Skip to content

[Security Solution][Fix]-Issue with disabled dataProvider#140735

Merged
logeekal merged 12 commits intoelastic:mainfrom
logeekal:fix/combine_query_with_disabled_dp
Sep 22, 2022
Merged

[Security Solution][Fix]-Issue with disabled dataProvider#140735
logeekal merged 12 commits intoelastic:mainfrom
logeekal:fix/combine_query_with_disabled_dp

Conversation

@logeekal
Copy link
Copy Markdown
Contributor

@logeekal logeekal commented Sep 14, 2022
edited by kibanamachine
Loading

Summary

Fixes : #129958

When the data provider was disabled, the final query getting created is not syntactically correct and throws a syntax error as show in the screenshot below:

Checklist

Delete any items that are not applicable to this PR.

For maintainers

@logeekal logeekal added release_note:skip Skip the PR/issue when compiling release notes Team:Threat Hunting:Investigations Security Solution Threat Hunting Investigations Team backport:prev-minor labels Sep 14, 2022
@logeekal
Copy link
Copy Markdown
Contributor Author

logeekal commented Sep 15, 2022

Files by Code Owner

elastic/security-solution

  • x-pack/plugins/security_solution/public/common/components/top_n/index.tsx
  • x-pack/plugins/security_solution/public/common/lib/keury/index.ts
  • x-pack/plugins/security_solution/public/detections/components/alerts_table/index.tsx
  • x-pack/plugins/security_solution/public/timelines/components/flyout/header/index.tsx
  • x-pack/plugins/security_solution/public/timelines/components/timeline/helpers.test.tsx
  • x-pack/plugins/security_solution/public/timelines/components/timeline/helpers.tsx
  • x-pack/plugins/security_solution/public/timelines/components/timeline/query_tab_content/index.test.tsx
  • x-pack/plugins/security_solution/public/timelines/components/timeline/query_tab_content/index.tsx

elastic/security-threat-hunting-explore

  • x-pack/plugins/security_solution/public/common/components/top_n/index.tsx

elastic/security-threat-hunting-investigations

  • x-pack/plugins/security_solution/public/detections/components/alerts_table/index.tsx
  • x-pack/plugins/security_solution/public/timelines/components/flyout/header/index.tsx
  • x-pack/plugins/security_solution/public/timelines/components/timeline/helpers.test.tsx
  • x-pack/plugins/security_solution/public/timelines/components/timeline/helpers.tsx
  • x-pack/plugins/security_solution/public/timelines/components/timeline/query_tab_content/index.test.tsx
  • x-pack/plugins/security_solution/public/timelines/components/timeline/query_tab_content/index.tsx
  • x-pack/plugins/timelines/public/components/t_grid/helpers.test.tsx
  • x-pack/plugins/timelines/public/components/t_grid/helpers.tsx
  • x-pack/plugins/timelines/public/index.ts

@logeekal logeekal marked this pull request as ready for review September 15, 2022 12:49
@logeekal logeekal requested review from a team as code owners September 15, 2022 12:49
jamster10
jamster10 approved these changes Sep 15, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@jamster10 jamster10 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good on Explore side 👌

@logeekal logeekal requested a review from a team September 19, 2022 11:03
@logeekal logeekal requested review from a team as code owners September 19, 2022 11:03
@logeekal logeekal requested a review from maximpn September 19, 2022 11:03
@logeekal
Copy link
Copy Markdown
Contributor Author

logeekal commented Sep 19, 2022

Files by Code Owner

elastic/awp-viz

  • x-pack/plugins/security_solution/public/kubernetes/pages/index.tsx

elastic/security-detections-response-alerts

  • x-pack/plugins/security_solution/public/detections/components/rules/rule_preview/use_preview_histogram.tsx

elastic/security-detections-response-rules

  • x-pack/plugins/security_solution/public/detections/components/rules/query_bar/index.tsx
  • x-pack/plugins/security_solution/public/detections/components/rules/rule_preview/use_preview_histogram.tsx
  • x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/utils.ts

elastic/security-solution

  • x-pack/plugins/security_solution/public/common/components/top_n/index.tsx
  • x-pack/plugins/security_solution/public/common/lib/kuery/index.ts
  • x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx
  • x-pack/plugins/security_solution/public/detections/components/alerts_table/index.tsx
  • x-pack/plugins/security_solution/public/detections/components/rules/query_bar/index.tsx
  • x-pack/plugins/security_solution/public/detections/components/rules/rule_preview/use_preview_histogram.tsx
  • x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/utils.ts
  • x-pack/plugins/security_solution/public/hosts/pages/details/helpers.ts
  • x-pack/plugins/security_solution/public/hosts/pages/details/index.tsx
  • x-pack/plugins/security_solution/public/hosts/pages/hosts.tsx
  • x-pack/plugins/security_solution/public/kubernetes/pages/index.tsx
  • x-pack/plugins/security_solution/public/network/pages/details/index.tsx
  • x-pack/plugins/security_solution/public/network/pages/network.tsx
  • x-pack/plugins/security_solution/public/overview/components/event_counts/index.tsx
  • x-pack/plugins/security_solution/public/overview/components/events_by_dataset/index.tsx
  • x-pack/plugins/security_solution/public/timelines/components/flyout/header/index.tsx
  • x-pack/plugins/security_solution/public/timelines/components/side_panel/network_details/expandable_network.tsx
  • x-pack/plugins/security_solution/public/timelines/components/timeline/helpers.test.tsx
  • x-pack/plugins/security_solution/public/timelines/components/timeline/helpers.tsx
  • x-pack/plugins/security_solution/public/timelines/components/timeline/query_bar/index.test.tsx
  • x-pack/plugins/security_solution/public/timelines/components/timeline/query_bar/index.tsx
  • x-pack/plugins/security_solution/public/timelines/components/timeline/query_tab_content/index.test.tsx
  • x-pack/plugins/security_solution/public/timelines/components/timeline/query_tab_content/index.tsx
  • x-pack/plugins/security_solution/public/users/pages/details/index.tsx
  • x-pack/plugins/security_solution/public/users/pages/users.tsx

elastic/security-threat-hunting-explore

  • x-pack/plugins/security_solution/public/common/components/top_n/index.tsx
  • x-pack/plugins/security_solution/public/hosts/pages/details/helpers.ts
  • x-pack/plugins/security_solution/public/hosts/pages/details/index.tsx
  • x-pack/plugins/security_solution/public/hosts/pages/hosts.tsx
  • x-pack/plugins/security_solution/public/network/pages/details/index.tsx
  • x-pack/plugins/security_solution/public/network/pages/network.tsx
  • x-pack/plugins/security_solution/public/overview/components/event_counts/index.tsx
  • x-pack/plugins/security_solution/public/overview/components/events_by_dataset/index.tsx
  • x-pack/plugins/security_solution/public/users/pages/details/index.tsx
  • x-pack/plugins/security_solution/public/users/pages/users.tsx

elastic/security-threat-hunting-investigations

  • x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx
  • x-pack/plugins/security_solution/public/detections/components/alerts_table/index.tsx
  • x-pack/plugins/security_solution/public/timelines/components/flyout/header/index.tsx
  • x-pack/plugins/security_solution/public/timelines/components/side_panel/network_details/expandable_network.tsx
  • x-pack/plugins/security_solution/public/timelines/components/timeline/helpers.test.tsx
  • x-pack/plugins/security_solution/public/timelines/components/timeline/helpers.tsx
  • x-pack/plugins/security_solution/public/timelines/components/timeline/query_bar/index.test.tsx
  • x-pack/plugins/security_solution/public/timelines/components/timeline/query_bar/index.tsx
  • x-pack/plugins/security_solution/public/timelines/components/timeline/query_tab_content/index.test.tsx
  • x-pack/plugins/security_solution/public/timelines/components/timeline/query_tab_content/index.tsx
  • x-pack/plugins/timelines/public/components/t_grid/helpers.test.tsx
  • x-pack/plugins/timelines/public/components/t_grid/helpers.tsx
  • x-pack/plugins/timelines/public/index.ts

marshallmain
marshallmain approved these changes Sep 19, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@marshallmain marshallmain left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alerts area changes LGTM, only a couple files changed 👍

opauloh
opauloh approved these changes Sep 19, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@opauloh opauloh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

awp lgtm

maximpn
maximpn approved these changes Sep 22, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@maximpn maximpn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rules Area LGTM, there are just minor changes

@logeekal logeekal enabled auto-merge (squash) September 22, 2022 08:57
@kibana-ci
Copy link
Copy Markdown

kibana-ci commented Sep 22, 2022

💚 Build Succeeded

Metrics [docs]

