[ResponseOps][Security][Rules] Fix fields missing from Cases action in Security Solution rule form#210547
Merged
umbopepato merged 5 commits intoelastic:mainfrom Feb 20, 2025
Conversation
umbopepato
added
Team:ResponseOps
Contributor
|
Pinging @elastic/response-ops (Team:ResponseOps) |
umbopepato
added
the
release_note:skip
jcger
reviewed
Feb 12, 2025
Contributor
jcger
left a comment
jcger
left a comment
There was a problem hiding this comment.
I miss a test to ensure it does not happen again
Member
Author
@jcger it's not easy to test this on our side: the |
…s-system-action-missing-fields
cnasikas
added
v9.0.0
backport:version
dhurley14
requested review from
dhurley14
and removed request for
nkhristinin
cnasikas
added
the
release_note:skip
Contributor
|
Edit: Approved - Difficult to enforce the required type when used generically for the actions form. Hi @umbopepato, Thank you for the quick fix. Is it possible to include in this PR a change to make the If the field can be typed as a required field, it might be nice to type it as an array of allowed values. I believe since these rule type ids are not changing much maybe we could write a stricter type for that hook param, like |
dhurley14
approved these changes
Feb 20, 2025
Member
Author
Hey @dhurley14, thanks for taking a look! 😊
Unfortunately that's something we cannot do easily: the |
Contributor
|
Starting backport for target branches: 8.18, 8.x, 9.0 https://github.com/elastic/kibana/actions/runs/13441279794 |
Contributor
💚 Build Succeeded
Metrics [docs]Async chunks
History
|
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Feb 20, 2025
…n Security Solution rule form (elastic#210547) ## Summary Correctly forwards the selected rule type id to the actions form section in the Security Solution rule creation/update flow. Adds a functional test case to cover the bug. ## To verify 1. Navigate to `Security > Rules > Detection rules > Create new rule` 2. Fill in the first 3 steps 3. In the Actions step, select the Cases action 4. Check that the `Group by alert field` dropdown shows the correct alert fields 5. Create the rule, then repeat point 5 in the rule editing UI ## References Fixes elastic#210209 (cherry picked from commit 0abbd17)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Feb 20, 2025
…n Security Solution rule form (elastic#210547) ## Summary Correctly forwards the selected rule type id to the actions form section in the Security Solution rule creation/update flow. Adds a functional test case to cover the bug. ## To verify 1. Navigate to `Security > Rules > Detection rules > Create new rule` 2. Fill in the first 3 steps 3. In the Actions step, select the Cases action 4. Check that the `Group by alert field` dropdown shows the correct alert fields 5. Create the rule, then repeat point 5 in the rule editing UI ## References Fixes elastic#210209 (cherry picked from commit 0abbd17)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Feb 20, 2025
…n Security Solution rule form (elastic#210547) ## Summary Correctly forwards the selected rule type id to the actions form section in the Security Solution rule creation/update flow. Adds a functional test case to cover the bug. ## To verify 1. Navigate to `Security > Rules > Detection rules > Create new rule` 2. Fill in the first 3 steps 3. In the Actions step, select the Cases action 4. Check that the `Group by alert field` dropdown shows the correct alert fields 5. Create the rule, then repeat point 5 in the rule editing UI ## References Fixes elastic#210209 (cherry picked from commit 0abbd17)
Contributor
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Feb 20, 2025
