Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Error Unable to load page is shown for Rules Page after updating Rules. #180120

Closed
Tracked by #174168
arvindersingh-qasource opened this issue Apr 5, 2024 · 11 comments
Closed
Tracked by #174168

[Security Solution] Error Unable to load page is shown for Rules Page after updating Rules. #180120

arvindersingh-qasource opened this issue Apr 5, 2024 · 11 comments
Labels
8.14 candidate bug Fixes for quality problems that affect the customer experience Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.

Comments

@arvindersingh-qasource
Copy link

Describe the bug
Error Unable to load page is shown for Rules Page after updating Rules.

Build Details

VERSION: 8.14.0
BUILD: 72921
COMMIT: bb0c42ecf30619020aa7a411bc9ecd72e0594b08

Browser Details
This issue is occurring on all browsers.

Preconditions

  1. Kibana v8.14 must be available.
  2. Elastic Rule must be Loaded.
  3. Few Rules update must be available.

Steps to Reproduce

  1. Navigate to Security -> Rule Updates
  2. Click on Update All button to update rules.
  3. Wait for rules to update successfully.
  4. NAvigate to some other tab ( here : Alerts)
  5. Navigate to Rules -> Detection Rules (SIEM).
  6. Observe that there will be an error shown on page Unable to load page

Actual Result
Error Unable to load page is shown for Rules Page after updating Rules.

Expected Result
No Error should be shown for Rules Page after updating Rules and Rules page must be loaded completely.

What's Working

  • User is able to view Rules page again after a Browser Refresh.

What's Not Working

  • N/A

Screen Recording

Detection.rules.SIEM.-.Kibana.-.Google.Chrome.2024-04-05.13-44-00.mp4
@arvindersingh-qasource arvindersingh-qasource added bug Fixes for quality problems that affect the customer experience triage_needed impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.14.0 labels Apr 5, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@arvindersingh-qasource
Copy link
Author

@karanbirsingh-qasource Please review this ticket,

Thanks.

@sukhwindersingh-qasource
Copy link

Reviewed and assigned to @MadameSheema
Thanks!

@sukhwindersingh-qasource sukhwindersingh-qasource assigned MadameSheema and unassigned ghost Apr 5, 2024
@MadameSheema MadameSheema added the Team:Detection Rule Management Security Detection Rule Management Team label Apr 5, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

@xcrzx
Copy link
Contributor

xcrzx commented Apr 5, 2024
edited
Loading

@arvindersingh-qasource While I'm trying to reproduce the issue, it would immensely help if you provide additional info

  • Can you send the error details (the show details button)?
  • Also, are there any failing network requests in the network tab?
  • Does page reload help or does the issue persist? Okay, I see it helps

@xcrzx
Copy link
Contributor

xcrzx commented Apr 5, 2024

@arvindersingh-qasource Also, what is the Prebuilt Security Detection Rules package version you are updating to?

I tried locally to upgrade rules from 8.13.2 to 8.13.3, no issues.

@banderror
Copy link
Contributor

banderror commented Apr 5, 2024
edited
Loading

@arvindersingh-qasource It would also help if you could, please:

  • Before you click Update All, fetch all detection rules using the following query and share the result in a installed-rules.json file:

    GET .kibana_alerting_cases/_search
{
  "query": {
    "bool": {
      "filter": [
        { "term": { "type": "alert" } },
        { "term": { "alert.consumer": "siem" } }
      ]
    }
  }
}

  • Before you click Update All, fetch all prebuilt rule assets from the Prebuilt Security Detection Rules package using the following query and share the result in a rule-assets.json file:

    GET .kibana_security_solution/_search
{
  "query": {
    "bool": {
      "filter": [
        { "term": { "type": "security-rule" } }
      ]
    }
  }
}

  • Tell us the version of the currently installed Fleet package containing prebuilt rule assets. Open Management -> Integrations -> Prebuilt Security Detection Rules -> Settings and share with us Installed version and Latest version.

  • Record and share a HAR file that would capture all HTTP requests happened during the time of reproducing the issue.

  • Prior to upgrading prebuilt rules, did you upgrade Kibana to 8.14.0 from an older version? If yes, what version was it? Do you know what was the version of the Prebuilt Security Detection Rules package when you were on that older version of Kibana?

@arvindersingh-qasource
Copy link
Author

Hi @banderror and @xcrzx

Thanks for looking into this ticket.

Please find the required details as below

Before you click Update All, fetch all detection rules using the following query and share the result in a installed-rules.json file:

Before you click Update All, fetch all prebuilt rule assets from the Prebuilt Security Detection Rules package using the following query and share the result in a rule-assets.json file:

Tell us the version of the currently installed Fleet package containing prebuilt rule assets. Open Management -> Integrations -> Prebuilt Security Detection Rules -> Settings and share with us Installed version and Latest version.

image

Record and share a HAR file that would capture all HTTP requests happened during the time of reproducing the issue.

Prior to upgrading prebuilt rules, did you upgrade Kibana to 8.14.0 from an older version? If yes, what version was it? Do you know what was the version of the Prebuilt Security Detection Rules package when you were on that older version of Kibana?

  • First I have seen this bug on Kibana v8.14.0-Snapshot 72921 build, and then to revalidate the steps I have deployed v8.11.0 build and Upgrade it to v8.13.2 build to have Pending Rule Updates.
  • Prebuilt Security Detection Rules package version on that older version of Kibana was 8.11.12

Please let me know if anything else is required from our end.

Thanks.

@banderror banderror added Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules 8.14 candidate and removed triage_needed v8.14.0 labels Apr 15, 2024
@banderror banderror mentioned this issue Apr 15, 2024
Open
@banderror banderror removed their assignment Apr 15, 2024
@xcrzx
Copy link
Contributor

xcrzx commented Apr 18, 2024
edited
Loading

  • First I have seen this bug on Kibana v8.14.0-Snapshot 72921 build, and then to revalidate the steps I have deployed v8.11.0 build and Upgrade it to v8.13.2 build to have Pending Rule Updates.

@arvindersingh-qasource, could you please provide the exact steps you followed to reproduce the error? I set up a staging cloud with Kibana v8.11.0, installed all prebuilt rules, upgraded the cloud instance to Kibana v8.13.2, and then upgraded all prebuilt rules without any issues. I also tried upgrading from v8.11.0 to v8.14.0 a couple of times, but the upgrade hung in the Cloud admin for half an hour and then failed.

We also need error details to investigate the issue further, I asked for them in my first message.

@arvindersingh-qasource
Copy link
Author

Hi @xcrzx

Thanks for looking into this.

We have revalidated this issue on latest kibana v8.14.0 build and found that issue not reproducible and functionality is working fine.

###Pease find the below observations

Build Details

VERSION: 8.14.0
BUILD: 73520
COMMIT: c1513cd7e5a00eab209ba02d30cafd6945d75470

Observations

  • No Error shown for Rules Page after updating Rules and Rules page must be loaded completely.
Detection.rules.SIEM.-.Kibana.-.Google.Chrome.2024-04-22.14-36-15.mp4

Hence, we are closing this ticket for now and will reopen if we encounter the same issue again.

Thanks.

@arvindersingh-qasource arvindersingh-qasource added the QA:Validated Issue has been validated by QA label Apr 22, 2024
@banderror banderror closed this as not planned Won't fix, can't repro, duplicate, stale Apr 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
8.14 candidate bug Fixes for quality problems that affect the customer experience Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@xcrzx @banderror @elasticmachine @MadameSheema @arvindersingh-qasource @sukhwindersingh-qasource