[Security Solution]Rule Action not able to perform after deletion of Rule Action Connector

[karanbirsingh-qasource]

Describe the bug
Rule Action not able to perform after deletion of Rule Action item

Build Details

Version:8.1.0 BC5
Commit:23423b0db7d5ffae1d0578e8d9e2c1afab90cdcf
Build:50459

Pre-Condition

• kibana Version 8.1.0 BC5 should exist
• Any Connector should be present on the kibana

Steps

• Login to Kibana
• Navigate to Alert Page
• Add any rule action item let say swim lane to the rule as a rule action item
• Generate some alerts from above rule
• Now delete the rule action item from stack management in our case it is swim lane
• Come back to rule details page
• Perform rule action like Enable,Disable and Duplicate
• Observed user is not able to perform any of the above mentioned operation of rule after deleting the rule action on it

Screen-Cast

rule-action.mp4

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[MadameSheema]

@karanbirsingh-qasource can you please confirm if the action can be done after refreshing the page?

[karanbirsingh-qasource]

yes @MadameSheema I have tried hard refresh and also opening kibana login in private windows, the error is consistent

[karanbirsingh-qasource]

more to add we have found one related issue in which there have some changes done in rule action item is the user after delete the added connector , if it helps to troubleshoot

#89062

[MadameSheema]

@karanbirsingh-qasource can you please check if this is happening on 7.17.x and 8.0.x? Thanks :)

[karanbirsingh-qasource]

sure @MadameSheema

[elasticmachine]

Pinging @elastic/security-detections-response (Team:Detections and Resp)

[karanbirsingh-qasource]

Issue occuring on 7.17.0 ❌

7.17.0.mp4

[karanbirsingh-qasource]

issue occurring on 8.0.0 ❌

8.0.0.mp4

[peluja1012]

Hi @karanbirsingh-qasource, I'm a little bit confused a about the steps followed to reproduce this bug. Could you please send us a video that shows you running through these steps?

Login to Kibana
Navigate to Alert Page
Add any rule action item let say swim lane to the rule as a rule action item
Generate some alerts from above rule
Now delete the rule action item from stack management in our case it is swim lane
Come back to rule details page

[karanbirsingh-qasource]

Hi @karanbirsingh-qasource, I'm a little bit confused a about the steps followed to reproduce this bug. Could you please send us a video that shows you running through these steps?

Login to Kibana
Navigate to Alert Page
Add any rule action item let say swim lane to the rule as a rule action item
Generate some alerts from above rule
Now delete the rule action item from stack management in our case it is swim lane
Come back to rule details page

Sure @peluja1012 please find below screen-cast of the above written steps , however just to clear the issue is "User is not able to perform Rule Action Duplicate,Enable,Disable if user delete the added rule action item(Notification component of the rule) in it"

Rule-Actions-Second.mp4

[peluja1012]

@MadameSheema I believe this bug is a duplicate of this bug, which you filed a few months back: #69142. I think impact is correct as there is a workaround for it. The proper treatment is probably to warn users before deleting connectors that there are rules associated with them.

[MadameSheema]

Closing as duplicate of #69142

cc @yctercero