[Security Solution][Detection Engine] Fixes critical bug with the same index being passed in #79949
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FrankHassanabad
changed the title
FrankHassanabad
added
v7.11.0
v7.10.0
release_note:skip
|
Pinging @elastic/siem (Team:SIEM) |
yctercero
reviewed
Oct 7, 2020
| item: Entry, | ||
| itemIndex: number | ||
| ): FormattedEntry => { | ||
| const { fields } = indexPattern; | ||
| const { fields: threatFields } = threatIndexPatterns; | ||
| const field = item.field; | ||
| const threatField = item.value; | ||
| const [foundField] = fields.filter(({ name }) => field != null && field === name); |
There was a problem hiding this comment.
Could these be memoized? My only hesitance with memoizing would be that it may just run on every render regardless because the hook doesn't do a deep equal to my understanding.
There was a problem hiding this comment.
It is in the callingReact Component which I think is what we want rather than in the pure functions.
const entries = useMemo(
(): FormattedEntry[] =>
indexPattern != null && listItem.entries.length > 0
? getFormattedEntries(indexPattern, threatIndexPatterns, listItem.entries)
: [],
[listItem.entries, indexPattern, threatIndexPatterns]
);
yctercero
approved these changes
Oct 7, 2020
FrankHassanabad
added a commit
to FrankHassanabad/kibana
that referenced
this pull request
Oct 8, 2020
## Summary If you had two different index patterns for threat and your query I was previously sending the same pattern in for both which was causing drop down boxes for threat match to null things out. Now, I set the two different indexes correctly. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
FrankHassanabad
added
the
Feature:Detection Rules
FrankHassanabad
added a commit
that referenced
this pull request
Oct 8, 2020
## Summary If you had two different index patterns for threat and your query I was previously sending the same pattern in for both which was causing drop down boxes for threat match to null things out. Now, I set the two different indexes correctly. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
FrankHassanabad
added a commit
that referenced
this pull request
Oct 8, 2020
## Summary If you had two different index patterns for threat and your query I was previously sending the same pattern in for both which was causing drop down boxes for threat match to null things out. Now, I set the two different indexes correctly. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Oct 8, 2020
* master: (217 commits) Fix dashboard "snapshot share" is not sharing panel state in view mode (elastic#79837) fix can't edit a scripted field with special char (elastic#79842) [ML] clear selection action (elastic#79834) [TSVB] Show tooltip on external pointer events (elastic#77306) Fixes bug where the same index was being passed in (elastic#79949) Adds date time query and return fields for timestamps and overrides (elastic#79911) [Security Solution][Detections] Reverts rules table tag filter to use AND operator (elastic#79920) add the correct class to truncate the names (elastic#79921) [kbn/optimizer] report limits with ci metrics (elastic#78205) [release notes] extract "dev docs" comment too (elastic#79351) Revert "skips test failing promotion (elastic#79777)" (elastic#79904) share tslib across bundles (elastic#79915) remove entire suite as partial skips aren't doing the trick skip flaky suite (elastic#78689) Skip failing suite (elastic#79522) skip flaky suite (elastic#79910) [es/mappings] remove doc_values from text fields (elastic#79869) remove skipped snapshots skip flaky tests (elastic#79891) chore(NA): add missing branches into backportrc configuration file (elastic#79848) ...
MindyRS
added
the
Team: SecuritySolution
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
If you had two different index patterns for threat and your query I was previously sending the same pattern in for both which was causing drop down boxes for threat match to null things out. Now, I set the two different indexes correctly.
Checklist