Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Detections] Leading or trailing whitespace in exception entries is trimmed for display #83645

Closed
marshallmain opened this issue Nov 18, 2020 · 3 comments
Closed

[Security Solution][Detections] Leading or trailing whitespace in exception entries is trimmed for display #83645

marshallmain opened this issue Nov 18, 2020 · 3 comments
Assignees
@WafaaNasr
Labels
bug Fixes for quality problems that affect the customer experience Feature:Rule Exceptions Security Solution Rule Exceptions feature good first issue low hanging fruit impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. sdh-linked Team:Detections and Resp Security Detection Response Team Team:Security Solution Platform Security Solution Platform Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.

Comments

@marshallmain
Copy link
Contributor

marshallmain commented Nov 18, 2020
edited
Loading

Kibana version:
7.9.0

Describe the bug:
Exception entries with leading or trailing whitespace trim the whitespace when displayed in the UI, even though the whitespace is included in the entry in the backend and therefore also included in queries built from the exception entry. This makes it so the exception entry that executes can be different from what appears in the UI.

Steps to reproduce:

  1. Create an exception entry for a rule with trailing whitespace in the exception value e.g.
{
  "field": "rule.name",
  "type": "match_any",
  "value": [
    "PowerShell with Unusual Arguments   "
  ],
  "operator": "included"
}
  1. Observe that the UI reports the value as "PowerShell with Unusual Arguments" but the exception only filters documents that have "PowerShell with Unusual Arguments "

Expected behavior:
The UI should display the leading or trailing whitespace as well, or perhaps a warning if there is whitespace that isn't being displayed (newlines or invisible characters might be tricky to display).

Any additional context:
https://github.com/elastic/sdh-security-team/issues/53
@yctercero yctercero self-assigned this Nov 18, 2020
@yctercero yctercero added bug Fixes for quality problems that affect the customer experience Team:Detections and Resp Security Detection Response Team v7.11.0 labels Nov 18, 2020
@peluja1012 peluja1012 added Feature:Rule Exceptions Security Solution Rule Exceptions feature impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Nov 18, 2020
@peluja1012 peluja1012 added sdh-linked Team:Detection Alerts Security Detection Alerts Area Team labels Sep 15, 2021
@rylnd rylnd assigned qcorporation and unassigned yctercero Sep 30, 2021
@rylnd
Copy link
Contributor

rylnd commented Sep 30, 2021

@yctercero I'm assigning this to @qcorporation as an opportunity for new team members to get familiar with our processes.

@rylnd
Copy link
Contributor

rylnd commented Nov 9, 2021

Unassigning as the AWP team ended up working on other bugs during their onboarding.

@marshallmain marshallmain mentioned this issue Mar 29, 2022
Closed
@marshallmain marshallmain added Team:Security Solution Platform Security Solution Platform Team and removed Team:Detection Alerts Security Detection Alerts Area Team labels Apr 14, 2022
@yctercero yctercero added the good first issue low hanging fruit label Jul 8, 2022
@WafaaNasr WafaaNasr self-assigned this Aug 15, 2022
@WafaaNasr WafaaNasr mentioned this issue Aug 16, 2022
Closed
2 tasks
@WafaaNasr WafaaNasr mentioned this issue Aug 29, 2022
Merged
2 tasks
@peluja1012
Copy link
Contributor

Fixed by #139617

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@WafaaNasr WafaaNasr

Labels
bug Fixes for quality problems that affect the customer experience Feature:Rule Exceptions Security Solution Rule Exceptions feature good first issue low hanging fruit impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. sdh-linked Team:Detections and Resp Security Detection Response Team Team:Security Solution Platform Security Solution Platform Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@peluja1012 @rylnd @qcorporation @yctercero @WafaaNasr @MadameSheema @marshallmain