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id before after diff
timelines 344 346 +2

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 6.6MB 6.6MB -970.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
timelines 268.9KB 268.7KB -180.0B
Unknown metric groups

API count

id before after diff
timelines 450 452 +2

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

michaelolo24
michaelolo24 approved these changes Sep 22, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@michaelolo24 michaelolo24 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for making the changes! LGTM 🚀

@logeekal logeekal merged commit ec1fe0a into elastic:main Sep 22, 2022
@kibanamachine kibanamachine mentioned this pull request Sep 22, 2022
Merged
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Sep 22, 2022
@logeekal
[Security Solution][Fix]-Issue with disabled dataProvider (elastic#14…
ad12f99 
…0735)

Fixes : elastic#129958

When the data provider was disabled, the final query getting created is not syntactically correct and throws a syntax error as show in the screenshot below:

![](https://user-images.githubusercontent.com/2946766/162839613-88320f35-ec0d-4df3-aa66-167593ef4955.png)

(cherry picked from commit ec1fe0a)
@kibanamachine
Copy link
Copy Markdown
Contributor

kibanamachine commented Sep 22, 2022

💚 All backports created successfully

Status Branch Result
8.5

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

jloleysens added a commit to jloleysens/kibana that referenced this pull request Sep 22, 2022
@jloleysens
Merge branch 'main' into files-upload-use-self-destruct-flag
f178af8 
* main: (33 commits)
  Fix Next and Previous button on step screenshot carousel. (elastic#141422)
  [journeys] add a short delay after loading data (elastic#141437)
  skip failing test suite (elastic#140797)
  skip failing test suite (elastic#138776)
  Documents saved objects bulk delete API (elastic#141164)
  [Response Ops][Alerting] Defining default action params on connector type (elastic#141226)
  [ML] Explain Log Rate Spikes: Adds jest tests for query_utils/buildBaseFilterCriteria. (elastic#141213)
  [APM] Fix search bar suggestions (elastic#141101)
  close popover on click (elastic#141272)
  [Fleet] Update to use savedObjects bulkDelete for package policy delete (elastic#141276)
  [Security Solution][Endpoint][Response Actions] Do fuzzy search on given usernames for Actions Log (elastic#141239)
  [Graph] Fix guidance panel appearing for a moment when saving Graph (elastic#141228)
  [Fleet] Add experimental data stream features support to simplified package policy API (elastic#141288)
  Shameless copy of the retryTransientEsErrors from fleet (elastic#141246)
  [Security Solution][Fix]-Issue with disabled dataProvider (elastic#140735)
  Changing triggers actions ui routes to internal (elastic#141149)
  skip flaky test suit elastic#141356
  [SharedUX] Removing TODOs from KibanaPageTemplate (elastic#141043)
  [dashboard controls] skip failing test on cloud (elastic#141291)
  [Synthetics] unskip edit_monitor api integration tests (elastic#141277)
  ...
kibanamachine added a commit that referenced this pull request Sep 22, 2022
@kibanamachine @logeekal
[Security Solution][Fix]-Issue with disabled dataProvider (#140735) (#…
ba9f3a0 
…141424)

Fixes : #129958

When the data provider was disabled, the final query getting created is not syntactically correct and throws a syntax error as show in the screenshot below:

![](https://user-images.githubusercontent.com/2946766/162839613-88320f35-ec0d-4df3-aa66-167593ef4955.png)

(cherry picked from commit ec1fe0a)

Co-authored-by: Jatin Kathuria <jatin.kathuria@elastic.co>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@maximpn maximpn maximpn approved these changes

@michaelolo24 michaelolo24 michaelolo24 approved these changes

@opauloh opauloh opauloh approved these changes

@marshallmain marshallmain marshallmain approved these changes

+2 more reviewers

@xcrzx xcrzx xcrzx approved these changes

@jamster10 jamster10 jamster10 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

release_note:skip Skip the PR/issue when compiling release notes Team:Threat Hunting:Investigations Security Solution Threat Hunting Investigations Team v8.5.0 v8.6.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Security Solution][Timeline Templates] KQLSyntaxError when Template Field is not present on Alert document

9 participants

@logeekal @kibana-ci @kibanamachine @xcrzx @maximpn @michaelolo24 @opauloh @jamster10 @marshallmain