…tion in Security Solution rule form (#210547) (#211943) # Backport This will backport the following commits from `main` to `8.x`: - [[ResponseOps][Security][Rules] Fix fields missing from Cases action in Security Solution rule form (#210547)](#210547) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Umberto Pepato","email":"umbopepato@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-02-20T17:36:39Z","message":"[ResponseOps][Security][Rules] Fix fields missing from Cases action in Security Solution rule form (#210547)\n\n## Summary\n\nCorrectly forwards the selected rule type id to the actions form section\nin the Security Solution rule creation/update flow.\nAdds a functional test case to cover the bug.\n\n## To verify\n\n1. Navigate to `Security > Rules > Detection rules > Create new rule`\n2. Fill in the first 3 steps\n3. In the Actions step, select the Cases action\n4. Check that the `Group by alert field` dropdown shows the correct\nalert fields\n5. Create the rule, then repeat point 5 in the rule editing UI\n\n## References\n\nFixes #210209","sha":"0abbd173b124bcb5f83a377c3923f57120f144e9","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:ResponseOps","v9.0.0","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[ResponseOps][Security][Rules] Fix fields missing from Cases action in Security Solution rule form","number":210547,"url":"https://github.com/elastic/kibana/pull/210547","mergeCommit":{"message":"[ResponseOps][Security][Rules] Fix fields missing from Cases action in Security Solution rule form (#210547)\n\n## Summary\n\nCorrectly forwards the selected rule type id to the actions form section\nin the Security Solution rule creation/update flow.\nAdds a functional test case to cover the bug.\n\n## To verify\n\n1. Navigate to `Security > Rules > Detection rules > Create new rule`\n2. Fill in the first 3 steps\n3. In the Actions step, select the Cases action\n4. Check that the `Group by alert field` dropdown shows the correct\nalert fields\n5. Create the rule, then repeat point 5 in the rule editing UI\n\n## References\n\nFixes #210209","sha":"0abbd173b124bcb5f83a377c3923f57120f144e9"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/210547","number":210547,"mergeCommit":{"message":"[ResponseOps][Security][Rules] Fix fields missing from Cases action in Security Solution rule form (#210547)\n\n## Summary\n\nCorrectly forwards the selected rule type id to the actions form section\nin the Security Solution rule creation/update flow.\nAdds a functional test case to cover the bug.\n\n## To verify\n\n1. Navigate to `Security > Rules > Detection rules > Create new rule`\n2. Fill in the first 3 steps\n3. In the Actions step, select the Cases action\n4. Check that the `Group by alert field` dropdown shows the correct\nalert fields\n5. Create the rule, then repeat point 5 in the rule editing UI\n\n## References\n\nFixes #210209","sha":"0abbd173b124bcb5f83a377c3923f57120f144e9"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Umberto Pepato <umbopepato@users.noreply.github.com>
kibanamachine
added a commit
that referenced
this pull request
Feb 20, 2025
…tion in Security Solution rule form (#210547) (#211944) # Backport This will backport the following commits from `main` to `9.0`: - [[ResponseOps][Security][Rules] Fix fields missing from Cases action in Security Solution rule form (#210547)](#210547) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Umberto Pepato","email":"umbopepato@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-02-20T17:36:39Z","message":"[ResponseOps][Security][Rules] Fix fields missing from Cases action in Security Solution rule form (#210547)\n\n## Summary\n\nCorrectly forwards the selected rule type id to the actions form section\nin the Security Solution rule creation/update flow.\nAdds a functional test case to cover the bug.\n\n## To verify\n\n1. Navigate to `Security > Rules > Detection rules > Create new rule`\n2. Fill in the first 3 steps\n3. In the Actions step, select the Cases action\n4. Check that the `Group by alert field` dropdown shows the correct\nalert fields\n5. Create the rule, then repeat point 5 in the rule editing UI\n\n## References\n\nFixes #210209","sha":"0abbd173b124bcb5f83a377c3923f57120f144e9","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:ResponseOps","v9.0.0","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[ResponseOps][Security][Rules] Fix fields missing from Cases action in Security Solution rule form","number":210547,"url":"https://github.com/elastic/kibana/pull/210547","mergeCommit":{"message":"[ResponseOps][Security][Rules] Fix fields missing from Cases action in Security Solution rule form (#210547)\n\n## Summary\n\nCorrectly forwards the selected rule type id to the actions form section\nin the Security Solution rule creation/update flow.\nAdds a functional test case to cover the bug.\n\n## To verify\n\n1. Navigate to `Security > Rules > Detection rules > Create new rule`\n2. Fill in the first 3 steps\n3. In the Actions step, select the Cases action\n4. Check that the `Group by alert field` dropdown shows the correct\nalert fields\n5. Create the rule, then repeat point 5 in the rule editing UI\n\n## References\n\nFixes #210209","sha":"0abbd173b124bcb5f83a377c3923f57120f144e9"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/210547","number":210547,"mergeCommit":{"message":"[ResponseOps][Security][Rules] Fix fields missing from Cases action in Security Solution rule form (#210547)\n\n## Summary\n\nCorrectly forwards the selected rule type id to the actions form section\nin the Security Solution rule creation/update flow.\nAdds a functional test case to cover the bug.\n\n## To verify\n\n1. Navigate to `Security > Rules > Detection rules > Create new rule`\n2. Fill in the first 3 steps\n3. In the Actions step, select the Cases action\n4. Check that the `Group by alert field` dropdown shows the correct\nalert fields\n5. Create the rule, then repeat point 5 in the rule editing UI\n\n## References\n\nFixes #210209","sha":"0abbd173b124bcb5f83a377c3923f57120f144e9"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Umberto Pepato <umbopepato@users.noreply.github.com>
kibanamachine
added a commit
that referenced
this pull request
Feb 21, 2025
…ction in Security Solution rule form (#210547) (#211942) # Backport This will backport the following commits from `main` to `8.18`: - [[ResponseOps][Security][Rules] Fix fields missing from Cases action in Security Solution rule form (#210547)](#210547) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Umberto Pepato","email":"umbopepato@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-02-20T17:36:39Z","message":"[ResponseOps][Security][Rules] Fix fields missing from Cases action in Security Solution rule form (#210547)\n\n## Summary\n\nCorrectly forwards the selected rule type id to the actions form section\nin the Security Solution rule creation/update flow.\nAdds a functional test case to cover the bug.\n\n## To verify\n\n1. Navigate to `Security > Rules > Detection rules > Create new rule`\n2. Fill in the first 3 steps\n3. In the Actions step, select the Cases action\n4. Check that the `Group by alert field` dropdown shows the correct\nalert fields\n5. Create the rule, then repeat point 5 in the rule editing UI\n\n## References\n\nFixes #210209","sha":"0abbd173b124bcb5f83a377c3923f57120f144e9","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:ResponseOps","v9.0.0","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[ResponseOps][Security][Rules] Fix fields missing from Cases action in Security Solution rule form","number":210547,"url":"https://github.com/elastic/kibana/pull/210547","mergeCommit":{"message":"[ResponseOps][Security][Rules] Fix fields missing from Cases action in Security Solution rule form (#210547)\n\n## Summary\n\nCorrectly forwards the selected rule type id to the actions form section\nin the Security Solution rule creation/update flow.\nAdds a functional test case to cover the bug.\n\n## To verify\n\n1. Navigate to `Security > Rules > Detection rules > Create new rule`\n2. Fill in the first 3 steps\n3. In the Actions step, select the Cases action\n4. Check that the `Group by alert field` dropdown shows the correct\nalert fields\n5. Create the rule, then repeat point 5 in the rule editing UI\n\n## References\n\nFixes #210209","sha":"0abbd173b124bcb5f83a377c3923f57120f144e9"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/210547","number":210547,"mergeCommit":{"message":"[ResponseOps][Security][Rules] Fix fields missing from Cases action in Security Solution rule form (#210547)\n\n## Summary\n\nCorrectly forwards the selected rule type id to the actions form section\nin the Security Solution rule creation/update flow.\nAdds a functional test case to cover the bug.\n\n## To verify\n\n1. Navigate to `Security > Rules > Detection rules > Create new rule`\n2. Fill in the first 3 steps\n3. In the Actions step, select the Cases action\n4. Check that the `Group by alert field` dropdown shows the correct\nalert fields\n5. Create the rule, then repeat point 5 in the rule editing UI\n\n## References\n\nFixes #210209","sha":"0abbd173b124bcb5f83a377c3923f57120f144e9"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Umberto Pepato <umbopepato@users.noreply.github.com>
