Some legacy mustache variables are not rendering for Security Solution rules after upgrading to 8.8.x #160446
Assignees
Labels
Feature:Alerting/RulesFramework
Issues related to the Alerting Rules Framework
Team:ResponseOps
Label for the ResponseOps team (formerly the Cases and Alerting teams)
Comments
mikecote
added
Team:ResponseOps
|
Pinging @elastic/response-ops (Team:ResponseOps) |
doakalexi
added a commit
that referenced
this issue
Jun 23, 2023
…ing for Security Solution rules after upgrading to 8.8.x (#160451) Resolves #160446 ## Summary Adding the following variables to `x-pack/plugins/alerting/server/task_runner/transform_action_params.ts`: - alertId - alertName - spaceId - tags - params - alertInstanceId - alertActionGroup - alertActionGroupName - alert.id - alert.uuid - alert.actionGroup - alert.actionGroupName - alert.flapping ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Jun 23, 2023
…ing for Security Solution rules after upgrading to 8.8.x (elastic#160451) Resolves elastic#160446 ## Summary Adding the following variables to `x-pack/plugins/alerting/server/task_runner/transform_action_params.ts`: - alertId - alertName - spaceId - tags - params - alertInstanceId - alertActionGroup - alertActionGroupName - alert.id - alert.uuid - alert.actionGroup - alert.actionGroupName - alert.flapping ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit 857ca82)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Jun 23, 2023
…ing for Security Solution rules after upgrading to 8.8.x (elastic#160451) Resolves elastic#160446 ## Summary Adding the following variables to `x-pack/plugins/alerting/server/task_runner/transform_action_params.ts`: - alertId - alertName - spaceId - tags - params - alertInstanceId - alertActionGroup - alertActionGroupName - alert.id - alert.uuid - alert.actionGroup - alert.actionGroupName - alert.flapping ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit 857ca82)
kibanamachine
added a commit
that referenced
this issue
Jun 23, 2023
…rendering for Security Solution rules after upgrading to 8.8.x (#160451) (#160460) # Backport This will backport the following commits from `main` to `8.9`: - [[ResponseOps][Alerting] Some legacy mustache variables are not rendering for Security Solution rules after upgrading to 8.8.x (#160451)](#160451) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Alexi Doak","email":"109488926+doakalexi@users.noreply.github.com"},"sourceCommit":{"committedDate":"2023-06-23T20:34:31Z","message":"[ResponseOps][Alerting] Some legacy mustache variables are not rendering for Security Solution rules after upgrading to 8.8.x (#160451)\n\nResolves #160446 Summary\r\n\r\nAdding the following variables to\r\n`x-pack/plugins/alerting/server/task_runner/transform_action_params.ts`:\r\n\r\n- alertId\r\n- alertName\r\n- spaceId\r\n- tags\r\n- params\r\n- alertInstanceId\r\n- alertActionGroup\r\n- alertActionGroupName\r\n- alert.id\r\n- alert.uuid\r\n- alert.actionGroup\r\n- alert.actionGroupName\r\n- alert.flapping\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"857ca82352d5bec70814b52d524fbe4c8757625a","branchLabelMapping":{"^v8.10.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:ResponseOps","v8.8.0","v8.9.0","v8.10.0"],"number":160451,"url":"#160451 Some legacy mustache variables are not rendering for Security Solution rules after upgrading to 8.8.x (#160451)\n\nResolves #160446 Summary\r\n\r\nAdding the following variables to\r\n`x-pack/plugins/alerting/server/task_runner/transform_action_params.ts`:\r\n\r\n- alertId\r\n- alertName\r\n- spaceId\r\n- tags\r\n- params\r\n- alertInstanceId\r\n- alertActionGroup\r\n- alertActionGroupName\r\n- alert.id\r\n- alert.uuid\r\n- alert.actionGroup\r\n- alert.actionGroupName\r\n- alert.flapping\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"857ca82352d5bec70814b52d524fbe4c8757625a"}},"sourceBranch":"main","suggestedTargetBranches":["8.8","8.9"],"targetPullRequestStates":[{"branch":"8.8","label":"v8.8.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.9","label":"v8.9.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.10.0","labelRegex":"^v8.10.0$","isSourceBranch":true,"state":"MERGED","url":"#160451 Some legacy mustache variables are not rendering for Security Solution rules after upgrading to 8.8.x (#160451)\n\nResolves #160446 Summary\r\n\r\nAdding the following variables to\r\n`x-pack/plugins/alerting/server/task_runner/transform_action_params.ts`:\r\n\r\n- alertId\r\n- alertName\r\n- spaceId\r\n- tags\r\n- params\r\n- alertInstanceId\r\n- alertActionGroup\r\n- alertActionGroupName\r\n- alert.id\r\n- alert.uuid\r\n- alert.actionGroup\r\n- alert.actionGroupName\r\n- alert.flapping\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"857ca82352d5bec70814b52d524fbe4c8757625a"}}]}] BACKPORT--> Co-authored-by: Alexi Doak <109488926+doakalexi@users.noreply.github.com>
kibanamachine
added a commit
that referenced
this issue
Jun 23, 2023
…rendering for Security Solution rules after upgrading to 8.8.x (#160451) (#160459) # Backport This will backport the following commits from `main` to `8.8`: - [[ResponseOps][Alerting] Some legacy mustache variables are not rendering for Security Solution rules after upgrading to 8.8.x (#160451)](#160451) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Alexi Doak","email":"109488926+doakalexi@users.noreply.github.com"},"sourceCommit":{"committedDate":"2023-06-23T20:34:31Z","message":"[ResponseOps][Alerting] Some legacy mustache variables are not rendering for Security Solution rules after upgrading to 8.8.x (#160451)\n\nResolves #160446 Summary\r\n\r\nAdding the following variables to\r\n`x-pack/plugins/alerting/server/task_runner/transform_action_params.ts`:\r\n\r\n- alertId\r\n- alertName\r\n- spaceId\r\n- tags\r\n- params\r\n- alertInstanceId\r\n- alertActionGroup\r\n- alertActionGroupName\r\n- alert.id\r\n- alert.uuid\r\n- alert.actionGroup\r\n- alert.actionGroupName\r\n- alert.flapping\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"857ca82352d5bec70814b52d524fbe4c8757625a","branchLabelMapping":{"^v8.10.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:ResponseOps","v8.8.0","v8.9.0","v8.10.0"],"number":160451,"url":"#160451 Some legacy mustache variables are not rendering for Security Solution rules after upgrading to 8.8.x (#160451)\n\nResolves #160446 Summary\r\n\r\nAdding the following variables to\r\n`x-pack/plugins/alerting/server/task_runner/transform_action_params.ts`:\r\n\r\n- alertId\r\n- alertName\r\n- spaceId\r\n- tags\r\n- params\r\n- alertInstanceId\r\n- alertActionGroup\r\n- alertActionGroupName\r\n- alert.id\r\n- alert.uuid\r\n- alert.actionGroup\r\n- alert.actionGroupName\r\n- alert.flapping\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"857ca82352d5bec70814b52d524fbe4c8757625a"}},"sourceBranch":"main","suggestedTargetBranches":["8.8","8.9"],"targetPullRequestStates":[{"branch":"8.8","label":"v8.8.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.9","label":"v8.9.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.10.0","labelRegex":"^v8.10.0$","isSourceBranch":true,"state":"MERGED","url":"#160451 Some legacy mustache variables are not rendering for Security Solution rules after upgrading to 8.8.x (#160451)\n\nResolves #160446 Summary\r\n\r\nAdding the following variables to\r\n`x-pack/plugins/alerting/server/task_runner/transform_action_params.ts`:\r\n\r\n- alertId\r\n- alertName\r\n- spaceId\r\n- tags\r\n- params\r\n- alertInstanceId\r\n- alertActionGroup\r\n- alertActionGroupName\r\n- alert.id\r\n- alert.uuid\r\n- alert.actionGroup\r\n- alert.actionGroupName\r\n- alert.flapping\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"857ca82352d5bec70814b52d524fbe4c8757625a"}}]}] BACKPORT--> Co-authored-by: Alexi Doak <109488926+doakalexi@users.noreply.github.com>
5 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Prior to 8.8, security solution supported legacy mustache variables like
{{alertName}},{{alertId}}, etc and rendered them when generating rule actions. After upgrading to 8.8, as the security solution rules use the alert summaries feature (#151916), the system doesn't provide the mustache variables anymore, causing some actions to not render certain variables, miss information and sometimes fail 3rd party validation.8.7 screenshot where security solution displays deprecated variables:
We should audit the variables that use to render in 8.7 and make them render again, backport to 8.8.x.
The text was updated successfully, but these errors were encountered: