[Security Solution] Fix context.results_link passed from detection rules to rule actions#236067
Merged
banderror merged 1 commit intoelastic:mainfrom Sep 26, 2025
Merged
Conversation
banderror
added
bug
3 tasks
banderror
force-pushed
the
fix-results_link-for-detection-rules
branch
2 times, most recently
from
f6525ae to
faf9cd3
Compare
Contributor
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
Contributor
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Contributor
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
Contributor
|
Pinging @elastic/security-detection-engine (Team:Detection Engine) |
banderror
force-pushed
the
fix-results_link-for-detection-rules
branch
from
faf9cd3 to
26882ba
Compare
nkhristinin
approved these changes
Sep 25, 2025
banderror
force-pushed
the
fix-results_link-for-detection-rules
branch
from
26882ba to
cc5434e
Compare
banderror
force-pushed
the
fix-results_link-for-detection-rules
branch
from
cc5434e to
ff1b74c
Compare
Contributor
|
Starting backport for target branches: 8.18, 8.19, 9.0, 9.1 https://github.com/elastic/kibana/actions/runs/18026969592 |
Contributor
💚 Build Succeeded
Metrics [docs]
History
cc @banderror |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Sep 26, 2025
…rules to rule actions (elastic#236067) **Partially addresses:** elastic#232557 ## Summary This PR fixes the value of the `results_link` variable we pass at the end of a detection rule execution to its rule actions via the `context` object. This variable then can be used from actions via `{{context.results_link}}` template placeholder. We used to construct the `results_link` like this: `<base-url>/app/security/detections/rules/id/<rule-id>?timerange=<...>`. Which used to be the correct URL to the Rule Details page. However, the URL structure of detections pages had been changed a long time ago, and now we have this: `<base-url>/app/security/detections/rules/id/<rule-id>`. We had URL redirects from `/app/security/detections/rules/id/<rule-id>` to `/app/security/detections/rules/id/<rule-id>`, but they were broken by elastic#217890. Some of them have been fixed since then, so now the redirects work as expected in some versions of Kibana, and in some of them they are still broken. See elastic#232557 (comment) for details. This PR adjusts the `results_link` according to the up to date URL structure. ## Release Notes Fixes the URL passed to detection rule actions via the `{{context.results_link}}` placeholder. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - No need for that as the only affected tests are unit tests - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. (cherry picked from commit bb6c8c1)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Sep 26, 2025
…rules to rule actions (elastic#236067) **Partially addresses:** elastic#232557 ## Summary This PR fixes the value of the `results_link` variable we pass at the end of a detection rule execution to its rule actions via the `context` object. This variable then can be used from actions via `{{context.results_link}}` template placeholder. We used to construct the `results_link` like this: `<base-url>/app/security/detections/rules/id/<rule-id>?timerange=<...>`. Which used to be the correct URL to the Rule Details page. However, the URL structure of detections pages had been changed a long time ago, and now we have this: `<base-url>/app/security/detections/rules/id/<rule-id>`. We had URL redirects from `/app/security/detections/rules/id/<rule-id>` to `/app/security/detections/rules/id/<rule-id>`, but they were broken by elastic#217890. Some of them have been fixed since then, so now the redirects work as expected in some versions of Kibana, and in some of them they are still broken. See elastic#232557 (comment) for details. This PR adjusts the `results_link` according to the up to date URL structure. ## Release Notes Fixes the URL passed to detection rule actions via the `{{context.results_link}}` placeholder. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - No need for that as the only affected tests are unit tests - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. (cherry picked from commit bb6c8c1)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Sep 26, 2025
…rules to rule actions (elastic#236067) **Partially addresses:** elastic#232557 ## Summary This PR fixes the value of the `results_link` variable we pass at the end of a detection rule execution to its rule actions via the `context` object. This variable then can be used from actions via `{{context.results_link}}` template placeholder. We used to construct the `results_link` like this: `<base-url>/app/security/detections/rules/id/<rule-id>?timerange=<...>`. Which used to be the correct URL to the Rule Details page. However, the URL structure of detections pages had been changed a long time ago, and now we have this: `<base-url>/app/security/detections/rules/id/<rule-id>`. We had URL redirects from `/app/security/detections/rules/id/<rule-id>` to `/app/security/detections/rules/id/<rule-id>`, but they were broken by elastic#217890. Some of them have been fixed since then, so now the redirects work as expected in some versions of Kibana, and in some of them they are still broken. See elastic#232557 (comment) for details. This PR adjusts the `results_link` according to the up to date URL structure. ## Release Notes Fixes the URL passed to detection rule actions via the `{{context.results_link}}` placeholder. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - No need for that as the only affected tests are unit tests - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. (cherry picked from commit bb6c8c1)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Sep 26, 2025
…rules to rule actions (elastic#236067) **Partially addresses:** elastic#232557 ## Summary This PR fixes the value of the `results_link` variable we pass at the end of a detection rule execution to its rule actions via the `context` object. This variable then can be used from actions via `{{context.results_link}}` template placeholder. We used to construct the `results_link` like this: `<base-url>/app/security/detections/rules/id/<rule-id>?timerange=<...>`. Which used to be the correct URL to the Rule Details page. However, the URL structure of detections pages had been changed a long time ago, and now we have this: `<base-url>/app/security/detections/rules/id/<rule-id>`. We had URL redirects from `/app/security/detections/rules/id/<rule-id>` to `/app/security/detections/rules/id/<rule-id>`, but they were broken by elastic#217890. Some of them have been fixed since then, so now the redirects work as expected in some versions of Kibana, and in some of them they are still broken. See elastic#232557 (comment) for details. This PR adjusts the `results_link` according to the up to date URL structure. ## Release Notes Fixes the URL passed to detection rule actions via the `{{context.results_link}}` placeholder. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - No need for that as the only affected tests are unit tests - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. (cherry picked from commit bb6c8c1)
Contributor
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Sep 26, 2025
…ction rules to rule actions (#236067) (#236533) # Backport This will backport the following commits from `main` to `9.1`: - [[Security Solution] Fix `context.results_link` passed from detection rules to rule actions (#236067)](#236067) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Georgii Gorbachev","email":"georgii.gorbachev@elastic.co"},"sourceCommit":{"committedDate":"2025-09-26T03:25:22Z","message":"[Security Solution] Fix `context.results_link` passed from detection rules to rule actions (#236067)\n\n**Partially addresses:** https://github.com/elastic/kibana/issues/232557\n\n## Summary\n\nThis PR fixes the value of the `results_link` variable we pass at the\nend of a detection rule execution to its rule actions via the `context`\nobject. This variable then can be used from actions via\n`{{context.results_link}}` template placeholder.\n\nWe used to construct the `results_link` like this:\n`<base-url>/app/security/detections/rules/id/<rule-id>?timerange=<...>`.\nWhich used to be the correct URL to the Rule Details page.\n\nHowever, the URL structure of detections pages had been changed a long\ntime ago, and now we have this:\n`<base-url>/app/security/detections/rules/id/<rule-id>`. We had URL\nredirects from `/app/security/detections/rules/id/<rule-id>` to\n`/app/security/detections/rules/id/<rule-id>`, but they were broken by\nhttps://github.com//pull/217890. Some of them have been\nfixed since then, so now the redirects work as expected in some versions\nof Kibana, and in some of them they are still broken. See\nhttps://github.com//issues/232557#issuecomment-3320470840\nfor details.\n\nThis PR adjusts the `results_link` according to the up to date URL\nstructure.\n\n## Release Notes\n\nFixes the URL passed to detection rule actions via the\n`{{context.results_link}}` placeholder.