Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Exceptions][Bug] - Error when importing rules with exception lists that don't exist in space #75182

Closed
yctercero opened this issue Aug 17, 2020 · 1 comment · Fixed by #75898
Closed

[Security Solution][Exceptions][Bug] - Error when importing rules with exception lists that don't exist in space #75182

yctercero opened this issue Aug 17, 2020 · 1 comment · Fixed by #75898
Assignees
@yctercero
Labels
bug Fixes for quality problems that affect the customer experience Feature:Detection Rules Anything related to Security Solution's Detection Rules Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM v7.9.1

Comments

@yctercero
Copy link
Contributor

Kibana version: 7.9

Describe the bug:
When importing rules that include references to exception lists that are either 1) deleted or 2) do not exist in imported space, user is unable to add or view exceptions of imported rule.

Rule itself imports successfully.

Steps to reproduce:

  1. Export a rule that includes exceptions.
  2. Delete exceptions list (via API) OR import rule into different space
  3. Import rule
  4. Navigate to imported rule's exceptions tab
  5. See that exceptions fail to fetch
  6. Click to add exception
  7. See error message in modal

Expected behavior:
This is a case of both a missing feature and an existing bug. There is not yet a great way to export exception lists (feature), but if user tries to import a rule with reference to an exception list that does not exist (bug), we should alert the user with an error to allow them to rectify.

Screenshots (if relevant):
ezgif com-optimize

Workaround:
Workaround right now is to export rule --> delete the reference to exception list -> import rule --> add back reference via API or manually re-input exceptions.
@yctercero yctercero added bug Fixes for quality problems that affect the customer experience Team:SIEM v7.9.0 Feature:Detection Rules Anything related to Security Solution's Detection Rules labels Aug 17, 2020
@yctercero yctercero self-assigned this Aug 17, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/siem (Team:SIEM)

@spong spong added v7.9.1 and removed v7.9.0 labels Aug 18, 2020
@yctercero yctercero linked a pull request Aug 25, 2020 that will close this issue
[Security Solution][Exceptions] - Improve UX for missing exception list associated with rule #75898
Merged
5 tasks
@MindyRS MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Oct 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yctercero yctercero

Labels
bug Fixes for quality problems that affect the customer experience Feature:Detection Rules Anything related to Security Solution's Detection Rules Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM v7.9.1
Projects
None yet
Milestone
No milestone
4 participants
@MindyRS @spong @yctercero @elasticmachine