[Security Solution][Alerts] Suppression rule fails after disabling and re-enabling #155242
Labels
bug
Fixes for quality problems that affect the customer experience
Team:Detection Alerts
Security Detection Alerts Area Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Comments
vitaliidm
added
bug
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
I think the problem is here - the |
vitaliidm
added a commit
to vitaliidm/kibana
that referenced
this issue
Apr 20, 2023
Merged
6 tasks
vitaliidm
added a commit
that referenced
this issue
Apr 25, 2023
…ns for security rules (#155055) ## Summary - adresses #150101 - fixes #155242 - introduces UI options for selections 2 modes for suppressing or not suppressing alerts with missing **Group By** fields - adds accordion that contains all suppression related logic ### UX changes #### Rule edit page <details> <summary>Accordion closed</summary> <img width="1042" alt="Screenshot 2023-04-21 at 16 09 44" src="https://user-images.githubusercontent.com/92328789/233700543-8a5091e0-6455-4d76-b6b6-7a280d747d0c.png"> </details> <details> <summary>Accordion opened</summary> <img width="1017" alt="Screenshot 2023-04-24 at 19 44 33" src="https://user-images.githubusercontent.com/92328789/234087516-58b88dab-0285-47ca-a016-bfff31dbebae.png"> </details> #### Rule Details page <img width="2293" alt="Screenshot 2023-04-19 at 18 50 13" src="https://user-images.githubusercontent.com/92328789/234004667-d879bfff-0d11-4bc9-ab5b-7ad904e29d1f.png"> ### Checklist Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [x] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [x] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [x] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug:
Suppression rule fails after disabling and re-enabling
Kibana/Elasticsearch Stack version:
8.7+
Steps to reproduce:
Screenshots (if relevant):
Provide logs and/or server output (if relevant):
Any additional context (logs, chat logs, magical formulas, etc.):
it looks like, generated query is not valid
Response
{ "error": { "root_cause": [ { "type": "parsing_exception", "reason": "unknown query [must_not]", "line": 86, "col": 48 } ], "type": "x_content_parse_exception", "reason": "[86:48] [bool] failed to parse field [filter]", "caused_by": { "type": "x_content_parse_exception", "reason": "[86:48] [bool] failed to parse field [must_not]", "caused_by": { "type": "x_content_parse_exception", "reason": "[86:48] [bool] failed to parse field [filter]", "caused_by": { "type": "parsing_exception", "reason": "unknown query [must_not]", "line": 86, "col": 48, "caused_by": { "type": "named_object_not_found_exception", "reason": "[86:48] unknown field [must_not]" } } } } }, "status": 400 }The text was updated successfully, but these errors were encountered: