[8.14] [Security Solution] action not allowed (405) is shown for Duplicating Shared Exception Lists (#177814) (#178674)#181738
Merged
e40pud merged 1 commit intoelastic:8.14from Apr 25, 2024
Conversation
… Shared Exception Lists (elastic#177814) (elastic#178674) ## Summary Addresses elastic#177814 This PR fixes the issue where user is able to import Endpoint lists. Right now endpoint lists (with `endpoint_trusted_apps`, `endpoint_event_filters`, `endpoint_host_isolation_exceptions` or `endpoint_blocklists` id) are not allowed to be imported. [Here we check](https://github.com/elastic/kibana/blob/main/x-pack/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_import_handler.ts#L17) lists and throw an exception if user tries to import one of the mentioned lists. However, it is possible to import container endpoint lists with `endpoint_list` id. This leads to the issue that user can import such a list with the newly generated ID and thus we will treat it as a detection engine list. Since the type of the list is still says `endpoint` we would not allow to duplicate such a list later [here](https://github.com/elastic/kibana/blob/main/x-pack/plugins/lists/server/services/exception_lists/duplicate_exception_list.ts#L46). To fix the issue, I added addition list id check to prevent users from importing lists with the `endpoint_list` id. **UPDATE**: As discussed below, we will disable the "Create new list" checkbox when user tries to import Endpoint Security Exception List and will show a tooltip saying "We only allow one Exception List for Endpoint Security." **NOTE**: as part of this PR, I also added a fix for missing version header in `importExceptionList` API call. --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Yara Tercero <yctercero@users.noreply.github.com> (cherry picked from commit 7cbd396)
💚 Build Succeeded
Metrics [docs]Async chunks
To update your PR or re-run it, just comment with: |
yctercero
approved these changes
Apr 25, 2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport
This will backport the following commits from
mainto8.14:Questions ?
Please refer to the Backport tool documentation