Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Show count field on Rule details page for threshold rules #161576

Open
Tracked by #174168
vitaliidm opened this issue Jul 10, 2023 · 7 comments
Open
Tracked by #174168

[Security Solution] Show count field on Rule details page for threshold rules #161576

vitaliidm opened this issue Jul 10, 2023 · 7 comments
Assignees
@nikitaindik
Labels
8.17 candidate bug Fixes for quality problems that affect the customer experience enhancement New value added to drive a business result Feature:Rule Details Security Solution Detection Rule Details Feature:Threshold Rule Security Solution Threshold Rule feature sdh-linked Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.

Comments

@vitaliidm
Copy link
Contributor

vitaliidm commented Jul 10, 2023
edited
Loading

Describe the bug:

Threshold's rule count field is not displaying on Rule details page

Kibana/Elasticsearch Stack version:
Every version

Steps to reproduce:

  1. Create threshold rule with Count field populated
  2. Open rule details, field count is not displayed

Current behavior:
Threshold's rule count field is not displaying on Rule details page

Expected behavior:

Threshold's rule count field should be displayed on Rule details page

Screenshots (if relevant):

Edit page

Screenshot 2023-07-10 at 17 59 52

Details page

Screenshot 2023-07-10 at 18 00 05

Any additional context (logs, chat logs, magical formulas, etc.):

Function that displays threshold configuration, doesn't process threshold.cardinality property, only threshold.value and threshold.field properties from threshold object configuration

    "threshold": {
        "field": [
            "event.type"
        ],
        "value": 10,
        "cardinality": [
            {
                "field": "network.bytes",
                "value": 1000
            }
       ]
}

https://github.com/elastic/kibana/blob/8.8/x-pack/plugins/security_solution/public/detections/components/rules/description_step/helpers.tsx#L420-L433
@vitaliidm vitaliidm added bug Fixes for quality problems that affect the customer experience triage_needed Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Jul 10, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@vitaliidm vitaliidm added Feature:Threshold Rule Security Solution Threshold Rule feature Feature:Rule Details Security Solution Detection Rule Details Team:Detection Rule Management Security Detection Rule Management Team sdh-linked labels Jul 10, 2023
@banderror banderror self-assigned this Jul 10, 2023
@banderror banderror added enhancement New value added to drive a business result Team:Detections and Resp Security Detection Response Team and removed bug Fixes for quality problems that affect the customer experience triage_needed labels Jul 20, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@banderror banderror removed their assignment Jul 20, 2023
@banderror
Copy link
Contributor

For anyone who's tracking this issue: at the moment, this issue is being tracked by the team, but unfortunately due to lack of capacity and other priorities it’s not being considered for development in the near future. We will consider revisiting this in a few months, and hopefully, we'll fix it in one of the next stack releases.

@shayfeld
Copy link

shayfeld commented Apr 5, 2024

Hi @banderror @vitaliidm ,
Would you be able to provide any update on this case?
As my SOC operation has been waiting for a long time.

@banderror
Copy link
Contributor

@shayfeld No update on this one, unfortunately. Our team is working on a large new feature a lot of users have been waiting for a long time + a few other things we cannot deprioritize for other reasons. No capacity for this in 8.14. I'll add an 8.15 label and try to squeeze it in.

But I hope the large feature we're working on -- customizing prebuilt rules -- is something you might find useful as well. Public issue for tracking: #174168.

@shayfeld
Copy link

@banderror , Do you think the feature will be released on 8.17 and not delayed?

@banderror
Copy link
Contributor

@shayfeld There is a chance that we will have some freed up resources to work on that closer to the end of this year. I'm keeping this ticket in our mid-term plan, but we haven't yet committed to fix this bug in a specific version.

@banderror banderror mentioned this issue Sep 20, 2024
Open
@banderror banderror added the bug Fixes for quality problems that affect the customer experience label Sep 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nikitaindik nikitaindik

Labels
8.17 candidate bug Fixes for quality problems that affect the customer experience enhancement New value added to drive a business result Feature:Rule Details Security Solution Detection Rule Details Feature:Threshold Rule Security Solution Threshold Rule feature sdh-linked Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@banderror @elasticmachine @nikitaindik @shayfeld @vitaliidm