Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution]User able to set History window size to zero under New Term Rule #164525

Closed
ghost opened this issue Aug 23, 2023 · 9 comments
Closed

[Security Solution]User able to set History window size to zero under New Term Rule #164525

ghost opened this issue Aug 23, 2023 · 9 comments
Assignees
@yctercero
Labels
bug Fixes for quality problems that affect the customer experience Feature:Rule Creation Security Solution Detection Rule Creation fixed good first issue low hanging fruit impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team:Detection Engine Security Solution Detection Engine Area Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.

Comments

@ghost
Copy link

ghost commented Aug 23, 2023

Describe the bug:
User able to set History window size to zero under New Term Rule

Kibana/Elasticsearch Stack version
Version: 8.10.0 BC2
Commit: fa3473f
Build: 66107

Browser and Browser OS Version:
Firefox for windows OS
Version: 116.0.3(64-bit)

Elastic Endpoint Version:
v8.10.2

Original install method:
Build summary: https://staging.elastic.co/8.10.0-049269aa/summary-8.10.0.html

Functional Area:
New Term Rule

Initial Setup:

  • None

Steps to reproduce

  • Navigate to Rule page and create rule
  • fill in the required details of step 1
  • set zero minutes as history window size ( you can also set zero days and seconds too)
  • Observed that user is able to set the size to Zero which is incorrect

Additional Observation

  • User is not able to save the Rule with zero minutes/day/second in history window size

Current behavior

  • History window size field can be set to zero minutes/days/second

Expected behavior:

  • History window size field should not be set to zero minutes/days/second

Screen-cast:
image

Create.new.rule.-.Kibana.Mozilla.Firefox.2023-08-23.11-46-23.mp4

Errors in browser console:
N/A

Any additional context (logs, chat logs, magical formulas, etc.):

N/A
@ghost ghost added bug Fixes for quality problems that affect the customer experience triage_needed Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Aug 23, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@ghost ghost added the impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. label Aug 23, 2023
@ghost
Copy link
Author

ghost commented Aug 23, 2023

@amolnater-qasource please review

@amolnater-qasource
Copy link

Reviewed & assigned to @MadameSheema

@MadameSheema MadameSheema added Team:Detection Engine Security Solution Detection Engine Area Team:Detections and Resp Security Detection Response Team labels Aug 23, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@MadameSheema
Copy link
Member

@karanbirsingh-qasource can the same issue be replicated on 8.9.x? Thanks!

@ghost
Copy link
Author

ghost commented Aug 23, 2023

yes @MadameSheema there also it is occuring.

8.9.1

image

@yctercero
Copy link
Contributor

Hey team! I think it's ok to add this to the backlog for the moment being. For now the user is still blocked from creating the rule so they won't be saving a bad state.

@yctercero yctercero added good first issue low hanging fruit and removed triage_needed labels Aug 28, 2023
@yctercero yctercero removed their assignment Jun 5, 2024
@yctercero yctercero added the Feature:Rule Creation Security Solution Detection Rule Creation label Jun 5, 2024
@pborgonovi pborgonovi added impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. and removed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. labels Jul 30, 2024
@pborgonovi
Copy link

Validated on latest BC 8.15:

User is able to get passed step 1 with History Window Size == 0:

image

However, the user gets an error if tries to save the rule with the given params:

image

@yctercero I'm downgrading the impact to low and keeping this one opened so we can discuss if we should have a validation on Window Size field and not allow the users to proceed with invalid values.

@yctercero yctercero mentioned this issue Aug 22, 2024
Merged
6 tasks
@yctercero yctercero self-assigned this Sep 28, 2024
yctercero added a commit that referenced this issue Oct 4, 2024
@yctercero
[Detection Engine] add validation for new terms history window (#191038)
6001786 
## Summary

Addresses #164525
@yctercero yctercero added the fixed label Oct 4, 2024
kibanamachine pushed a commit to kibanamachine/kibana that referenced this issue Oct 4, 2024
@yctercero
[Detection Engine] add validation for new terms history window (elast…
f38d1da 
…ic#191038)

## Summary

Addresses elastic#164525

(cherry picked from commit 6001786)
kibanamachine pushed a commit to kibanamachine/kibana that referenced this issue Oct 4, 2024
@yctercero
[Detection Engine] add validation for new terms history window (elast…
768d4f8 
…ic#191038)

## Summary

Addresses elastic#164525

(cherry picked from commit 6001786)
jbudz pushed a commit to jbudz/kibana that referenced this issue Oct 4, 2024
@yctercero @jbudz
[Detection Engine] add validation for new terms history window (elast…
ad8334b 
…ic#191038)

## Summary

Addresses elastic#164525
tiansivive pushed a commit to tiansivive/kibana that referenced this issue Oct 7, 2024
@yctercero @tiansivive
[Detection Engine] add validation for new terms history window (elast…
ba8ae8d 
…ic#191038)

## Summary

Addresses elastic#164525
tiansivive pushed a commit to tiansivive/kibana that referenced this issue Oct 7, 2024
@yctercero @tiansivive
[Detection Engine] add validation for new terms history window (elast…
a264c46 
…ic#191038)

## Summary

Addresses elastic#164525
@arvindersingh-qasource
Copy link

Hi @yctercero

Thanks for the updates.

We have validated this ticket on latest kibana v8.16.0 snapshot build and found that this issue is now fixed.

Please find the below observations

VERSION: 8.16.0
BUILD: 78938
COMMIT: 7b832691e8b07c67b411da95b0398a04711da864

Observations

  • Error History window size must be greater than 0. is visible as soon as user enters 0 as value under History Window Size field.

Image

Hence, we are closing this ticket as QA Approved.

Thanks.

@arvindersingh-qasource arvindersingh-qasource added the QA:Validated Issue has been validated by QA label Oct 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yctercero yctercero

Labels
bug Fixes for quality problems that affect the customer experience Feature:Rule Creation Security Solution Detection Rule Creation fixed good first issue low hanging fruit impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team:Detection Engine Security Solution Detection Engine Area Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Projects
Security Bug Audit
Status: Done
Milestone
No milestone
Development

No branches or pull requests
6 participants
@yctercero @elasticmachine @MadameSheema @amolnater-qasource @arvindersingh-qasource @pborgonovi