Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Detections] Fixes Severity Override not matching for Elastic Endpoint Security rule #74317

Merged
merged 4 commits into from
Aug 5, 2020
Merged

[Security Solution][Detections] Fixes Severity Override not matching for Elastic Endpoint Security rule #74317

merged 4 commits into from
Aug 5, 2020

Conversation

spong
Copy link
Member

@spong spong commented Aug 4, 2020

Summary

Fixes an issue where the Severity Override would not match for the Elastic Endpoint Security rule. This is a temporary fix until we can provide more robust comparisons between the user provided severityMapping.value (string) and the severityMapping.field's type.

Checklist

@spong spong added bug Fixes for quality problems that affect the customer experience Team:SIEM v8.0.0 release_note:skip Skip the PR/issue when compiling release notes v7.10.0 v7.9.0 labels Aug 4, 2020
@spong spong requested review from a team as code owners August 4, 2020 23:06
@spong spong self-assigned this Aug 4, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/siem (Team:SIEM)

FrankHassanabad
FrankHassanabad reviewed Aug 4, 2020
View reviewed changes
x-pack/plugins/security_solution/server/lib/detection_engine/signals/__mocks__/es_results.ts
_id: sampleIdGuid,
_source: {
someKey: 'someValue',
'@timestamp': '2020-04-20T21:27:45+0000',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That doesn't look like a Zulu? It's fine if you want to test other values, just mentioning

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had used a similar mock from above, that's all.

FrankHassanabad
FrankHassanabad reviewed Aug 4, 2020
View reviewed changes
x-pack/plugins/security_solution/server/lib/detection_engine/signals/__mocks__/es_results.ts
@@ -109,6 +109,24 @@ export const sampleDocNoSortId = (
sort: [],
});

export const sampleDocSeverity = (
severity?: Array<string | number | null> | string | number | null
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 looks like you covered your bases of odd ball types that can come up

FrankHassanabad
FrankHassanabad approved these changes Aug 4, 2020
View reviewed changes
Copy link
Contributor

@FrankHassanabad FrankHassanabad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, looks good, some good unit tests and simple enough to handle the majority of the use cases.

I approve this as UFDC approved, United Frank Department of Code approved.

peluja1012
peluja1012 approved these changes Aug 5, 2020
View reviewed changes
Copy link
Contributor

@peluja1012 peluja1012 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the fix!

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Build metrics

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@spong spong merged commit 2280927 into elastic:master Aug 5, 2020
@spong spong deleted the fix-severity-mapping-type-mismatch branch August 5, 2020 01:36
@spong spong mentioned this pull request Aug 5, 2020
Merged
spong added a commit to spong/kibana that referenced this pull request Aug 5, 2020
@spong
[Security Solution][Detections] Fixes Severity Override not matching …
7345e50 
…for Elastic Endpoint Security rule (elastic#74317)

## Summary

Fixes an issue where the `Severity Override` would not match for the `Elastic Endpoint Security` rule. This is a temporary fix until we can provide more robust comparisons between the user provided `severityMapping.value` (string) and the `severityMapping.field`'s type.  

### Checklist

- [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
@spong spong mentioned this pull request Aug 5, 2020
Merged
spong added a commit to spong/kibana that referenced this pull request Aug 5, 2020
@spong
[Security Solution][Detections] Fixes Severity Override not matching …
69f3b27 
…for Elastic Endpoint Security rule (elastic#74317)

## Summary

Fixes an issue where the `Severity Override` would not match for the `Elastic Endpoint Security` rule. This is a temporary fix until we can provide more robust comparisons between the user provided `severityMapping.value` (string) and the `severityMapping.field`'s type.  

### Checklist

- [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
spong added a commit that referenced this pull request Aug 5, 2020
@spong
[Security Solution][Detections] Fixes Severity Override not matching …
1add73a 
…for Elastic Endpoint Security rule (#74317) (#74325)

## Summary

Fixes an issue where the `Severity Override` would not match for the `Elastic Endpoint Security` rule. This is a temporary fix until we can provide more robust comparisons between the user provided `severityMapping.value` (string) and the `severityMapping.field`'s type.  

### Checklist

- [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
spong added a commit that referenced this pull request Aug 5, 2020
@spong
[Security Solution][Detections] Fixes Severity Override not matching …
9ddf9e1 
…for Elastic Endpoint Security rule (#74317) (#74324)

## Summary

Fixes an issue where the `Severity Override` would not match for the `Elastic Endpoint Security` rule. This is a temporary fix until we can provide more robust comparisons between the user provided `severityMapping.value` (string) and the `severityMapping.field`'s type.  

### Checklist

- [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
gmmorris added a commit to gmmorris/kibana that referenced this pull request Aug 5, 2020
@gmmorris
Merge branch 'master' into task-manager/fix-flaky-test
5907ed1 
* master: (74 commits)
  [Discover] Inline noWhiteSpace function (elastic#74331)
  [DOCS] Add Observability topic (elastic#73041)
  skip flaky suite (elastic#74327)
  [Security Solution][Detections] Fixes Severity Override not matching for Elastic Endpoint Security rule (elastic#74317)
  [Security Solution][Exceptions] - Fixes exceptions builder nested deletion issue and adds unit tests (elastic#74250)
  Fixed Alert details does not update page title and breadcrumb (elastic#74214)
  [src/dev/build] build Kibana Platform bundles from source (elastic#73591)
  [Reporting] Shorten asset path to help CLI FS Watcher (elastic#74185)
  Fix TMS not loaded in legacy maps (elastic#73570)
  [Security Solution] styling for notes' panel (elastic#74274)
  [Security Solution][Tech Debt] cleans up ts-ignore issues and some smaller linter issues  (elastic#74268)
  Make the actions plugin support generics (elastic#71439)
  [Security Solution] Keep original note creator (elastic#74203)
  [CI] Fix xpack kibana build dir in xpack visual regression script
  [CI] Fix baseline_capture job by adding parallel process number back
  [Monitoring] Ensure setup mode works on cloud but only for alerts (elastic#73127)
  [Maps] Custom color ramps should show correctly on the map for mvt layers (elastic#74169)
  [kbn/optimizer] remove unused modules (elastic#74195)
  [CI] Add pipeline task queue framework and merge workers into one (elastic#71268)
  Using msearch for tree api endpoint (elastic#73813)
  ...
gmmorris added a commit to gmmorris/kibana that referenced this pull request Aug 5, 2020
@gmmorris
Merge branch 'master' into actions/webhook-remove-header
2b09920 
* master: (115 commits)
  [Logs UI] Correct trial period duration in anomaly splash screen (elastic#74249)
  [Discover] Inline noWhiteSpace function (elastic#74331)
  [DOCS] Add Observability topic (elastic#73041)
  skip flaky suite (elastic#74327)
  [Security Solution][Detections] Fixes Severity Override not matching for Elastic Endpoint Security rule (elastic#74317)
  [Security Solution][Exceptions] - Fixes exceptions builder nested deletion issue and adds unit tests (elastic#74250)
  Fixed Alert details does not update page title and breadcrumb (elastic#74214)
  [src/dev/build] build Kibana Platform bundles from source (elastic#73591)
  [Reporting] Shorten asset path to help CLI FS Watcher (elastic#74185)
  Fix TMS not loaded in legacy maps (elastic#73570)
  [Security Solution] styling for notes' panel (elastic#74274)
  [Security Solution][Tech Debt] cleans up ts-ignore issues and some smaller linter issues  (elastic#74268)
  Make the actions plugin support generics (elastic#71439)
  [Security Solution] Keep original note creator (elastic#74203)
  [CI] Fix xpack kibana build dir in xpack visual regression script
  [CI] Fix baseline_capture job by adding parallel process number back
  [Monitoring] Ensure setup mode works on cloud but only for alerts (elastic#73127)
  [Maps] Custom color ramps should show correctly on the map for mvt layers (elastic#74169)
  [kbn/optimizer] remove unused modules (elastic#74195)
  [CI] Add pipeline task queue framework and merge workers into one (elastic#71268)
  ...
gmmorris added a commit to gmmorris/kibana that referenced this pull request Aug 5, 2020
@gmmorris
Merge branch 'master' into alerting/refresh-on-deletion
2024d25 
* master: (154 commits)
  [ML] Fix initial plugin's bundle size (elastic#74047)
  [Ingest Manager] prevent crash on unhandled rejection from setupIngestManager (elastic#74300)
  [Logs UI] Correct trial period duration in anomaly splash screen (elastic#74249)
  [Discover] Inline noWhiteSpace function (elastic#74331)
  [DOCS] Add Observability topic (elastic#73041)
  skip flaky suite (elastic#74327)
  [Security Solution][Detections] Fixes Severity Override not matching for Elastic Endpoint Security rule (elastic#74317)
  [Security Solution][Exceptions] - Fixes exceptions builder nested deletion issue and adds unit tests (elastic#74250)
  Fixed Alert details does not update page title and breadcrumb (elastic#74214)
  [src/dev/build] build Kibana Platform bundles from source (elastic#73591)
  [Reporting] Shorten asset path to help CLI FS Watcher (elastic#74185)
  Fix TMS not loaded in legacy maps (elastic#73570)
  [Security Solution] styling for notes' panel (elastic#74274)
  [Security Solution][Tech Debt] cleans up ts-ignore issues and some smaller linter issues  (elastic#74268)
  Make the actions plugin support generics (elastic#71439)
  [Security Solution] Keep original note creator (elastic#74203)
  [CI] Fix xpack kibana build dir in xpack visual regression script
  [CI] Fix baseline_capture job by adding parallel process number back
  [Monitoring] Ensure setup mode works on cloud but only for alerts (elastic#73127)
  [Maps] Custom color ramps should show correctly on the map for mvt layers (elastic#74169)
  ...
@MindyRS MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Sep 23, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FrankHassanabad FrankHassanabad FrankHassanabad approved these changes

@peluja1012 peluja1012 peluja1012 approved these changes

Assignees

@spong spong

Labels
bug Fixes for quality problems that affect the customer experience release_note:skip Skip the PR/issue when compiling release notes Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM v7.9.0 v7.10.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@spong @elasticmachine @kibanamachine @peluja1012 @FrankHassanabad @MindyRS