[Security Solution]Suppression Configuration showing for all Rule Types instead of just Custom Query #156247
Assignees
Labels
bug
Fixes for quality problems that affect the customer experience
fixed
impact:high
Addressing this issue will have a high level of impact on the quality/strength of our product.
QA:Validated
Issue has been validated by QA
Team:Detection Alerts
Security Detection Alerts Area Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Comments
ghost
added
bug
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
ghost
added
the
impact:medium
sukhwindersingh-qasource
assigned MadameSheema and marshallmain and unassigned sukhwindersingh-qasource
MadameSheema
added
Team:Detections and Resp
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Please note the following, even though just the title of the accordion is displayed for other rule types and not the suppression configuration, if a user starts with the suppression configuration and changes the rule type, in the summary of the rule step, all that information is present what may be confusing for the user. Create.new.rule.-.Kibana.webm@peluja1012 not sure if the above information affects to the impact of the issue, what do you think? |
peluja1012
added
impact:high
|
this issue will be fixed in #155839, which should be ready to review in coming days |
vitaliidm
added a commit
that referenced
this issue
May 9, 2023
…ck (#155839) ## Summary - addresses review feedback on #155055 - addresses UI changes from #150101 - removes accordion in favour of intended suppression components - adds popover with a link to documentation - changes wording - addresses #156247 ### Before <img width="1017" alt="Screenshot 2023-04-24 at 19 44 33" src="https://user-images.githubusercontent.com/92328789/234824612-b0ed2870-8aa0-44af-a37d-c061358c54a3.png"> ### After #### Intended Fields <img width="1016" alt="Screenshot 2023-05-05 at 10 42 46" src="https://user-images.githubusercontent.com/92328789/236426053-279d2f5b-46ea-434b-9cfa-696c71321661.png"> #### Tooltip <img width="1016" alt="Screenshot 2023-05-05 at 10 43 41" src="https://user-images.githubusercontent.com/92328789/236426061-1c39a5c2-63ca-4a36-b15e-2a1c1943481d.png"> --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Garrett Spong <spong@users.noreply.github.com>
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
May 9, 2023
…ck (elastic#155839) ## Summary - addresses review feedback on elastic#155055 - addresses UI changes from elastic#150101 - removes accordion in favour of intended suppression components - adds popover with a link to documentation - changes wording - addresses elastic#156247 ### Before <img width="1017" alt="Screenshot 2023-04-24 at 19 44 33" src="https://user-images.githubusercontent.com/92328789/234824612-b0ed2870-8aa0-44af-a37d-c061358c54a3.png"> ### After #### Intended Fields <img width="1016" alt="Screenshot 2023-05-05 at 10 42 46" src="https://user-images.githubusercontent.com/92328789/236426053-279d2f5b-46ea-434b-9cfa-696c71321661.png"> #### Tooltip <img width="1016" alt="Screenshot 2023-05-05 at 10 43 41" src="https://user-images.githubusercontent.com/92328789/236426061-1c39a5c2-63ca-4a36-b15e-2a1c1943481d.png"> --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Garrett Spong <spong@users.noreply.github.com> (cherry picked from commit 31b6062)
kibanamachine
referenced
this issue
May 10, 2023
…feedback (#155839) (#157192) # Backport This will backport the following commits from `main` to `8.8`: - [[Security Solution][Alerts] resolves alerts suppression review feedback (#155839)](#155839) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Vitalii Dmyterko","email":"92328789+vitaliidm@users.noreply.github.com"},"sourceCommit":{"committedDate":"2023-05-09T16:12:20Z","message":"[Security Solution][Alerts] resolves alerts suppression review feedback (#155839)\n\n## Summary\r\n\r\n- addresses review feedback on\r\nhttps://github.com//pull/155055\r\n- addresses UI changes from\r\nhttps://github.com//issues/150101\r\n - removes accordion in favour of intended suppression components\r\n - adds popover with a link to documentation\r\n - changes wording\r\n- addresses https://github.com/elastic/kibana/issues/156247\r\n\r\n### Before\r\n<img width=\"1017\" alt=\"Screenshot 2023-04-24 at 19 44 33\"\r\nsrc=\"https://user-images.githubusercontent.com/92328789/234824612-b0ed2870-8aa0-44af-a37d-c061358c54a3.png\">\r\n\r\n### After\r\n\r\n#### Intended Fields\r\n<img width=\"1016\" alt=\"Screenshot 2023-05-05 at 10 42 46\"\r\nsrc=\"https://user-images.githubusercontent.com/92328789/236426053-279d2f5b-46ea-434b-9cfa-696c71321661.png\">\r\n\r\n#### Tooltip\r\n<img width=\"1016\" alt=\"Screenshot 2023-05-05 at 10 43 41\"\r\nsrc=\"https://user-images.githubusercontent.com/92328789/236426061-1c39a5c2-63ca-4a36-b15e-2a1c1943481d.png\">\r\n\r\n---------\r\n\r\nCo-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by: Garrett Spong <spong@users.noreply.github.com>","sha":"31b6062148b55f712015fc9061172eca54c0acd4","branchLabelMapping":{"^v8.9.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team: SecuritySolution","Team:Detection Alerts","backport:prev-minor","v8.8.0","v8.9.0"],"number":155839,"url":"https://github.com/elastic/kibana/pull/155839","mergeCommit":{"message":"[Security Solution][Alerts] resolves alerts suppression review feedback (#155839)\n\n## Summary\r\n\r\n- addresses review feedback on\r\nhttps://github.com//pull/155055\r\n- addresses UI changes from\r\nhttps://github.com//issues/150101\r\n - removes accordion in favour of intended suppression components\r\n - adds popover with a link to documentation\r\n - changes wording\r\n- addresses https://github.com/elastic/kibana/issues/156247\r\n\r\n### Before\r\n<img width=\"1017\" alt=\"Screenshot 2023-04-24 at 19 44 33\"\r\nsrc=\"https://user-images.githubusercontent.com/92328789/234824612-b0ed2870-8aa0-44af-a37d-c061358c54a3.png\">\r\n\r\n### After\r\n\r\n#### Intended Fields\r\n<img width=\"1016\" alt=\"Screenshot 2023-05-05 at 10 42 46\"\r\nsrc=\"https://user-images.githubusercontent.com/92328789/236426053-279d2f5b-46ea-434b-9cfa-696c71321661.png\">\r\n\r\n#### Tooltip\r\n<img width=\"1016\" alt=\"Screenshot 2023-05-05 at 10 43 41\"\r\nsrc=\"https://user-images.githubusercontent.com/92328789/236426061-1c39a5c2-63ca-4a36-b15e-2a1c1943481d.png\">\r\n\r\n---------\r\n\r\nCo-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by: Garrett Spong <spong@users.noreply.github.com>","sha":"31b6062148b55f712015fc9061172eca54c0acd4"}},"sourceBranch":"main","suggestedTargetBranches":["8.8"],"targetPullRequestStates":[{"branch":"8.8","label":"v8.8.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.9.0","labelRegex":"^v8.9.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/155839","number":155839,"mergeCommit":{"message":"[Security Solution][Alerts] resolves alerts suppression review feedback (#155839)\n\n## Summary\r\n\r\n- addresses review feedback on\r\nhttps://github.com//pull/155055\r\n- addresses UI changes from\r\nhttps://github.com//issues/150101\r\n - removes accordion in favour of intended suppression components\r\n - adds popover with a link to documentation\r\n - changes wording\r\n- addresses https://github.com/elastic/kibana/issues/156247\r\n\r\n### Before\r\n<img width=\"1017\" alt=\"Screenshot 2023-04-24 at 19 44 33\"\r\nsrc=\"https://user-images.githubusercontent.com/92328789/234824612-b0ed2870-8aa0-44af-a37d-c061358c54a3.png\">\r\n\r\n### After\r\n\r\n#### Intended Fields\r\n<img width=\"1016\" alt=\"Screenshot 2023-05-05 at 10 42 46\"\r\nsrc=\"https://user-images.githubusercontent.com/92328789/236426053-279d2f5b-46ea-434b-9cfa-696c71321661.png\">\r\n\r\n#### Tooltip\r\n<img width=\"1016\" alt=\"Screenshot 2023-05-05 at 10 43 41\"\r\nsrc=\"https://user-images.githubusercontent.com/92328789/236426061-1c39a5c2-63ca-4a36-b15e-2a1c1943481d.png\">\r\n\r\n---------\r\n\r\nCo-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by: Garrett Spong <spong@users.noreply.github.com>","sha":"31b6062148b55f712015fc9061172eca54c0acd4"}}]}] BACKPORT--> Co-authored-by: Vitalii Dmyterko <92328789+vitaliidm@users.noreply.github.com> Co-authored-by: Pedro Jaramillo <pedro.jaramillo@elastic.co>
![https://user-images.githubusercontent.com/92328789/234824612-b0ed2870-8aa0-44af-a37d-c061358c54a3.png\">\r\n\r\n###](https://user-images.githubusercontent.com/92328789/234824612-b0ed2870-8aa0-44af-a37d-c061358c54a3.png\">\r\n\r\n###){kind=link}
![https://user-images.githubusercontent.com/92328789/236426053-279d2f5b-46ea-434b-9cfa-696c71321661.png\">\r\n\r\n####](https://user-images.githubusercontent.com/92328789/236426053-279d2f5b-46ea-434b-9cfa-696c71321661.png\">\r\n\r\n####){kind=link}
![https://user-images.githubusercontent.com/92328789/236426061-1c39a5c2-63ca-4a36-b15e-2a1c1943481d.png\">\r\n\r\n---------\r\n\r\nCo-authored-by](https://user-images.githubusercontent.com/92328789/236426061-1c39a5c2-63ca-4a36-b15e-2a1c1943481d.png\">\r\n\r\n---------\r\n\r\nCo-authored-by){kind=link}
|
@karanbirsingh-qasource please validate this fix on current BC. Please validate also the following scenario:
Make sure that on the Thanks! |
Hi @MadameSheema this issue is occuring the suppression configuration is getting displayed even on changing the rule type to event correlation. Create.new.rule.-.Kibana.Mozilla.Firefox.2023-05-11.13-11-51.mp4Do let us know if we need to log separate ticket for it as the main issue is fixed ? |
|
Thanks @karanbirsingh-qasource!! may you please also validate if suppression is performed for the created rule? The EQL created one? And yes, track that behavior in a different ticket. |
No @MadameSheema the suppression is not getting performed for the created EQL Rule and just configuration of suppression is showing. Here is the separate ticket for this issue #157358 create-new-rule-kibana-google-chrome-2023-05-11-13-23-41_TqE92cgz.mp4 |
ghost
mentioned this issue
|
we have validated this issue on 8.8 Bc3 and found the issue to be fixed ✔️ . Build Details: Screen-Cast: Create.new.rule.-.Kibana.Mozilla.Firefox.2023-05-11.13-34-54.mp4Hence we are Closing this issue and adding thanks !! |
This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Suppression Configuration showing for all Rule Types instead of just Custom Query
Build Details:
Pre-conditions
Steps
Expected Result
Suppression Configuration should show only for Query Rule Type
Screen-Cast
Rules.-.Kibana.Mozilla.Firefox.2023-05-01.14-39-19.mp4
The text was updated successfully, but these errors were encountered: