Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] max_signals is reset to kibana default value whenever rule is edited in UI #164234

Closed
dplumlee opened this issue Aug 17, 2023 · 7 comments · Fixed by #179680
Closed

[Security Solution] max_signals is reset to kibana default value whenever rule is edited in UI #164234

dplumlee opened this issue Aug 17, 2023 · 7 comments · Fixed by #179680
Assignees
@dplumlee
Labels
8.15 candidate bug Fixes for quality problems that affect the customer experience Feature:Rule Creation Security Solution Detection Rule Creation Feature:Rule Edit fixed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team:Detection Engine Security Solution Detection Engine Area Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.15.0

Comments

@dplumlee
Copy link
Contributor

Overview

When a rule is edited in the kibana UI, the max_signals value is always reset to 100 and the existing value of the rule is not respected. If a user updates the rule to contain a different max_signals value via the API and then edits another part of the rule at any time, the change will be overwritten with no warning to the user.

Solutions

Change the rule edit UI form to take into account the existing max_signals value on the rule
@dplumlee dplumlee added bug Fixes for quality problems that affect the customer experience Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Aug 17, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@dplumlee dplumlee added the Team:Detection Engine Security Solution Detection Engine Area label Aug 17, 2023
@e40pud
Copy link
Contributor

e40pud commented Aug 21, 2023
edited
Loading

Not sure if it is related here, but since 8.8 we also have the issue with max_signals being limited by xpack.alerting.rules.run.alerts.max. Documented as a know issue.

Here is the ticket tracking that bug.

@MadameSheema MadameSheema added triage_needed Team:Detections and Resp Security Detection Response Team labels Aug 21, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@yctercero yctercero removed their assignment Oct 13, 2023
@banderror
Copy link
Contributor

@yctercero We can take care of this ticket. This bug should be fixed automatically when #173593 is implemented. @dplumlee will be working on that one.

@banderror banderror added Team:Detection Rule Management Security Detection Rule Management Team Feature:Rule Creation Security Solution Detection Rule Creation Feature:Rule Edit labels Mar 7, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

@banderror banderror added 8.14 candidate impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. labels Mar 7, 2024
@yctercero
Copy link
Contributor

Hey @banderror ! Was this issue resolved?

@banderror
Copy link
Contributor

@yctercero No, we'll close it when it's fixed.

@dplumlee dplumlee mentioned this issue Mar 29, 2024
Merged
6 tasks
@banderror banderror mentioned this issue Apr 12, 2024
Closed
16 tasks
@jpdjere jpdjere closed this as completed in f841763 May 3, 2024
@banderror banderror added the fixed label May 3, 2024
@banderror banderror mentioned this issue Jun 5, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dplumlee dplumlee

Labels
8.15 candidate bug Fixes for quality problems that affect the customer experience Feature:Rule Creation Security Solution Detection Rule Creation Feature:Rule Edit fixed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team:Detection Engine Security Solution Detection Engine Area Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.15.0
Projects
Security Bug Audit
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Security Solution] Allow users to edit max_signals field for custom rules dplumlee/kibana
6 participants
@e40pud @banderror @yctercero @elasticmachine @MadameSheema @dplumlee