[Attack Discovery][Scheduling] Use triple braces by default for the URL and markdown fields#225794
Merged
e40pud merged 2 commits intoelastic:mainfrom Jun 30, 2025
Conversation
…RL and markdown fields
e40pud
added
release_note:skip
Contributor
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
KDKHD
approved these changes
Jun 30, 2025
Contributor
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Async chunks
cc @e40pud |
Contributor
|
Starting backport for target branches: 8.19, 9.1 https://github.com/elastic/kibana/actions/runs/15973097806 |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jun 30, 2025
…RL and markdown fields (elastic#225794) ## Summary According to the [mustache syntax](https://github.com/janl/mustache.js?tab=readme-ov-file#variables), all variables are HTML-escaped by default. If we want to render unescaped HTML, we should use the triple mustache: `{{{name}}}`. There are a few attack discovery variables in the action's context that we would like to render as unescaped HTML to preserve the URL and markdown structure. Those variable should be added using triple mustache by default from the action's "Add variable" menu: <img width="379" alt="Screenshot 2025-06-30 at 11 55 08" src="https://github.com/user-attachments/assets/6ca19adb-2b17-4eaf-b4f7-c94d0674c7fc" /> ### Variables that use triple mustache - `context.attack.detailsMarkdown` - `context.attack.summaryMarkdown` - `context.attack.entitySummaryMarkdown` - `context.attack.detailsUrl` ### Screenshots **Using double mustache**: <img width="1547" alt="Screenshot 2025-06-30 at 12 08 54" src="https://github.com/user-attachments/assets/f1e86d0f-14fb-4041-be8b-d96cd208a5a9" /> **Using triple mustache**: <img width="1547" alt="Screenshot 2025-06-30 at 12 08 41" src="https://github.com/user-attachments/assets/627a1b74-8c2c-44c0-8d0f-8be17ca61482" /> (cherry picked from commit 0ff0163)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jun 30, 2025
…RL and markdown fields (elastic#225794) ## Summary According to the [mustache syntax](https://github.com/janl/mustache.js?tab=readme-ov-file#variables), all variables are HTML-escaped by default. If we want to render unescaped HTML, we should use the triple mustache: `{{{name}}}`. There are a few attack discovery variables in the action's context that we would like to render as unescaped HTML to preserve the URL and markdown structure. Those variable should be added using triple mustache by default from the action's "Add variable" menu: <img width="379" alt="Screenshot 2025-06-30 at 11 55 08" src="https://github.com/user-attachments/assets/6ca19adb-2b17-4eaf-b4f7-c94d0674c7fc" /> ### Variables that use triple mustache - `context.attack.detailsMarkdown` - `context.attack.summaryMarkdown` - `context.attack.entitySummaryMarkdown` - `context.attack.detailsUrl` ### Screenshots **Using double mustache**: <img width="1547" alt="Screenshot 2025-06-30 at 12 08 54" src="https://github.com/user-attachments/assets/f1e86d0f-14fb-4041-be8b-d96cd208a5a9" /> **Using triple mustache**: <img width="1547" alt="Screenshot 2025-06-30 at 12 08 41" src="https://github.com/user-attachments/assets/627a1b74-8c2c-44c0-8d0f-8be17ca61482" /> (cherry picked from commit 0ff0163)
Contributor
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Jun 30, 2025
… the URL and markdown fields (#225794) (#225837) # Backport This will backport the following commits from `main` to `9.1`: - [[Attack Discovery][Scheduling] Use triple braces by default for the URL and markdown fields (#225794)](#225794) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Ievgen Sorokopud","email":"ievgen.sorokopud@elastic.co"},"sourceCommit":{"committedDate":"2025-06-30T12:37:10Z","message":"[Attack Discovery][Scheduling] Use triple braces by default for the URL and markdown fields (#225794)\n\n## Summary\n\nAccording to the [mustache\nsyntax](https://github.com/janl/mustache.js?tab=readme-ov-file#variables),\nall variables are HTML-escaped by default. If we want to render\nunescaped HTML, we should use the triple mustache: `{{{name}}}`.\n\nThere are a few attack discovery variables in the action's context that\nwe would like to render as unescaped HTML to preserve the URL and\nmarkdown structure. Those variable should be added using triple mustache\nby default from the action's \"Add variable\" menu:\n\n<img width=\"379\" alt=\"Screenshot 2025-06-30 at 11 55 08\"\nsrc=\"https://github.com/user-attachments/assets/6ca19adb-2b17-4eaf-b4f7-c94d0674c7fc\"\n/>\n\n### Variables that use triple mustache\n\n- `context.attack.detailsMarkdown`\n- `context.attack.summaryMarkdown`\n- `context.attack.entitySummaryMarkdown`\n- `context.attack.detailsUrl`\n\n### Screenshots\n\n**Using double mustache**:\n\n<img width=\"1547\" alt=\"Screenshot 2025-06-30 at 12 08 54\"\nsrc=\"https://github.com/user-attachments/assets/f1e86d0f-14fb-4041-be8b-d96cd208a5a9\"\n/>\n\n**Using triple mustache**:\n\n<img width=\"1547\" alt=\"Screenshot 2025-06-30 at 12 08 41\"\nsrc=\"https://github.com/user-attachments/assets/627a1b74-8c2c-44c0-8d0f-8be17ca61482\"\n/>","sha":"0ff016363dada515fe8225c68b4a8947bb13b698","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team: SecuritySolution","Team:Security Generative AI","backport:version","v9.1.0","v8.19.0","v9.2.0"],"title":"[Attack Discovery][Scheduling] Use triple braces by default for the URL and markdown fields","number":225794,"url":"https://github.com/elastic/kibana/pull/225794","mergeCommit":{"message":"[Attack Discovery][Scheduling] Use triple braces by default for the URL and markdown fields (#225794)\n\n## Summary\n\nAccording to the [mustache\nsyntax](https://github.com/janl/mustache.js?tab=readme-ov-file#variables),\nall variables are HTML-escaped by default. If we want to render\nunescaped HTML, we should use the triple mustache: `{{{name}}}`.\n\nThere are a few attack discovery variables in the action's context that\nwe would like to render as unescaped HTML to preserve the URL and\nmarkdown structure. Those variable should be added using triple mustache\nby default from the action's \"Add variable\" menu:\n\n<img width=\"379\" alt=\"Screenshot 2025-06-30 at 11 55 08\"\nsrc=\"https://github.com/user-attachments/assets/6ca19adb-2b17-4eaf-b4f7-c94d0674c7fc\"\n/>\n\n### Variables that use triple mustache\n\n- `context.attack.detailsMarkdown`\n- `context.attack.summaryMarkdown`\n- `context.attack.entitySummaryMarkdown`\n- `context.attack.detailsUrl`\n\n### Screenshots\n\n**Using double mustache**:\n\n<img width=\"1547\" alt=\"Screenshot 2025-06-30 at 12 08 54\"\nsrc=\"https://github.com/user-attachments/assets/f1e86d0f-14fb-4041-be8b-d96cd208a5a9\"\n/>\n\n**Using triple mustache**:\n\n<img width=\"1547\" alt=\"Screenshot 2025-06-30 at 12 08 41\"\nsrc=\"https://github.com/user-attachments/assets/627a1b74-8c2c-44c0-8d0f-8be17ca61482\"\n/>","sha":"0ff016363dada515fe8225c68b4a8947bb13b698"}},"sourceBranch":"main","suggestedTargetBranches":["9.1","8.19"],"targetPullRequestStates":[{"branch":"9.1","label":"v9.1.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/225794","number":225794,"mergeCommit":{"message":"[Attack Discovery][Scheduling] Use triple braces by default for the URL and markdown fields (#225794)\n\n## Summary\n\nAccording to the [mustache\nsyntax](https://github.com/janl/mustache.js?tab=readme-ov-file#variables),\nall variables are HTML-escaped by default. If we want to render\nunescaped HTML, we should use the triple mustache: `{{{name}}}`.\n\nThere are a few attack discovery variables in the action's context that\nwe would like to render as unescaped HTML to preserve the URL and\nmarkdown structure. Those variable should be added using triple mustache\nby default from the action's \"Add variable\" menu:\n\n<img width=\"379\" alt=\"Screenshot 2025-06-30 at 11 55 08\"\nsrc=\"https://github.com/user-attachments/assets/6ca19adb-2b17-4eaf-b4f7-c94d0674c7fc\"\n/>\n\n### Variables that use triple mustache\n\n- `context.attack.detailsMarkdown`\n- `context.attack.summaryMarkdown`\n- `context.attack.entitySummaryMarkdown`\n- `context.attack.detailsUrl`\n\n### Screenshots\n\n**Using double mustache**:\n\n<img width=\"1547\" alt=\"Screenshot 2025-06-30 at 12 08 54\"\nsrc=\"https://github.com/user-attachments/assets/f1e86d0f-14fb-4041-be8b-d96cd208a5a9\"\n/>\n\n**Using triple mustache**:\n\n<img width=\"1547\" alt=\"Screenshot 2025-06-30 at 12 08 41\"\nsrc=\"https://github.com/user-attachments/assets/627a1b74-8c2c-44c0-8d0f-8be17ca61482\"\n/>","sha":"0ff016363dada515fe8225c68b4a8947bb13b698"}}]}] BACKPORT--> Co-authored-by: Ievgen Sorokopud <ievgen.sorokopud@elastic.co>
kibanamachine
added a commit
that referenced
this pull request
Jun 30, 2025
…r the URL and markdown fields (#225794) (#225836) # Backport This will backport the following commits from `main` to `8.19`: - [[Attack Discovery][Scheduling] Use triple braces by default for the URL and markdown fields (#225794)](#225794) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Ievgen Sorokopud","email":"ievgen.sorokopud@elastic.co"},"sourceCommit":{"committedDate":"2025-06-30T12:37:10Z","message":"[Attack Discovery][Scheduling] Use triple braces by default for the URL and markdown fields (#225794)\n\n## Summary\n\nAccording to the [mustache\nsyntax](https://github.com/janl/mustache.js?tab=readme-ov-file#variables),\nall variables are HTML-escaped by default. If we want to render\nunescaped HTML, we should use the triple mustache: `{{{name}}}`.\n\nThere are a few attack discovery variables in the action's context that\nwe would like to render as unescaped HTML to preserve the URL and\nmarkdown structure. Those variable should be added using triple mustache\nby default from the action's \"Add variable\" menu:\n\n<img width=\"379\" alt=\"Screenshot 2025-06-30 at 11 55 08\"\nsrc=\"https://github.com/user-attachments/assets/6ca19adb-2b17-4eaf-b4f7-c94d0674c7fc\"\n/>\n\n### Variables that use triple mustache\n\n- `context.attack.detailsMarkdown`\n- `context.attack.summaryMarkdown`\n- `context.attack.entitySummaryMarkdown`\n- `context.attack.detailsUrl`\n\n### Screenshots\n\n**Using double mustache**:\n\n<img width=\"1547\" alt=\"Screenshot 2025-06-30 at 12 08 54\"\nsrc=\"https://github.com/user-attachments/assets/f1e86d0f-14fb-4041-be8b-d96cd208a5a9\"\n/>\n\n**Using triple mustache**:\n\n<img width=\"1547\" alt=\"Screenshot 2025-06-30 at 12 08 41\"\nsrc=\"https://github.com/user-attachments/assets/627a1b74-8c2c-44c0-8d0f-8be17ca61482\"\n/>","sha":"0ff016363dada515fe8225c68b4a8947bb13b698","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team: SecuritySolution","Team:Security Generative AI","backport:version","v9.1.0","v8.19.0","v9.2.0"],"title":"[Attack Discovery][Scheduling] Use triple braces by default for the URL and markdown fields","number":225794,"url":"https://github.com/elastic/kibana/pull/225794","mergeCommit":{"message":"[Attack Discovery][Scheduling] Use triple braces by default for the URL and markdown fields (#225794)\n\n## Summary\n\nAccording to the [mustache\nsyntax](https://github.com/janl/mustache.js?tab=readme-ov-file#variables),\nall variables are HTML-escaped by default. If we want to render\nunescaped HTML, we should use the triple mustache: `{{{name}}}`.\n\nThere are a few attack discovery variables in the action's context that\nwe would like to render as unescaped HTML to preserve the URL and\nmarkdown structure. Those variable should be added using triple mustache\nby default from the action's \"Add variable\" menu:\n\n<img width=\"379\" alt=\"Screenshot 2025-06-30 at 11 55 08\"\nsrc=\"https://github.com/user-attachments/assets/6ca19adb-2b17-4eaf-b4f7-c94d0674c7fc\"\n/>\n\n### Variables that use triple mustache\n\n- `context.attack.detailsMarkdown`\n- `context.attack.summaryMarkdown`\n- `context.attack.entitySummaryMarkdown`\n- `context.attack.detailsUrl`\n\n### Screenshots\n\n**Using double mustache**:\n\n<img width=\"1547\" alt=\"Screenshot 2025-06-30 at 12 08 54\"\nsrc=\"https://github.com/user-attachments/assets/f1e86d0f-14fb-4041-be8b-d96cd208a5a9\"\n/>\n\n**Using triple mustache**:\n\n<img width=\"1547\" alt=\"Screenshot 2025-06-30 at 12 08 41\"\nsrc=\"https://github.com/user-attachments/assets/627a1b74-8c2c-44c0-8d0f-8be17ca61482\"\n/>","sha":"0ff016363dada515fe8225c68b4a8947bb13b698"}},"sourceBranch":"main","suggestedTargetBranches":["9.1","8.19"],"targetPullRequestStates":[{"branch":"9.1","label":"v9.1.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/225794","number":225794,"mergeCommit":{"message":"[Attack Discovery][Scheduling] Use triple braces by default for the URL and markdown fields (#225794)\n\n## Summary\n\nAccording to the [mustache\nsyntax](https://github.com/janl/mustache.js?tab=readme-ov-file#variables),\nall variables are HTML-escaped by default. If we want to render\nunescaped HTML, we should use the triple mustache: `{{{name}}}`.\n\nThere are a few attack discovery variables in the action's context that\nwe would like to render as unescaped HTML to preserve the URL and\nmarkdown structure. Those variable should be added using triple mustache\nby default from the action's \"Add variable\" menu:\n\n<img width=\"379\" alt=\"Screenshot 2025-06-30 at 11 55 08\"\nsrc=\"https://github.com/user-attachments/assets/6ca19adb-2b17-4eaf-b4f7-c94d0674c7fc\"\n/>\n\n### Variables that use triple mustache\n\n- `context.attack.detailsMarkdown`\n- `context.attack.summaryMarkdown`\n- `context.attack.entitySummaryMarkdown`\n- `context.attack.detailsUrl`\n\n### Screenshots\n\n**Using double mustache**:\n\n<img width=\"1547\" alt=\"Screenshot 2025-06-30 at 12 08 54\"\nsrc=\"https://github.com/user-attachments/assets/f1e86d0f-14fb-4041-be8b-d96cd208a5a9\"\n/>\n\n**Using triple mustache**:\n\n<img width=\"1547\" alt=\"Screenshot 2025-06-30 at 12 08 41\"\nsrc=\"https://github.com/user-attachments/assets/627a1b74-8c2c-44c0-8d0f-8be17ca61482\"\n/>","sha":"0ff016363dada515fe8225c68b4a8947bb13b698"}}]}] BACKPORT--> Co-authored-by: Ievgen Sorokopud <ievgen.sorokopud@elastic.co>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
According to the mustache syntax, all variables are HTML-escaped by default. If we want to render unescaped HTML, we should use the triple mustache:
{{{name}}}.There are a few attack discovery variables in the action's context that we would like to render as unescaped HTML to preserve the URL and markdown structure. Those variable should be added using triple mustache by default from the action's "Add variable" menu:
Variables that use triple mustache
context.attack.detailsMarkdowncontext.attack.summaryMarkdowncontext.attack.entitySummaryMarkdowncontext.attack.detailsUrlScreenshots
Using double mustache:
Using triple mustache: