[Security Solution][Detections] Specify format for date range in EQL query #81025
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
marshallmain
added
v7.10.0
v7.11.0
v8.0.0
Feature:Detection Rules
|
Pinging @elastic/siem (Team:SIEM) |
yctercero
approved these changes
Oct 19, 2020
There was a problem hiding this comment.
LGTM! Thanks @FrankHassanabad for having pointed this out to me too in my code.
marshallmain
added a commit
to marshallmain/kibana
that referenced
this pull request
Oct 20, 2020
marshallmain
added a commit
to marshallmain/kibana
that referenced
this pull request
Oct 20, 2020
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Oct 20, 2020
* master: (64 commits) Rename Security Solution Bug Template (elastic#81187) Update links (elastic#81125) Specify format for date range query (elastic#81025) [Alerting] Improve toast when alert is created (elastic#80327) [UX] Add empty states (elastic#80904) Add TS config for kibana_legacy (elastic#80992) [Telemetry] Add method to enable endpoint security data usage example (elastic#80940) [Alerting] Add scoped cluster client to alerts and actions services (elastic#80794) Fix reactRouterNavigate when used with a string (elastic#80520) [Security Solution] [Detections] Read privileges for dependencies (elastic#80852) [ML] Fixing exclude frequent in advanced wizard (elastic#81121) Fix security solution template label (elastic#80976) [DOCS] Update index management docs (elastic#80893) [APM] Error rate on service list page is not in sync with the value at the transaction page (elastic#80814) skip flaky suite (elastic#81072) [Task Manager] Cleans up legacy plugin structure (elastic#80381) Support unsigned_long fields (elastic#81115) [Form lib] Export internal state instead of raw state (elastic#80842) [Lens] Add toast notification when visualization is saved (elastic#80788) Index pattern edit field formatter API (elastic#78352) ...
marshallmain
added a commit
that referenced
this pull request
Oct 20, 2020
marshallmain
added a commit
that referenced
this pull request
Oct 20, 2020
MindyRS
added
the
Team: SecuritySolution
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
If no date format is specified in the
rangefilter then elasticsearch will attempt to format the dates using the format of the field in the index mapping. Our queries usestrict_date_optional_timeformatted dates which leads to parsing exceptions if customers run rules against indices that use a different format for their timestamp.Adding the format here tells ES how to parse the dates we pass in so they can be properly compared against any other date format.
Thanks Frank H for discovering this bug!
Checklist
Delete any items that are not applicable to this PR.
For maintainers