Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] User able to add an exception from ML generated alerts #75154

Closed
MadameSheema opened this issue Aug 17, 2020 · 3 comments
Closed

[Security Solution] User able to add an exception from ML generated alerts #75154

MadameSheema opened this issue Aug 17, 2020 · 3 comments
Assignees
@dplumlee
Labels
bug Fixes for quality problems that affect the customer experience Feature:Detection Rules Anything related to Security Solution's Detection Rules Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM v7.9.1

Comments

@MadameSheema
Copy link
Member

Kibana version:

  • 7.9.0

Elasticsearch version:

  • 7.9.0

Describe the bug:
Bug reported by @aarju

I found a small UI bug in the Exceptions workflow today when dealing with ML based rules. When looking at an ML based detection the ‘exceptions’ tab is greyed out but if I click the … next to a detection it opens the exceptions menu for me. After applying the exception it says it is applied but I have no way of viewing whether it is actually applied or not.

Preconditions:

  • To have a ML rule created with

Steps to reproduce:

  1. Navigate to Security > Detections
  2. Click on the 3 dots to expand the rule actions
  3. Click on Add rule exception

Current behaviour:

  • You are able to add an exception

Expected behavior:

  • You should not be able to add an exception
@MadameSheema MadameSheema added bug Fixes for quality problems that affect the customer experience Team:SIEM labels Aug 17, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/siem (Team:SIEM)

@spong spong added v7.9.1 Feature:Detection Rules Anything related to Security Solution's Detection Rules labels Aug 18, 2020
@dplumlee dplumlee mentioned this issue Aug 24, 2020
Merged
2 tasks
@randomuserid
Copy link
Contributor

Why shouldn't a user be able to add an exception to an ML rule? Isn't this a valid workflow for signal / noise tuning purposes?

@spong
Copy link
Member

spong commented Aug 24, 2020

This is temporary @randomuserid, as we just weren't able to provide support for exceptions w/ ML Rules as part of the initial dev effort of exceptions. I've created #75820 for adding support, and we can remove these checks/guards once supported.

@MindyRS MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Oct 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dplumlee dplumlee

Labels
bug Fixes for quality problems that affect the customer experience Feature:Detection Rules Anything related to Security Solution's Detection Rules Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM v7.9.1
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@randomuserid @MindyRS @spong @elasticmachine @MadameSheema @dplumlee