\n\n### Checklist\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n - No need for that as the only affected tests are unit tests\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.","sha":"bb6c8c10f82a71439dad4ba6ce59b41698e021f6","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","Team:Detections and Resp","Team: SecuritySolution","Feature:Rule Actions","Team:Detection Rule Management","sdh-linked","Feature:Rule Details","Team:Detection Engine","backport:version","v9.2.0","v8.18.8","v8.19.5","v9.0.8","v9.1.5"],"title":"[Security Solution] Fix `context.results_link` passed from detection rules to rule actions","number":236067,"url":"https://github.com/elastic/kibana/pull/236067","mergeCommit":{"message":"[Security Solution] Fix `context.results_link` passed from detection rules to rule actions (#236067)\n\n**Partially addresses:** https://github.com/elastic/kibana/issues/232557\n\n## Summary\n\nThis PR fixes the value of the `results_link` variable we pass at the\nend of a detection rule execution to its rule actions via the `context`\nobject. This variable then can be used from actions via\n`{{context.results_link}}` template placeholder.\n\nWe used to construct the `results_link` like this:\n`<base-url>/app/security/detections/rules/id/<rule-id>?timerange=<...>`.\nWhich used to be the correct URL to the Rule Details page.\n\nHowever, the URL structure of detections pages had been changed a long\ntime ago, and now we have this:\n`<base-url>/app/security/detections/rules/id/<rule-id>`. We had URL\nredirects from `/app/security/detections/rules/id/<rule-id>` to\n`/app/security/detections/rules/id/<rule-id>`, but they were broken by\nhttps://github.com//pull/217890. Some of them have been\nfixed since then, so now the redirects work as expected in some versions\nof Kibana, and in some of them they are still broken. See\nhttps://github.com//issues/232557#issuecomment-3320470840\nfor details.\n\nThis PR adjusts the `results_link` according to the up to date URL\nstructure.\n\n## Release Notes\n\nFixes the URL passed to detection rule actions via the\n`{{context.results_link}}` placeholder.\n\n### Checklist\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n - No need for that as the only affected tests are unit tests\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.","sha":"bb6c8c10f82a71439dad4ba6ce59b41698e021f6"}},"sourceBranch":"main","suggestedTargetBranches":["8.18","8.19","9.0","9.1"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/236067","number":236067,"mergeCommit":{"message":"[Security Solution] Fix `context.results_link` passed from detection rules to rule actions (#236067)\n\n**Partially addresses:** https://github.com/elastic/kibana/issues/232557\n\n## Summary\n\nThis PR fixes the value of the `results_link` variable we pass at the\nend of a detection rule execution to its rule actions via the `context`\nobject. This variable then can be used from actions via\n`{{context.results_link}}` template placeholder.\n\nWe used to construct the `results_link` like this:\n`<base-url>/app/security/detections/rules/id/<rule-id>?timerange=<...>`.\nWhich used to be the correct URL to the Rule Details page.\n\nHowever, the URL structure of detections pages had been changed a long\ntime ago, and now we have this:\n`<base-url>/app/security/detections/rules/id/<rule-id>`. We had URL\nredirects from `/app/security/detections/rules/id/<rule-id>` to\n`/app/security/detections/rules/id/<rule-id>`, but they were broken by\nhttps://github.com//pull/217890. Some of them have been\nfixed since then, so now the redirects work as expected in some versions\nof Kibana, and in some of them they are still broken. See\nhttps://github.com//issues/232557#issuecomment-3320470840\nfor details.\n\nThis PR adjusts the `results_link` according to the up to date URL\nstructure.\n\n## Release Notes\n\nFixes the URL passed to detection rule actions via the\n`{{context.results_link}}` placeholder.\n\n### Checklist\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n - No need for that as the only affected tests are unit tests\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.","sha":"bb6c8c10f82a71439dad4ba6ce59b41698e021f6"}},{"branch":"8.18","label":"v8.18.8","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.5","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.0","label":"v9.0.8","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.1","label":"v9.1.5","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Georgii Gorbachev <georgii.gorbachev@elastic.co>
kibanamachine
added a commit
that referenced
this pull request
Sep 26, 2025