1 task
umbopepato
added a commit
that referenced
this pull request
Mar 10, 2025
## Summary - Fixes the flaky functional test added in #210547 by adding a network request intercept and clicking on the correct dropdown button - Unskips the test file ## References Closes #211959 ### Checklist - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Mar 10, 2025
) ## Summary - Fixes the flaky functional test added in elastic#210547 by adding a network request intercept and clicking on the correct dropdown button - Unskips the test file ## References Closes elastic#211959 ### Checklist - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed (cherry picked from commit 6c281ca)
kibanamachine
added a commit
that referenced
this pull request
Mar 10, 2025
…) (#213701) # Backport This will backport the following commits from `main` to `8.x`: - [[ResponseOps][Cases] Fix flaky Cases action Cypress test (#213529)](#213529) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Umberto Pepato","email":"umbopepato@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-03-10T10:16:02Z","message":"[ResponseOps][Cases] Fix flaky Cases action Cypress test (#213529)\n\n## Summary\n\n- Fixes the flaky functional test added in #210547 by adding a network\nrequest intercept and clicking on the correct dropdown button\n- Unskips the test file\n\n## References\n\nCloses #211959\n\n### Checklist\n\n- [x] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed","sha":"6c281caceb180c5e541ecdcf86d528cd2bafe701","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:ResponseOps","backport:version","v9.1.0","v8.19.0"],"title":"[ResponseOps][Cases] Fix flaky Cases action Cypress test","number":213529,"url":"https://github.com/elastic/kibana/pull/213529","mergeCommit":{"message":"[ResponseOps][Cases] Fix flaky Cases action Cypress test (#213529)\n\n## Summary\n\n- Fixes the flaky functional test added in #210547 by adding a network\nrequest intercept and clicking on the correct dropdown button\n- Unskips the test file\n\n## References\n\nCloses #211959\n\n### Checklist\n\n- [x] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed","sha":"6c281caceb180c5e541ecdcf86d528cd2bafe701"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/213529","number":213529,"mergeCommit":{"message":"[ResponseOps][Cases] Fix flaky Cases action Cypress test (#213529)\n\n## Summary\n\n- Fixes the flaky functional test added in #210547 by adding a network\nrequest intercept and clicking on the correct dropdown button\n- Unskips the test file\n\n## References\n\nCloses #211959\n\n### Checklist\n\n- [x] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed","sha":"6c281caceb180c5e541ecdcf86d528cd2bafe701"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Umberto Pepato <umbopepato@users.noreply.github.com>
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this pull request
Mar 22, 2025
…n Security Solution rule form (elastic#210547) ## Summary Correctly forwards the selected rule type id to the actions form section in the Security Solution rule creation/update flow. Adds a functional test case to cover the bug. ## To verify 1. Navigate to `Security > Rules > Detection rules > Create new rule` 2. Fill in the first 3 steps 3. In the Actions step, select the Cases action 4. Check that the `Group by alert field` dropdown shows the correct alert fields 5. Create the rule, then repeat point 5 in the rule editing UI ## References Fixes elastic#210209
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this pull request
Mar 22, 2025
) ## Summary - Fixes the flaky functional test added in elastic#210547 by adding a network request intercept and clicking on the correct dropdown button - Unskips the test file ## References Closes elastic#211959 ### Checklist - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Correctly forwards the selected rule type id to the actions form section in the Security Solution rule creation/update flow.
Adds a functional test case to cover the bug.
To verify
Security > Rules > Detection rules > Create new ruleGroup by alert fielddropdown shows the correct alert fieldsReferences
Fixes #210209