[9.1] [Security Solution] Fix context.results_link passed from detection rules to rule actions (#236067)#236533
Merged
kibanamachine merged 1 commit intoelastic:9.1from Sep 26, 2025
Conversation
…rules to rule actions (elastic#236067) **Partially addresses:** elastic#232557 ## Summary This PR fixes the value of the `results_link` variable we pass at the end of a detection rule execution to its rule actions via the `context` object. This variable then can be used from actions via `{{context.results_link}}` template placeholder. We used to construct the `results_link` like this: `<base-url>/app/security/detections/rules/id/<rule-id>?timerange=<...>`. Which used to be the correct URL to the Rule Details page. However, the URL structure of detections pages had been changed a long time ago, and now we have this: `<base-url>/app/security/detections/rules/id/<rule-id>`. We had URL redirects from `/app/security/detections/rules/id/<rule-id>` to `/app/security/detections/rules/id/<rule-id>`, but they were broken by elastic#217890. Some of them have been fixed since then, so now the redirects work as expected in some versions of Kibana, and in some of them they are still broken. See elastic#232557 (comment) for details. This PR adjusts the `results_link` according to the up to date URL structure. ## Release Notes Fixes the URL passed to detection rule actions via the `{{context.results_link}}` placeholder. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - No need for that as the only affected tests are unit tests - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. (cherry picked from commit bb6c8c1)
Merged
4 tasks
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport
This will backport the following commits from
mainto9.1:context.results_linkpassed from detection rules to rule actions (#236067)Questions ?
Please refer to the Backport tool documentation