Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Show warning if rule contains any index patterns that match no indices #180865

Open
nkhristinin opened this issue Apr 16, 2024 · 1 comment
Open

[Security Solution] Show warning if rule contains any index patterns that match no indices #180865

nkhristinin opened this issue Apr 16, 2024 · 1 comment
Labels
enhancement New value added to drive a business result Team:Detection Engine Security Solution Detection Engine Area

Comments

@nkhristinin
Copy link
Contributor

Currently, if the rule has an index pattern with only non-existing indices - we show the warning:

Screenshot 2024-04-16 at 09 12 56

existing index and a non-existing index

all privileges

  • for users with all privileges (like default elastic user) - the rule will just succeed:
Screenshot 2024-04-16 at 09 13 17

limited privileges

  • for users with limited privileges - the rule will show a warning about lack of read privileges for non-existing index.
Screenshot 2024-04-16 at 09 21 08

this warning is a bit misleading, and will be fixed in this PR

Proposal

But probably makes sense to show some sort of warning if the index pattern contains a non-existing index, as it can lead to confusion by the user.
if there was a typo in the index pattern, and the rule runs successfully but does not query some indices in the index pattern it can not generate results excepted from the rule, and it's hard to catch because there is no indication of that.
@botelastic botelastic bot added the needs-team Issues missing a team label label Apr 16, 2024
@nkhristinin nkhristinin mentioned this issue Apr 16, 2024
Open
5 tasks
@nkhristinin nkhristinin added the Team:Detection Engine Security Solution Detection Engine Area label Apr 16, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-engine (Team:Detection Engine)

@botelastic botelastic bot removed the needs-team Issues missing a team label label Apr 16, 2024
@nkhristinin nkhristinin added the needs-team Issues missing a team label label Apr 16, 2024
@botelastic botelastic bot removed the needs-team Issues missing a team label label Apr 16, 2024
@nkhristinin nkhristinin added the needs-team Issues missing a team label label Apr 16, 2024
@botelastic botelastic bot removed the needs-team Issues missing a team label label Apr 16, 2024
@yctercero yctercero added the enhancement New value added to drive a business result label Apr 20, 2024
@rylnd rylnd changed the title [Security Solution] Show warning if rules has not existing indices in index pattern along with existing indecies. [Security Solution] Show warning if rule contains any index patterns that match no indices May 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New value added to drive a business result Team:Detection Engine Security Solution Detection Engine Area
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nkhristinin @yctercero @elasticmachine