…ection rules to rule actions (#236067) (#236530) # Backport This will backport the following commits from `main` to `8.18`: - [[Security Solution] Fix `context.results_link` passed from detection rules to rule actions (#236067)](#236067) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Georgii Gorbachev","email":"georgii.gorbachev@elastic.co"},"sourceCommit":{"committedDate":"2025-09-26T03:25:22Z","message":"[Security Solution] Fix `context.results_link` passed from detection rules to rule actions (#236067)\n\n**Partially addresses:** https://github.com/elastic/kibana/issues/232557\n\n## Summary\n\nThis PR fixes the value of the `results_link` variable we pass at the\nend of a detection rule execution to its rule actions via the `context`\nobject. This variable then can be used from actions via\n`{{context.results_link}}` template placeholder.\n\nWe used to construct the `results_link` like this:\n`<base-url>/app/security/detections/rules/id/<rule-id>?timerange=<...>`.\nWhich used to be the correct URL to the Rule Details page.\n\nHowever, the URL structure of detections pages had been changed a long\ntime ago, and now we have this:\n`<base-url>/app/security/detections/rules/id/<rule-id>`. We had URL\nredirects from `/app/security/detections/rules/id/<rule-id>` to\n`/app/security/detections/rules/id/<rule-id>`, but they were broken by\nhttps://github.com//pull/217890. Some of them have been\nfixed since then, so now the redirects work as expected in some versions\nof Kibana, and in some of them they are still broken. See\nhttps://github.com//issues/232557#issuecomment-3320470840\nfor details.\n\nThis PR adjusts the `results_link` according to the up to date URL\nstructure.\n\n## Release Notes\n\nFixes the URL passed to detection rule actions via the\n`{{context.results_link}}` placeholder.\n\n### Checklist\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n - No need for that as the only affected tests are unit tests\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.","sha":"bb6c8c10f82a71439dad4ba6ce59b41698e021f6","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","Team:Detections and Resp","Team: SecuritySolution","Feature:Rule Actions","Team:Detection Rule Management","sdh-linked","Feature:Rule Details","Team:Detection Engine","backport:version","v9.2.0","v8.18.8","v8.19.5","v9.0.8","v9.1.5"],"title":"[Security Solution] Fix `context.results_link` passed from detection rules to rule actions","number":236067,"url":"https://github.com/elastic/kibana/pull/236067","mergeCommit":{"message":"[Security Solution] Fix `context.results_link` passed from detection rules to rule actions (#236067)\n\n**Partially addresses:** https://github.com/elastic/kibana/issues/232557\n\n## Summary\n\nThis PR fixes the value of the `results_link` variable we pass at the\nend of a detection rule execution to its rule actions via the `context`\nobject. This variable then can be used from actions via\n`{{context.results_link}}` template placeholder.\n\nWe used to construct the `results_link` like this:\n`<base-url>/app/security/detections/rules/id/<rule-id>?timerange=<...>`.\nWhich used to be the correct URL to the Rule Details page.\n\nHowever, the URL structure of detections pages had been changed a long\ntime ago, and now we have this:\n`<base-url>/app/security/detections/rules/id/<rule-id>`. We had URL\nredirects from `/app/security/detections/rules/id/<rule-id>` to\n`/app/security/detections/rules/id/<rule-id>`, but they were broken by\nhttps://github.com//pull/217890. Some of them have been\nfixed since then, so now the redirects work as expected in some versions\nof Kibana, and in some of them they are still broken. See\nhttps://github.com//issues/232557#issuecomment-3320470840\nfor details.\n\nThis PR adjusts the `results_link` according to the up to date URL\nstructure.\n\n## Release Notes\n\nFixes the URL passed to detection rule actions via the\n`{{context.results_link}}` placeholder.\n\n### Checklist\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n - No need for that as the only affected tests are unit tests\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.","sha":"bb6c8c10f82a71439dad4ba6ce59b41698e021f6"}},"sourceBranch":"main","suggestedTargetBranches":["8.18","8.19","9.0","9.1"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/236067","number":236067,"mergeCommit":{"message":"[Security Solution] Fix `context.results_link` passed from detection rules to rule actions (#236067)\n\n**Partially addresses:** https://github.com/elastic/kibana/issues/232557\n\n## Summary\n\nThis PR fixes the value of the `results_link` variable we pass at the\nend of a detection rule execution to its rule actions via the `context`\nobject. This variable then can be used from actions via\n`{{context.results_link}}` template placeholder.\n\nWe used to construct the `results_link` like this:\n`<base-url>/app/security/detections/rules/id/<rule-id>?timerange=<...>`.\nWhich used to be the correct URL to the Rule Details page.\n\nHowever, the URL structure of detections pages had been changed a long\ntime ago, and now we have this:\n`<base-url>/app/security/detections/rules/id/<rule-id>`. We had URL\nredirects from `/app/security/detections/rules/id/<rule-id>` to\n`/app/security/detections/rules/id/<rule-id>`, but they were broken by\nhttps://github.com//pull/217890. Some of them have been\nfixed since then, so now the redirects work as expected in some versions\nof Kibana, and in some of them they are still broken. See\nhttps://github.com//issues/232557#issuecomment-3320470840\nfor details.\n\nThis PR adjusts the `results_link` according to the up to date URL\nstructure.\n\n## Release Notes\n\nFixes the URL passed to detection rule actions via the\n`{{context.results_link}}` placeholder.\n\n### Checklist\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n - No need for that as the only affected tests are unit tests\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.","sha":"bb6c8c10f82a71439dad4ba6ce59b41698e021f6"}},{"branch":"8.18","label":"v8.18.8","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.5","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.0","label":"v9.0.8","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.1","label":"v9.1.5","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Georgii Gorbachev <georgii.gorbachev@elastic.co>
kibanamachine
added a commit
that referenced
this pull request
Sep 26, 2025
…ection rules to rule actions (#236067) (#236531) # Backport This will backport the following commits from `main` to `8.19`: - [[Security Solution] Fix `context.results_link` passed from detection rules to rule actions (#236067)](#236067) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Georgii Gorbachev","email":"georgii.gorbachev@elastic.co"},"sourceCommit":{"committedDate":"2025-09-26T03:25:22Z","message":"[Security Solution] Fix `context.results_link` passed from detection rules to rule actions (#236067)\n\n**Partially addresses:** https://github.com/elastic/kibana/issues/232557\n\n## Summary\n\nThis PR fixes the value of the `results_link` variable we pass at the\nend of a detection rule execution to its rule actions via the `context`\nobject. This variable then can be used from actions via\n`{{context.results_link}}` template placeholder.\n\nWe used to construct the `results_link` like this:\n`<base-url>/app/security/detections/rules/id/<rule-id>?timerange=<...>`.\nWhich used to be the correct URL to the Rule Details page.\n\nHowever, the URL structure of detections pages had been changed a long\ntime ago, and now we have this:\n`<base-url>/app/security/detections/rules/id/<rule-id>`. We had URL\nredirects from `/app/security/detections/rules/id/<rule-id>` to\n`/app/security/detections/rules/id/<rule-id>`, but they were broken by\nhttps://github.com//pull/217890. Some of them have been\nfixed since then, so now the redirects work as expected in some versions\nof Kibana, and in some of them they are still broken. See\nhttps://github.com//issues/232557#issuecomment-3320470840\nfor details.\n\nThis PR adjusts the `results_link` according to the up to date URL\nstructure.\n\n## Release Notes\n\nFixes the URL passed to detection rule actions via the\n`{{context.results_link}}` placeholder.\n\n### Checklist\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n - No need for that as the only affected tests are unit tests\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.","sha":"bb6c8c10f82a71439dad4ba6ce59b41698e021f6","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","Team:Detections and Resp","Team: SecuritySolution","Feature:Rule Actions","Team:Detection Rule Management","sdh-linked","Feature:Rule Details","Team:Detection Engine","backport:version","v9.2.0","v8.18.8","v8.19.5","v9.0.8","v9.1.5"],"title":"[Security Solution] Fix `context.results_link` passed from detection rules to rule actions","number":236067,"url":"https://github.com/elastic/kibana/pull/236067","mergeCommit":{"message":"[Security Solution] Fix `context.results_link` passed from detection rules to rule actions (#236067)\n\n**Partially addresses:** https://github.com/elastic/kibana/issues/232557\n\n## Summary\n\nThis PR fixes the value of the `results_link` variable we pass at the\nend of a detection rule execution to its rule actions via the `context`\nobject. This variable then can be used from actions via\n`{{context.results_link}}` template placeholder.\n\nWe used to construct the `results_link` like this:\n`<base-url>/app/security/detections/rules/id/<rule-id>?timerange=<...>`.\nWhich used to be the correct URL to the Rule Details page.\n\nHowever, the URL structure of detections pages had been changed a long\ntime ago, and now we have this:\n`<base-url>/app/security/detections/rules/id/<rule-id>`. We had URL\nredirects from `/app/security/detections/rules/id/<rule-id>` to\n`/app/security/detections/rules/id/<rule-id>`, but they were broken by\nhttps://github.com//pull/217890. Some of them have been\nfixed since then, so now the redirects work as expected in some versions\nof Kibana, and in some of them they are still broken. See\nhttps://github.com//issues/232557#issuecomment-3320470840\nfor details.\n\nThis PR adjusts the `results_link` according to the up to date URL\nstructure.\n\n## Release Notes\n\nFixes the URL passed to detection rule actions via the\n`{{context.results_link}}` placeholder.\n\n### Checklist\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n - No need for that as the only affected tests are unit tests\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.","sha":"bb6c8c10f82a71439dad4ba6ce59b41698e021f6"}},"sourceBranch":"main","suggestedTargetBranches":["8.18","8.19","9.0","9.1"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/236067","number":236067,"mergeCommit":{"message":"[Security Solution] Fix `context.results_link` passed from detection rules to rule actions (#236067)\n\n**Partially addresses:** https://github.com/elastic/kibana/issues/232557\n\n## Summary\n\nThis PR fixes the value of the `results_link` variable we pass at the\nend of a detection rule execution to its rule actions via the `context`\nobject. This variable then can be used from actions via\n`{{context.results_link}}` template placeholder.\n\nWe used to construct the `results_link` like this:\n`<base-url>/app/security/detections/rules/id/<rule-id>?timerange=<...>`.\nWhich used to be the correct URL to the Rule Details page.\n\nHowever, the URL structure of detections pages had been changed a long\ntime ago, and now we have this:\n`<base-url>/app/security/detections/rules/id/<rule-id>`. We had URL\nredirects from `/app/security/detections/rules/id/<rule-id>` to\n`/app/security/detections/rules/id/<rule-id>`, but they were broken by\nhttps://github.com//pull/217890. Some of them have been\nfixed since then, so now the redirects work as expected in some versions\nof Kibana, and in some of them they are still broken. See\nhttps://github.com//issues/232557#issuecomment-3320470840\nfor details.\n\nThis PR adjusts the `results_link` according to the up to date URL\nstructure.\n\n## Release Notes\n\nFixes the URL passed to detection rule actions via the\n`{{context.results_link}}` placeholder.\n\n### Checklist\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n - No need for that as the only affected tests are unit tests\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.","sha":"bb6c8c10f82a71439dad4ba6ce59b41698e021f6"}},{"branch":"8.18","label":"v8.18.8","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.5","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.0","label":"v9.0.8","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.1","label":"v9.1.5","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Georgii Gorbachev <georgii.gorbachev@elastic.co>
VladimirFilonov
pushed a commit
to VladimirFilonov/kibana
that referenced
this pull request
Sep 26, 2025
…rules to rule actions (elastic#236067) **Partially addresses:** elastic#232557 ## Summary This PR fixes the value of the `results_link` variable we pass at the end of a detection rule execution to its rule actions via the `context` object. This variable then can be used from actions via `{{context.results_link}}` template placeholder. We used to construct the `results_link` like this: `<base-url>/app/security/detections/rules/id/<rule-id>?timerange=<...>`. Which used to be the correct URL to the Rule Details page. However, the URL structure of detections pages had been changed a long time ago, and now we have this: `<base-url>/app/security/detections/rules/id/<rule-id>`. We had URL redirects from `/app/security/detections/rules/id/<rule-id>` to `/app/security/detections/rules/id/<rule-id>`, but they were broken by elastic#217890. Some of them have been fixed since then, so now the redirects work as expected in some versions of Kibana, and in some of them they are still broken. See elastic#232557 (comment) for details. This PR adjusts the `results_link` according to the up to date URL structure. ## Release Notes Fixes the URL passed to detection rule actions via the `{{context.results_link}}` placeholder. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - No need for that as the only affected tests are unit tests - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels.
kibanamachine
added a commit
that referenced
this pull request
Sep 26, 2025
…ction rules to rule actions (#236067) (#236532) # Backport This will backport the following commits from `main` to `9.0`: - [[Security Solution] Fix `context.results_link` passed from detection rules to rule actions (#236067)](#236067) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Georgii Gorbachev","email":"georgii.gorbachev@elastic.co"},"sourceCommit":{"committedDate":"2025-09-26T03:25:22Z","message":"[Security Solution] Fix `context.results_link` passed from detection rules to rule actions (#236067)\n\n**Partially addresses:** https://github.com/elastic/kibana/issues/232557\n\n## Summary\n\nThis PR fixes the value of the `results_link` variable we pass at the\nend of a detection rule execution to its rule actions via the `context`\nobject. This variable then can be used from actions via\n`{{context.results_link}}` template placeholder.\n\nWe used to construct the `results_link` like this:\n`<base-url>/app/security/detections/rules/id/<rule-id>?timerange=<...>`.\nWhich used to be the correct URL to the Rule Details page.\n\nHowever, the URL structure of detections pages had been changed a long\ntime ago, and now we have this:\n`<base-url>/app/security/detections/rules/id/<rule-id>`. We had URL\nredirects from `/app/security/detections/rules/id/<rule-id>` to\n`/app/security/detections/rules/id/<rule-id>`, but they were broken by\nhttps://github.com//pull/217890. Some of them have been\nfixed since then, so now the redirects work as expected in some versions\nof Kibana, and in some of them they are still broken. See\nhttps://github.com//issues/232557#issuecomment-3320470840\nfor details.\n\nThis PR adjusts the `results_link` according to the up to date URL\nstructure.\n\n## Release Notes\n\nFixes the URL passed to detection rule actions via the\n`{{context.results_link}}` placeholder.\n\n### Checklist\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n - No need for that as the only affected tests are unit tests\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.","sha":"bb6c8c10f82a71439dad4ba6ce59b41698e021f6","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","Team:Detections and Resp","Team: SecuritySolution","Feature:Rule Actions","Team:Detection Rule Management","sdh-linked","Feature:Rule Details","Team:Detection Engine","backport:version","v9.2.0","v8.18.8","v8.19.5","v9.0.8","v9.1.5"],"title":"[Security Solution] Fix `context.results_link` passed from detection rules to rule actions","number":236067,"url":"https://github.com/elastic/kibana/pull/236067","mergeCommit":{"message":"[Security Solution] Fix `context.results_link` passed from detection rules to rule actions (#236067)\n\n**Partially addresses:** https://github.com/elastic/kibana/issues/232557\n\n## Summary\n\nThis PR fixes the value of the `results_link` variable we pass at the\nend of a detection rule execution to its rule actions via the `context`\nobject. This variable then can be used from actions via\n`{{context.results_link}}` template placeholder.\n\nWe used to construct the `results_link` like this:\n`<base-url>/app/security/detections/rules/id/<rule-id>?timerange=<...>`.\nWhich used to be the correct URL to the Rule Details page.\n\nHowever, the URL structure of detections pages had been changed a long\ntime ago, and now we have this:\n`<base-url>/app/security/detections/rules/id/<rule-id>`. We had URL\nredirects from `/app/security/detections/rules/id/<rule-id>` to\n`/app/security/detections/rules/id/<rule-id>`, but they were broken by\nhttps://github.com//pull/217890. Some of them have been\nfixed since then, so now the redirects work as expected in some versions\nof Kibana, and in some of them they are still broken. See\nhttps://github.com//issues/232557#issuecomment-3320470840\nfor details.\n\nThis PR adjusts the `results_link` according to the up to date URL\nstructure.\n\n## Release Notes\n\nFixes the URL passed to detection rule actions via the\n`{{context.results_link}}` placeholder.\n\n### Checklist\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n - No need for that as the only affected tests are unit tests\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.","sha":"bb6c8c10f82a71439dad4ba6ce59b41698e021f6"}},"sourceBranch":"main","suggestedTargetBranches":["8.18","8.19","9.0","9.1"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/236067","number":236067,"mergeCommit":{"message":"[Security Solution] Fix `context.results_link` passed from detection rules to rule actions (#236067)\n\n**Partially addresses:** https://github.com/elastic/kibana/issues/232557\n\n## Summary\n\nThis PR fixes the value of the `results_link` variable we pass at the\nend of a detection rule execution to its rule actions via the `context`\nobject. This variable then can be used from actions via\n`{{context.results_link}}` template placeholder.\n\nWe used to construct the `results_link` like this:\n`<base-url>/app/security/detections/rules/id/<rule-id>?timerange=<...>`.\nWhich used to be the correct URL to the Rule Details page.\n\nHowever, the URL structure of detections pages had been changed a long\ntime ago, and now we have this:\n`<base-url>/app/security/detections/rules/id/<rule-id>`. We had URL\nredirects from `/app/security/detections/rules/id/<rule-id>` to\n`/app/security/detections/rules/id/<rule-id>`, but they were broken by\nhttps://github.com//pull/217890. Some of them have been\nfixed since then, so now the redirects work as expected in some versions\nof Kibana, and in some of them they are still broken. See\nhttps://github.com//issues/232557#issuecomment-3320470840\nfor details.\n\nThis PR adjusts the `results_link` according to the up to date URL\nstructure.\n\n## Release Notes\n\nFixes the URL passed to detection rule actions via the\n`{{context.results_link}}` placeholder.\n\n### Checklist\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n - No need for that as the only affected tests are unit tests\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [x] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.","sha":"bb6c8c10f82a71439dad4ba6ce59b41698e021f6"}},{"branch":"8.18","label":"v8.18.8","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.5","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.0","label":"v9.0.8","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.1","label":"v9.1.5","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Georgii Gorbachev <georgii.gorbachev@elastic.co>
niros1
pushed a commit
that referenced
this pull request
Sep 30, 2025
…rules to rule actions (#236067) **Partially addresses:** #232557 ## Summary This PR fixes the value of the `results_link` variable we pass at the end of a detection rule execution to its rule actions via the `context` object. This variable then can be used from actions via `{{context.results_link}}` template placeholder. We used to construct the `results_link` like this: `<base-url>/app/security/detections/rules/id/<rule-id>?timerange=<...>`. Which used to be the correct URL to the Rule Details page. However, the URL structure of detections pages had been changed a long time ago, and now we have this: `<base-url>/app/security/detections/rules/id/<rule-id>`. We had URL redirects from `/app/security/detections/rules/id/<rule-id>` to `/app/security/detections/rules/id/<rule-id>`, but they were broken by #217890. Some of them have been fixed since then, so now the redirects work as expected in some versions of Kibana, and in some of them they are still broken. See #232557 (comment) for details. This PR adjusts the `results_link` according to the up to date URL structure. ## Release Notes Fixes the URL passed to detection rule actions via the `{{context.results_link}}` placeholder. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - No need for that as the only affected tests are unit tests - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels.
rylnd
pushed a commit
to rylnd/kibana
that referenced
this pull request
Oct 17, 2025
…rules to rule actions (elastic#236067) **Partially addresses:** elastic#232557 ## Summary This PR fixes the value of the `results_link` variable we pass at the end of a detection rule execution to its rule actions via the `context` object. This variable then can be used from actions via `{{context.results_link}}` template placeholder. We used to construct the `results_link` like this: `<base-url>/app/security/detections/rules/id/<rule-id>?timerange=<...>`. Which used to be the correct URL to the Rule Details page. However, the URL structure of detections pages had been changed a long time ago, and now we have this: `<base-url>/app/security/detections/rules/id/<rule-id>`. We had URL redirects from `/app/security/detections/rules/id/<rule-id>` to `/app/security/detections/rules/id/<rule-id>`, but they were broken by elastic#217890. Some of them have been fixed since then, so now the redirects work as expected in some versions of Kibana, and in some of them they are still broken. See elastic#232557 (comment) for details. This PR adjusts the `results_link` according to the up to date URL structure. ## Release Notes Fixes the URL passed to detection rule actions via the `{{context.results_link}}` placeholder. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - No need for that as the only affected tests are unit tests - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Partially addresses: #232557
Summary
This PR fixes the value of the
results_linkvariable we pass at the end of a detection rule execution to its rule actions via thecontextobject. This variable then can be used from actions via{{context.results_link}}template placeholder.We used to construct the
results_linklike this:<base-url>/app/security/detections/rules/id/<rule-id>?timerange=<...>. Which used to be the correct URL to the Rule Details page.However, the URL structure of detections pages had been changed a long time ago, and now we have this:
<base-url>/app/security/detections/rules/id/<rule-id>. We had URL redirects from/app/security/detections/rules/id/<rule-id>to/app/security/detections/rules/id/<rule-id>, but they were broken by #217890. Some of them have been fixed since then, so now the redirects work as expected in some versions of Kibana, and in some of them they are still broken. See #232557 (comment) for details.This PR adjusts the
results_linkaccording to the up to date URL structure.Release Notes
Fixes the URL passed to detection rule actions via the
{{context.results_link}}placeholder.Checklist
release_note:*label is applied per the guidelinesbackport:*labels.