we want to minimize the surface area we touch on fixes to avoid even more possible side effects. I think there's already things you've identified that could be done to improve the stability and maintainability of the component (and created an issue to track). Hoping we can do this work in 8.10.
gergoabraham
approved these changes
Jun 27, 2023
…pointexception-autopopulateAlertActions
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Module Count
Async chunks
Unknown metric groupsESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: cc @WafaaNasr |
kibanamachine
added
v8.10.0
backport:skip
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
WafaaNasr
added a commit
to WafaaNasr/kibana
that referenced
this pull request
Jun 28, 2023
…rt actions (elastic#159908) ## Summary - Addresses elastic#159784 --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> (cherry picked from commit fdd709b)
WafaaNasr
added a commit
that referenced
this pull request
Jun 28, 2023
…om Alert actions (#159908) (#160731) # Backport This will backport the following commits from `main` to `8.9`: - [[Security Solution] [Exceptions] Fix Exception Auto-populate from Alert actions (#159908)](#159908) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Wafaa Nasr","email":"wafaa.nasr@elastic.co"},"sourceCommit":{"committedDate":"2023-06-28T11:14:19Z","message":"[Security Solution] [Exceptions] Fix Exception Auto-populate from Alert actions (#159908)\n\n## Summary\r\n\r\n- Addresses https://github.com/elastic/kibana/issues/159784\r\n\r\n---------\r\n\r\nCo-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>","sha":"fdd709b02579b05124585b10fa6535d0a90480e2","branchLabelMapping":{"^v8.10.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","backport:skip","8.9 candidate","Team:Detection Engine","v8.10.0"],"number":159908,"url":"https://github.com/elastic/kibana/pull/159908","mergeCommit":{"message":"[Security Solution] [Exceptions] Fix Exception Auto-populate from Alert actions (#159908)\n\n## Summary\r\n\r\n- Addresses https://github.com/elastic/kibana/issues/159784\r\n\r\n---------\r\n\r\nCo-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>","sha":"fdd709b02579b05124585b10fa6535d0a90480e2"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.10.0","labelRegex":"^v8.10.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/159908","number":159908,"mergeCommit":{"message":"[Security Solution] [Exceptions] Fix Exception Auto-populate from Alert actions (#159908)\n\n## Summary\r\n\r\n- Addresses https://github.com/elastic/kibana/issues/159784\r\n\r\n---------\r\n\r\nCo-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>","sha":"fdd709b02579b05124585b10fa6535d0a90480e2"}}]}] BACKPORT-->
| @@ -89,6 +89,7 @@ export const ADD_RULE_EXCEPTION_FROM_ALERT_COMMENT = (alertId: string) => | |||
| 'xpack.securitySolution.ruleExceptions.addExceptionFlyout.addRuleExceptionFromAlertComment', | |||
| { | |||
| values: { alertId }, | |||
| defaultMessage: 'Exception conditions are pre-filled with relevant data from {alertId}.', | |||
| defaultMessage: | |||
| 'Exception conditions are pre-filled with relevant data from alert with "id" {alertId}.', | |||
There was a problem hiding this comment.
@WafaaNasr @yctercero what's the field that stores the alert ID value? Is it the _id field? If it is, here's the revision I suggest:
'Exception conditions are pre-filled with relevant data from an alert with the alert id (_id): {alertId}.',
If you think including the field name is too much or would be confusing, you can remove it, for ex:
'Exception conditions are pre-filled with relevant data from an alert with the alert id: {alertId}.',
There was a problem hiding this comment.
One more note: In the first option, I included the field that stores the alert value in case users need to know what field value pair to query when searching for the alert.
WafaaNasr
added a commit
that referenced
this pull request
Jul 5, 2023
#161092) ## Summary - Addresses Docs team comment #159908 (comment)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jul 5, 2023
elastic#161092) ## Summary - Addresses Docs team comment elastic#159908 (comment) (cherry picked from commit 16528cf)
kibanamachine
added a commit
that referenced
this pull request
Jul 5, 2023
…t` text (#161092) (#161242) # Backport This will backport the following commits from `main` to `8.9`: - [[Security Solution] [Exceptions] Amend `Rule Exception's Comment` text (#161092)](#161092) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Wafaa Nasr","email":"wafaa.nasr@elastic.co"},"sourceCommit":{"committedDate":"2023-07-05T10:44:03Z","message":"[Security Solution] [Exceptions] Amend `Rule Exception's Comment` text (#161092)\n\n## Summary\r\n\r\n- Addresses Docs team comment\r\nhttps://github.com//pull/159908#discussion_r1247964658","sha":"16528cf28994b30642262a018c89c5217c28f884","branchLabelMapping":{"^v8.10.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","backport:prev-minor","v8.9.0","Team:Detection Engine","v8.10.0"],"number":161092,"url":"https://github.com/elastic/kibana/pull/161092","mergeCommit":{"message":"[Security Solution] [Exceptions] Amend `Rule Exception's Comment` text (#161092)\n\n## Summary\r\n\r\n- Addresses Docs team comment\r\nhttps://github.com//pull/159908#discussion_r1247964658","sha":"16528cf28994b30642262a018c89c5217c28f884"}},"sourceBranch":"main","suggestedTargetBranches":["8.9"],"targetPullRequestStates":[{"branch":"8.9","label":"v8.9.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.10.0","labelRegex":"^v8.10.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/161092","number":161092,"mergeCommit":{"message":"[Security Solution] [Exceptions] Amend `Rule Exception's Comment` text (#161092)\n\n## Summary\r\n\r\n- Addresses Docs team comment\r\nhttps://github.com//pull/159908#discussion_r1247964658","sha":"16528cf28994b30642262a018c89c5217c28f884"}}]}] BACKPORT--> Co-authored-by: Wafaa Nasr <wafaa.nasr@elastic.co>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary