Skip to content

[8.x] [Security Solution] Fixes data normalization in diff algorithms for `threat` and `rule_schedule` fields (#200105)#200646

Merged
kibanamachine merged 1 commit intoelastic:8.xfrom
kibanamachine:backport/8.x/pr-200105
Nov 18, 2024
Merged

Conversation

@kibanamachine
Copy link
Contributor

@kibanamachine kibanamachine commented Nov 18, 2024

Backport

This will backport the following commits from main to 8.x:

Questions ?

Please refer to the Backport tool documentation

@dplumlee
[Security Solution] Fixes data normalization in diff algorithms for `…
f463c40 
…threat` and `rule_schedule` fields (elastic#200105)

**Fixes elastic#199629

## Summary

Fixes the data normalization we do before comparison for the `threat`
and `rule_schedule` fields so that they align with our prebuilt rule
specs. Specifically:

- Trims any extra optional nested fields in the `threat` field that were
left as empty arrays
- Removes the logic to use the `from` value in the `meta` field if it
existed, so that we can normalize the time strings for `rule_schedule`

These errors were occurring when a rule was saved via the Rule Editing
form in the UI and extra fields were added in the update API call. This
PR makes the diff algorithms more robust against different field values
that are represented differently but are logically the same.

This extra data added in the Rule Edit UI form was also causing rules to
appear as modified when saved from the form, even if no fields had been
modified.

### Checklist

Check the PR satisfies following conditions.

Reviewers should verify this PR satisfies this list as well.

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed

(cherry picked from commit a8fd0c9)
@kibanamachine kibanamachine added the backport This PR is a backport of another PR label Nov 18, 2024
@kibanamachine kibanamachine enabled auto-merge (squash) November 18, 2024 19:53
@kibanamachine kibanamachine mentioned this pull request Nov 18, 2024
Merged
2 tasks
@kibanamachine kibanamachine merged commit 29e3669 into elastic:8.x Nov 18, 2024
@elasticmachine
Copy link
Contributor

elasticmachine commented Nov 18, 2024

💚 Build Succeeded

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 6204 6205 +1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 13.4MB 13.4MB -17.0B

cc @dplumlee

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

@dplumlee dplumlee

Labels

backport This PR is a backport of another PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kibanamachine @elasticmachine @dplumlee