[Security Solution] Fix race condition when Defend is installed before rules package#222200
[Security Solution] Fix race condition when Defend is installed before rules package#222200xcrzx merged 1 commit intoelastic:mainfrom
Conversation
xcrzx
added
bug
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
xcrzx
force-pushed
the
fix-elastic-defend-race
branch
from
91f348b to
d667a7f
Compare
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]
History
cc @xcrzx |
maximpn
changed the title
maximpn
left a comment
maximpn
left a comment
There was a problem hiding this comment.
@xcrzx Thanks for fixing this race condition bug 👍
The diff looks straightforward. I tested the changes locally and it works as expected. The only side effect is longer Elastic Defend integration installation due to Security Detection Rules package (considered as an integration in Fleet) installation happening under the hood.
I've noticed Fleet logs starting integration installation like Install with state machine - Starting installation of security_detection_engine@9.0.5 from registry but there isn't a massage saying it's been successfully installed.
|
Starting backport for target branches: 8.19 https://github.com/elastic/kibana/actions/runs/15412835448 |
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
…e rules package (elastic#222200) ## Summary Fixes a race condition where the Elastic Defend rule is installed before the rules package becomes available, resulting in the following error: ``` [2025-05-29T10:40:00.066-04:00][ERROR][plugins.securitySolution.endpointFleetExtension] Unable to find Elastic Defend rule in the prebuilt rule assets (rule_id: 9a1a2dae-0b5f-4c3d-8305-a268d404c306) ``` ### Steps to Reproduce 1. Start with a clean Kibana instance with no rules package installed. 2. Navigate directly to the Integrations page (without visiting any Security Solution pages, which would trigger rules package bootstrapping), and install the Elastic Defend integration. 3. Observe the `Unable to find Elastic Defend rule in the prebuilt rule assets` error in the Kibana logs. This race condition appears to have existed for some time but was surfaced more clearly due to the recently added warning when the Defend rule cannot be installed.
kibanamachine
added
the
backport missing
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
|
Waiting till some other AI4SOC PRs get backported to 8.19 so this one can be merged on top of them |
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
1 similar comment
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
1 similar comment
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
…e rules package (elastic#222200) ## Summary Fixes a race condition where the Elastic Defend rule is installed before the rules package becomes available, resulting in the following error: ``` [2025-05-29T10:40:00.066-04:00][ERROR][plugins.securitySolution.endpointFleetExtension] Unable to find Elastic Defend rule in the prebuilt rule assets (rule_id: 9a1a2dae-0b5f-4c3d-8305-a268d404c306) ``` ### Steps to Reproduce 1. Start with a clean Kibana instance with no rules package installed. 2. Navigate directly to the Integrations page (without visiting any Security Solution pages, which would trigger rules package bootstrapping), and install the Elastic Defend integration. 3. Observe the `Unable to find Elastic Defend rule in the prebuilt rule assets` error in the Kibana logs. This race condition appears to have existed for some time but was surfaced more clearly due to the recently added warning when the Defend rule cannot be installed.
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
1 similar comment
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
xcrzx
added
backport:version
|
Starting backport for target branches: 8.19 https://github.com/elastic/kibana/actions/runs/15702950293 |
…e rules package (elastic#222200) ## Summary Fixes a race condition where the Elastic Defend rule is installed before the rules package becomes available, resulting in the following error: ``` [2025-05-29T10:40:00.066-04:00][ERROR][plugins.securitySolution.endpointFleetExtension] Unable to find Elastic Defend rule in the prebuilt rule assets (rule_id: 9a1a2dae-0b5f-4c3d-8305-a268d404c306) ``` ### Steps to Reproduce 1. Start with a clean Kibana instance with no rules package installed. 2. Navigate directly to the Integrations page (without visiting any Security Solution pages, which would trigger rules package bootstrapping), and install the Elastic Defend integration. 3. Observe the `Unable to find Elastic Defend rule in the prebuilt rule assets` error in the Kibana logs. This race condition appears to have existed for some time but was surfaced more clearly due to the recently added warning when the Defend rule cannot be installed. (cherry picked from commit c513625)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…d before rules package (#222200) (#224193) # Backport This will backport the following commits from `main` to `8.19`: - [[Security Solution] Fix race condition when Defend is installed before rules package (#222200)](#222200) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Dmitrii Shevchenko","email":"dmitrii.shevchenko@elastic.co"},"sourceCommit":{"committedDate":"2025-06-03T08:50:03Z","message":"[Security Solution] Fix race condition when Defend is installed before rules package (#222200)\n\n## Summary\n\nFixes a race condition where the Elastic Defend rule is installed before\nthe rules package becomes available, resulting in the following error:\n\n```\n[2025-05-29T10:40:00.066-04:00][ERROR][plugins.securitySolution.endpointFleetExtension] Unable to find Elastic Defend rule in the prebuilt rule assets (rule_id: 9a1a2dae-0b5f-4c3d-8305-a268d404c306)\n```\n\n### Steps to Reproduce\n\n1. Start with a clean Kibana instance with no rules package installed. \n2. Navigate directly to the Integrations page (without visiting any\nSecurity Solution pages, which would trigger rules package\nbootstrapping), and install the Elastic Defend integration.\n3. Observe the `Unable to find Elastic Defend rule in the prebuilt rule\nassets` error in the Kibana logs.\n\nThis race condition appears to have existed for some time but was\nsurfaced more clearly due to the recently added warning when the Defend\nrule cannot be installed.","sha":"c513625f1181a4a47b8c308e2f1eb38f6b68830f","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","backport:version","v9.1.0","v8.19.0"],"title":"[Security Solution] Fix race condition when Defend is installed before rules package","number":222200,"url":"https://github.com/elastic/kibana/pull/222200","mergeCommit":{"message":"[Security Solution] Fix race condition when Defend is installed before rules package (#222200)\n\n## Summary\n\nFixes a race condition where the Elastic Defend rule is installed before\nthe rules package becomes available, resulting in the following error:\n\n```\n[2025-05-29T10:40:00.066-04:00][ERROR][plugins.securitySolution.endpointFleetExtension] Unable to find Elastic Defend rule in the prebuilt rule assets (rule_id: 9a1a2dae-0b5f-4c3d-8305-a268d404c306)\n```\n\n### Steps to Reproduce\n\n1. Start with a clean Kibana instance with no rules package installed. \n2. Navigate directly to the Integrations page (without visiting any\nSecurity Solution pages, which would trigger rules package\nbootstrapping), and install the Elastic Defend integration.\n3. Observe the `Unable to find Elastic Defend rule in the prebuilt rule\nassets` error in the Kibana logs.\n\nThis race condition appears to have existed for some time but was\nsurfaced more clearly due to the recently added warning when the Defend\nrule cannot be installed.","sha":"c513625f1181a4a47b8c308e2f1eb38f6b68830f"}},"sourceBranch":"main","suggestedTargetBranches":["8.19"],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/222200","number":222200,"mergeCommit":{"message":"[Security Solution] Fix race condition when Defend is installed before rules package (#222200)\n\n## Summary\n\nFixes a race condition where the Elastic Defend rule is installed before\nthe rules package becomes available, resulting in the following error:\n\n```\n[2025-05-29T10:40:00.066-04:00][ERROR][plugins.securitySolution.endpointFleetExtension] Unable to find Elastic Defend rule in the prebuilt rule assets (rule_id: 9a1a2dae-0b5f-4c3d-8305-a268d404c306)\n```\n\n### Steps to Reproduce\n\n1. Start with a clean Kibana instance with no rules package installed. \n2. Navigate directly to the Integrations page (without visiting any\nSecurity Solution pages, which would trigger rules package\nbootstrapping), and install the Elastic Defend integration.\n3. Observe the `Unable to find Elastic Defend rule in the prebuilt rule\nassets` error in the Kibana logs.\n\nThis race condition appears to have existed for some time but was\nsurfaced more clearly due to the recently added warning when the Defend\nrule cannot be installed.","sha":"c513625f1181a4a47b8c308e2f1eb38f6b68830f"}},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Dmitrii Shevchenko <dmitrii.shevchenko@elastic.co>
4 participants
Summary
Fixes a race condition where the Elastic Defend rule is installed before the rules package becomes available, resulting in the following error:
Steps to Reproduce
Unable to find Elastic Defend rule in the prebuilt rule assetserror in the Kibana logs.This race condition appears to have existed for some time but was surfaced more clearly due to the recently added warning when the Defend rule cannot be installed.