-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution][Detection Engine] Fixes critical bug with the same index being passed in #79949
Conversation
Pinging @elastic/siem (Team:SIEM) |
item: Entry, | ||
itemIndex: number | ||
): FormattedEntry => { | ||
const { fields } = indexPattern; | ||
const { fields: threatFields } = threatIndexPatterns; | ||
const field = item.field; | ||
const threatField = item.value; | ||
const [foundField] = fields.filter(({ name }) => field != null && field === name); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could these be memoized? My only hesitance with memoizing would be that it may just run on every render regardless because the hook doesn't do a deep equal to my understanding.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is in the callingReact Component which I think is what we want rather than in the pure functions.
const entries = useMemo(
(): FormattedEntry[] =>
indexPattern != null && listItem.entries.length > 0
? getFormattedEntries(indexPattern, threatIndexPatterns, listItem.entries)
: [],
[listItem.entries, indexPattern, threatIndexPatterns]
);
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! 🟢 ✅ Just added a super nit comment, not needing addressing here.
## Summary If you had two different index patterns for threat and your query I was previously sending the same pattern in for both which was causing drop down boxes for threat match to null things out. Now, I set the two different indexes correctly. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
## Summary If you had two different index patterns for threat and your query I was previously sending the same pattern in for both which was causing drop down boxes for threat match to null things out. Now, I set the two different indexes correctly. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
## Summary If you had two different index patterns for threat and your query I was previously sending the same pattern in for both which was causing drop down boxes for threat match to null things out. Now, I set the two different indexes correctly. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
* master: (217 commits) Fix dashboard "snapshot share" is not sharing panel state in view mode (elastic#79837) fix can't edit a scripted field with special char (elastic#79842) [ML] clear selection action (elastic#79834) [TSVB] Show tooltip on external pointer events (elastic#77306) Fixes bug where the same index was being passed in (elastic#79949) Adds date time query and return fields for timestamps and overrides (elastic#79911) [Security Solution][Detections] Reverts rules table tag filter to use AND operator (elastic#79920) add the correct class to truncate the names (elastic#79921) [kbn/optimizer] report limits with ci metrics (elastic#78205) [release notes] extract "dev docs" comment too (elastic#79351) Revert "skips test failing promotion (elastic#79777)" (elastic#79904) share tslib across bundles (elastic#79915) remove entire suite as partial skips aren't doing the trick skip flaky suite (elastic#78689) Skip failing suite (elastic#79522) skip flaky suite (elastic#79910) [es/mappings] remove doc_values from text fields (elastic#79869) remove skipped snapshots skip flaky tests (elastic#79891) chore(NA): add missing branches into backportrc configuration file (elastic#79848) ...
Pinging @elastic/security-solution (Team: SecuritySolution) |
Summary
If you had two different index patterns for threat and your query I was previously sending the same pattern in for both which was causing drop down boxes for threat match to null things out. Now, I set the two different indexes correctly.
Checklist