[Security Solution] Fixes exceptions list and actions being overwritten when using legacy prebuilt rule upgrade#218519
Merged
dplumlee merged 9 commits intoelastic:mainfrom May 9, 2025
Conversation
dplumlee
added
bug
Contributor
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
Contributor
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Contributor
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
Contributor
Author
|
@elasticmachine merge upstream |
xcrzx
reviewed
Apr 22, 2025
...ns/security_solution/server/lib/detection_engine/prebuilt_rules/logic/get_rules_to_update.ts
Outdated
Show resolved
Hide resolved
dplumlee
force-pushed
the
legacy-upgrade-actions-bug
branch
from
5ffb56b to
9b5f306
Compare
Contributor
|
Starting backport for target branches: 8.17, 8.18, 8.19, 9.0 https://github.com/elastic/kibana/actions/runs/14933245853 |
Contributor
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]
History
cc @dplumlee |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
May 9, 2025
…en when using legacy prebuilt rule upgrade (elastic#218519) ## Summary Fixes elastic#218000 Fixes issues that caused the `exceptions_list` and `actions` fields to get overwritten when the legacy prebuilt rule upgrade methods (`api/detection_engine/rules/prepackaged`) were used. ### Testing 1. Install an outdated rules package 1. Install all rules from the package 1. Add actions and exceptions to the installed rules (actions can be added using bulk edit) 1. Install the latest available prebuilt rules package 1. Call the legacy API to upgrade installed rules to the latest versions: `/api/detection_engine/rules/prepackaged` 1. Observe all exceptions lists and actions are maintained through upgrade process ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> (cherry picked from commit 0eeb5ff)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
May 9, 2025
…en when using legacy prebuilt rule upgrade (elastic#218519) ## Summary Fixes elastic#218000 Fixes issues that caused the `exceptions_list` and `actions` fields to get overwritten when the legacy prebuilt rule upgrade methods (`api/detection_engine/rules/prepackaged`) were used. ### Testing 1. Install an outdated rules package 1. Install all rules from the package 1. Add actions and exceptions to the installed rules (actions can be added using bulk edit) 1. Install the latest available prebuilt rules package 1. Call the legacy API to upgrade installed rules to the latest versions: `/api/detection_engine/rules/prepackaged` 1. Observe all exceptions lists and actions are maintained through upgrade process ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> (cherry picked from commit 0eeb5ff)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
May 9, 2025
…en when using legacy prebuilt rule upgrade (elastic#218519) ## Summary Fixes elastic#218000 Fixes issues that caused the `exceptions_list` and `actions` fields to get overwritten when the legacy prebuilt rule upgrade methods (`api/detection_engine/rules/prepackaged`) were used. ### Testing 1. Install an outdated rules package 1. Install all rules from the package 1. Add actions and exceptions to the installed rules (actions can be added using bulk edit) 1. Install the latest available prebuilt rules package 1. Call the legacy API to upgrade installed rules to the latest versions: `/api/detection_engine/rules/prepackaged` 1. Observe all exceptions lists and actions are maintained through upgrade process ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> (cherry picked from commit 0eeb5ff)
Contributor
💔 Some backports could not be created
Note: Successful backport PRs will be merged automatically after passing CI. Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
May 9, 2025
…rwritten when using legacy prebuilt rule upgrade (#218519) (#220696) # Backport This will backport the following commits from `main` to `9.0`: - [[Security Solution] Fixes exceptions list and actions being overwritten when using legacy prebuilt rule upgrade (#218519)](#218519) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Davis Plumlee","email":"56367316+dplumlee@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-05-09T16:20:27Z","message":"[Security Solution] Fixes exceptions list and actions being overwritten when using legacy prebuilt rule upgrade (#218519)\n\n## Summary\n\nFixes https://github.com/elastic/kibana/issues/218000\n\nFixes issues that caused the `exceptions_list` and `actions` fields to\nget overwritten when the legacy prebuilt rule upgrade methods\n(`api/detection_engine/rules/prepackaged`) were used.\n\n### Testing\n\n1. Install an outdated rules package \n1. Install all rules from the package \n1. Add actions and exceptions to the installed rules (actions can be\nadded using bulk edit)\n1. Install the latest available prebuilt rules package \n1. Call the legacy API to upgrade installed rules to the latest\nversions: `/api/detection_engine/rules/prepackaged`\n1. Observe all exceptions lists and actions are maintained through\nupgrade process\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n\n---------\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"0eeb5ffcff27a04b2f3d509a582043b17395e2a3","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v9.1.0","v8.19.0","v8.18.1","v9.0.1","v8.17.6"],"title":"[Security Solution] Fixes exceptions list and actions being overwritten when using legacy prebuilt rule upgrade","number":218519,"url":"https://github.com/elastic/kibana/pull/218519","mergeCommit":{"message":"[Security Solution] Fixes exceptions list and actions being overwritten when using legacy prebuilt rule upgrade (#218519)\n\n## Summary\n\nFixes https://github.com/elastic/kibana/issues/218000\n\nFixes issues that caused the `exceptions_list` and `actions` fields to\nget overwritten when the legacy prebuilt rule upgrade methods\n(`api/detection_engine/rules/prepackaged`) were used.\n\n### Testing\n\n1. Install an outdated rules package \n1. Install all rules from the package \n1. Add actions and exceptions to the installed rules (actions can be\nadded using bulk edit)\n1. Install the latest available prebuilt rules package \n1. Call the legacy API to upgrade installed rules to the latest\nversions: `/api/detection_engine/rules/prepackaged`\n1. Observe all exceptions lists and actions are maintained through\nupgrade process\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n\n---------\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"0eeb5ffcff27a04b2f3d509a582043b17395e2a3"}},"sourceBranch":"main","suggestedTargetBranches":["8.19","8.18","9.0","8.17"],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/218519","number":218519,"mergeCommit":{"message":"[Security Solution] Fixes exceptions list and actions being overwritten when using legacy prebuilt rule upgrade (#218519)\n\n## Summary\n\nFixes https://github.com/elastic/kibana/issues/218000\n\nFixes issues that caused the `exceptions_list` and `actions` fields to\nget overwritten when the legacy prebuilt rule upgrade methods\n(`api/detection_engine/rules/prepackaged`) were used.\n\n### Testing\n\n1. Install an outdated rules package \n1. Install all rules from the package \n1. Add actions and exceptions to the installed rules (actions can be\nadded using bulk edit)\n1. Install the latest available prebuilt rules package \n1. Call the legacy API to upgrade installed rules to the latest\nversions: `/api/detection_engine/rules/prepackaged`\n1. Observe all exceptions lists and actions are maintained through\nupgrade process\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n\n---------\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"0eeb5ffcff27a04b2f3d509a582043b17395e2a3"}},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.0","label":"v9.0.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.17","label":"v8.17.6","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Davis Plumlee <56367316+dplumlee@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
kdelemme
pushed a commit
to kdelemme/kibana
that referenced
this pull request
May 9, 2025
…en when using legacy prebuilt rule upgrade (elastic#218519) ## Summary Fixes elastic#218000 Fixes issues that caused the `exceptions_list` and `actions` fields to get overwritten when the legacy prebuilt rule upgrade methods (`api/detection_engine/rules/prepackaged`) were used. ### Testing 1. Install an outdated rules package 1. Install all rules from the package 1. Add actions and exceptions to the installed rules (actions can be added using bulk edit) 1. Install the latest available prebuilt rules package 1. Call the legacy API to upgrade installed rules to the latest versions: `/api/detection_engine/rules/prepackaged` 1. Observe all exceptions lists and actions are maintained through upgrade process ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
kibanamachine
added a commit
that referenced
this pull request
May 9, 2025
…erwritten when using legacy prebuilt rule upgrade (#218519) (#220694) # Backport This will backport the following commits from `main` to `8.18`: - [[Security Solution] Fixes exceptions list and actions being overwritten when using legacy prebuilt rule upgrade (#218519)](#218519) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Davis Plumlee","email":"56367316+dplumlee@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-05-09T16:20:27Z","message":"[Security Solution] Fixes exceptions list and actions being overwritten when using legacy prebuilt rule upgrade (#218519)\n\n## Summary\n\nFixes https://github.com/elastic/kibana/issues/218000\n\nFixes issues that caused the `exceptions_list` and `actions` fields to\nget overwritten when the legacy prebuilt rule upgrade methods\n(`api/detection_engine/rules/prepackaged`) were used.\n\n### Testing\n\n1. Install an outdated rules package \n1. Install all rules from the package \n1. Add actions and exceptions to the installed rules (actions can be\nadded using bulk edit)\n1. Install the latest available prebuilt rules package \n1. Call the legacy API to upgrade installed rules to the latest\nversions: `/api/detection_engine/rules/prepackaged`\n1. Observe all exceptions lists and actions are maintained through\nupgrade process\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n\n---------\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"0eeb5ffcff27a04b2f3d509a582043b17395e2a3","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v9.1.0","v8.19.0","v8.18.1","v9.0.1","v8.17.6"],"title":"[Security Solution] Fixes exceptions list and actions being overwritten when using legacy prebuilt rule upgrade","number":218519,"url":"https://github.com/elastic/kibana/pull/218519","mergeCommit":{"message":"[Security Solution] Fixes exceptions list and actions being overwritten when using legacy prebuilt rule upgrade (#218519)\n\n## Summary\n\nFixes https://github.com/elastic/kibana/issues/218000\n\nFixes issues that caused the `exceptions_list` and `actions` fields to\nget overwritten when the legacy prebuilt rule upgrade methods\n(`api/detection_engine/rules/prepackaged`) were used.\n\n### Testing\n\n1. Install an outdated rules package \n1. Install all rules from the package \n1. Add actions and exceptions to the installed rules (actions can be\nadded using bulk edit)\n1. Install the latest available prebuilt rules package \n1. Call the legacy API to upgrade installed rules to the latest\nversions: `/api/detection_engine/rules/prepackaged`\n1. Observe all exceptions lists and actions are maintained through\nupgrade process\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n\n---------\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"0eeb5ffcff27a04b2f3d509a582043b17395e2a3"}},"sourceBranch":"main","suggestedTargetBranches":["8.19","8.18","9.0","8.17"],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/218519","number":218519,"mergeCommit":{"message":"[Security Solution] Fixes exceptions list and actions being overwritten when using legacy prebuilt rule upgrade (#218519)\n\n## Summary\n\nFixes https://github.com/elastic/kibana/issues/218000\n\nFixes issues that caused the `exceptions_list` and `actions` fields to\nget overwritten when the legacy prebuilt rule upgrade methods\n(`api/detection_engine/rules/prepackaged`) were used.\n\n### Testing\n\n1. Install an outdated rules package \n1. Install all rules from the package \n1. Add actions and exceptions to the installed rules (actions can be\nadded using bulk edit)\n1. Install the latest available prebuilt rules package \n1. Call the legacy API to upgrade installed rules to the latest\nversions: `/api/detection_engine/rules/prepackaged`\n1. Observe all exceptions lists and actions are maintained through\nupgrade process\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n\n---------\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"0eeb5ffcff27a04b2f3d509a582043b17395e2a3"}},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.0","label":"v9.0.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.17","label":"v8.17.6","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> --------- Co-authored-by: Davis Plumlee <56367316+dplumlee@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: Davis Plumlee <davis.plumlee@elastic.co>
kibanamachine
added a commit
that referenced
this pull request
May 9, 2025
…erwritten when using legacy prebuilt rule upgrade (#218519) (#220695) # Backport This will backport the following commits from `main` to `8.19`: - [[Security Solution] Fixes exceptions list and actions being overwritten when using legacy prebuilt rule upgrade (#218519)](#218519) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Davis Plumlee","email":"56367316+dplumlee@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-05-09T16:20:27Z","message":"[Security Solution] Fixes exceptions list and actions being overwritten when using legacy prebuilt rule upgrade (#218519)\n\n## Summary\n\nFixes https://github.com/elastic/kibana/issues/218000\n\nFixes issues that caused the `exceptions_list` and `actions` fields to\nget overwritten when the legacy prebuilt rule upgrade methods\n(`api/detection_engine/rules/prepackaged`) were used.\n\n### Testing\n\n1. Install an outdated rules package \n1. Install all rules from the package \n1. Add actions and exceptions to the installed rules (actions can be\nadded using bulk edit)\n1. Install the latest available prebuilt rules package \n1. Call the legacy API to upgrade installed rules to the latest\nversions: `/api/detection_engine/rules/prepackaged`\n1. Observe all exceptions lists and actions are maintained through\nupgrade process\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n\n---------\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"0eeb5ffcff27a04b2f3d509a582043b17395e2a3","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v9.1.0","v8.19.0","v8.18.1","v9.0.1","v8.17.6"],"title":"[Security Solution] Fixes exceptions list and actions being overwritten when using legacy prebuilt rule upgrade","number":218519,"url":"https://github.com/elastic/kibana/pull/218519","mergeCommit":{"message":"[Security Solution] Fixes exceptions list and actions being overwritten when using legacy prebuilt rule upgrade (#218519)\n\n## Summary\n\nFixes https://github.com/elastic/kibana/issues/218000\n\nFixes issues that caused the `exceptions_list` and `actions` fields to\nget overwritten when the legacy prebuilt rule upgrade methods\n(`api/detection_engine/rules/prepackaged`) were used.\n\n### Testing\n\n1. Install an outdated rules package \n1. Install all rules from the package \n1. Add actions and exceptions to the installed rules (actions can be\nadded using bulk edit)\n1. Install the latest available prebuilt rules package \n1. Call the legacy API to upgrade installed rules to the latest\nversions: `/api/detection_engine/rules/prepackaged`\n1. Observe all exceptions lists and actions are maintained through\nupgrade process\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n\n---------\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"0eeb5ffcff27a04b2f3d509a582043b17395e2a3"}},"sourceBranch":"main","suggestedTargetBranches":["8.19","8.18","9.0","8.17"],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/218519","number":218519,"mergeCommit":{"message":"[Security Solution] Fixes exceptions list and actions being overwritten when using legacy prebuilt rule upgrade (#218519)\n\n## Summary\n\nFixes https://github.com/elastic/kibana/issues/218000\n\nFixes issues that caused the `exceptions_list` and `actions` fields to\nget overwritten when the legacy prebuilt rule upgrade methods\n(`api/detection_engine/rules/prepackaged`) were used.\n\n### Testing\n\n1. Install an outdated rules package \n1. Install all rules from the package \n1. Add actions and exceptions to the installed rules (actions can be\nadded using bulk edit)\n1. Install the latest available prebuilt rules package \n1. Call the legacy API to upgrade installed rules to the latest\nversions: `/api/detection_engine/rules/prepackaged`\n1. Observe all exceptions lists and actions are maintained through\nupgrade process\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n\n---------\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"0eeb5ffcff27a04b2f3d509a582043b17395e2a3"}},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.0","label":"v9.0.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.17","label":"v8.17.6","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> --------- Co-authored-by: Davis Plumlee <56367316+dplumlee@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: Davis Plumlee <davis.plumlee@elastic.co>
Contributor
Author
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
dplumlee
added a commit
to dplumlee/kibana
that referenced
this pull request
May 20, 2025
…en when using legacy prebuilt rule upgrade (elastic#218519) ## Summary Fixes elastic#218000 Fixes issues that caused the `exceptions_list` and `actions` fields to get overwritten when the legacy prebuilt rule upgrade methods (`api/detection_engine/rules/prepackaged`) were used. ### Testing 1. Install an outdated rules package 1. Install all rules from the package 1. Add actions and exceptions to the installed rules (actions can be added using bulk edit) 1. Install the latest available prebuilt rules package 1. Call the legacy API to upgrade installed rules to the latest versions: `/api/detection_engine/rules/prepackaged` 1. Observe all exceptions lists and actions are maintained through upgrade process ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> (cherry picked from commit 0eeb5ff) # Conflicts: # x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/utils.test.ts
dplumlee
added a commit
that referenced
this pull request
May 20, 2025
…erwritten when using legacy prebuilt rule upgrade (#218519) (#220999) # Backport This will backport the following commits from `main` to `8.17`: - [[Security Solution] Fixes exceptions list and actions being overwritten when using legacy prebuilt rule upgrade (#218519)](#218519) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Davis Plumlee","email":"56367316+dplumlee@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-05-09T16:20:27Z","message":"[Security Solution] Fixes exceptions list and actions being overwritten when using legacy prebuilt rule upgrade (#218519)\n\n## Summary\n\nFixes https://github.com/elastic/kibana/issues/218000\n\nFixes issues that caused the `exceptions_list` and `actions` fields to\nget overwritten when the legacy prebuilt rule upgrade methods\n(`api/detection_engine/rules/prepackaged`) were used.\n\n### Testing\n\n1. Install an outdated rules package \n1. Install all rules from the package \n1. Add actions and exceptions to the installed rules (actions can be\nadded using bulk edit)\n1. Install the latest available prebuilt rules package \n1. Call the legacy API to upgrade installed rules to the latest\nversions: `/api/detection_engine/rules/prepackaged`\n1. Observe all exceptions lists and actions are maintained through\nupgrade process\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n\n---------\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"0eeb5ffcff27a04b2f3d509a582043b17395e2a3","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v9.1.0","v8.19.0","v8.18.1","v9.0.1","v8.17.6","v8.18.2","v9.0.2"],"title":"[Security Solution] Fixes exceptions list and actions being overwritten when using legacy prebuilt rule upgrade","number":218519,"url":"https://github.com/elastic/kibana/pull/218519","mergeCommit":{"message":"[Security Solution] Fixes exceptions list and actions being overwritten when using legacy prebuilt rule upgrade (#218519)\n\n## Summary\n\nFixes https://github.com/elastic/kibana/issues/218000\n\nFixes issues that caused the `exceptions_list` and `actions` fields to\nget overwritten when the legacy prebuilt rule upgrade methods\n(`api/detection_engine/rules/prepackaged`) were used.\n\n### Testing\n\n1. Install an outdated rules package \n1. Install all rules from the package \n1. Add actions and exceptions to the installed rules (actions can be\nadded using bulk edit)\n1. Install the latest available prebuilt rules package \n1. Call the legacy API to upgrade installed rules to the latest\nversions: `/api/detection_engine/rules/prepackaged`\n1. Observe all exceptions lists and actions are maintained through\nupgrade process\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n\n---------\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"0eeb5ffcff27a04b2f3d509a582043b17395e2a3"}},"sourceBranch":"main","suggestedTargetBranches":["8.17"],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/218519","number":218519,"mergeCommit":{"message":"[Security Solution] Fixes exceptions list and actions being overwritten when using legacy prebuilt rule upgrade (#218519)\n\n## Summary\n\nFixes https://github.com/elastic/kibana/issues/218000\n\nFixes issues that caused the `exceptions_list` and `actions` fields to\nget overwritten when the legacy prebuilt rule upgrade methods\n(`api/detection_engine/rules/prepackaged`) were used.\n\n### Testing\n\n1. Install an outdated rules package \n1. Install all rules from the package \n1. Add actions and exceptions to the installed rules (actions can be\nadded using bulk edit)\n1. Install the latest available prebuilt rules package \n1. Call the legacy API to upgrade installed rules to the latest\nversions: `/api/detection_engine/rules/prepackaged`\n1. Observe all exceptions lists and actions are maintained through\nupgrade process\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n\n---------\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"0eeb5ffcff27a04b2f3d509a582043b17395e2a3"}},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/220695","number":220695,"state":"MERGED","mergeCommit":{"sha":"da2418acb0dd61cb7c0852f1ac5d6aafa927262e","message":"[8.19] [Security Solution] Fixes exceptions list and actions being overwritten when using legacy prebuilt rule upgrade (#218519) (#220695)\n\n# Backport\n\nThis will backport the following commits from `main` to `8.19`:\n- [[Security Solution] Fixes exceptions list and actions being\noverwritten when using legacy prebuilt rule upgrade\n(#218519)](https://github.com/elastic/kibana/pull/218519)\n\n\n\n### Questions ?\nPlease refer to the [Backport tool\ndocumentation](https://github.com/sorenlouv/backport)\n\n\n\n---------\n\nCo-authored-by: Davis Plumlee <56367316+dplumlee@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>\nCo-authored-by: Davis Plumlee <davis.plumlee@elastic.co>"}},{"branch":"8.18","label":"v8.18.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/220694","number":220694,"state":"MERGED","mergeCommit":{"sha":"f13e0fae8ac29de6325e443bb0b2071f922e12ac","message":"[8.18] [Security Solution] Fixes exceptions list and actions being overwritten when using legacy prebuilt rule upgrade (#218519) (#220694)\n\n# Backport\n\nThis will backport the following commits from `main` to `8.18`:\n- [[Security Solution] Fixes exceptions list and actions being\noverwritten when using legacy prebuilt rule upgrade\n(#218519)](https://github.com/elastic/kibana/pull/218519)\n\n\n\n### Questions ?\nPlease refer to the [Backport tool\ndocumentation](https://github.com/sorenlouv/backport)\n\n\n\n---------\n\nCo-authored-by: Davis Plumlee <56367316+dplumlee@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>\nCo-authored-by: Davis Plumlee <davis.plumlee@elastic.co>"}},{"branch":"9.0","label":"v9.0.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/220696","number":220696,"state":"MERGED","mergeCommit":{"sha":"1415291dc3147c7d969962067bd5d7c07a968e99","message":"[9.0] [Security Solution] Fixes exceptions list and actions being overwritten when using legacy prebuilt rule upgrade (#218519) (#220696)\n\n# Backport\n\nThis will backport the following commits from `main` to `9.0`:\n- [[Security Solution] Fixes exceptions list and actions being\noverwritten when using legacy prebuilt rule upgrade\n(#218519)](https://github.com/elastic/kibana/pull/218519)\n\n\n\n### Questions ?\nPlease refer to the [Backport tool\ndocumentation](https://github.com/sorenlouv/backport)\n\n\n\nCo-authored-by: Davis Plumlee <56367316+dplumlee@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>"}},{"branch":"8.17","label":"v8.17.6","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT-->
akowalska622
pushed a commit
to akowalska622/kibana
that referenced
this pull request
May 29, 2025
…en when using legacy prebuilt rule upgrade (elastic#218519) ## Summary Fixes elastic#218000 Fixes issues that caused the `exceptions_list` and `actions` fields to get overwritten when the legacy prebuilt rule upgrade methods (`api/detection_engine/rules/prepackaged`) were used. ### Testing 1. Install an outdated rules package 1. Install all rules from the package 1. Add actions and exceptions to the installed rules (actions can be added using bulk edit) 1. Install the latest available prebuilt rules package 1. Call the legacy API to upgrade installed rules to the latest versions: `/api/detection_engine/rules/prepackaged` 1. Observe all exceptions lists and actions are maintained through upgrade process ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
qn895
pushed a commit
to qn895/kibana
that referenced
this pull request
Jun 3, 2025
…en when using legacy prebuilt rule upgrade (elastic#218519) ## Summary Fixes elastic#218000 Fixes issues that caused the `exceptions_list` and `actions` fields to get overwritten when the legacy prebuilt rule upgrade methods (`api/detection_engine/rules/prepackaged`) were used. ### Testing 1. Install an outdated rules package 1. Install all rules from the package 1. Add actions and exceptions to the installed rules (actions can be added using bulk edit) 1. Install the latest available prebuilt rules package 1. Call the legacy API to upgrade installed rules to the latest versions: `/api/detection_engine/rules/prepackaged` 1. Observe all exceptions lists and actions are maintained through upgrade process ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #218000
Fixes issues that caused the
exceptions_listandactionsfields to get overwritten when the legacy prebuilt rule upgrade methods (api/detection_engine/rules/prepackaged) were used.Testing
/api/detection_engine/rules/prepackagedChecklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.