[Security Solution][Detections] - EQL preview not receiving expected response #82900
Labels
bug
Fixes for quality problems that affect the customer experience
Feature:Detection Rules
Anything related to Security Solution's Detection Rules
Feature:Event Correlation (EQL) Rule
Security Solution Event Correlation (EQL) Rule feature
fixed
impact:high
Addressing this issue will have a high level of impact on the quality/strength of our product.
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Team:SIEM
v7.11.0
Kibana version:
7.11
Describe the bug:
When trying to preview an EQL query in rule creation/edit, Kibana blows up. This is because we are expecting
rawResponse
to include themeta
object that includes all the info needed to fill out the inspect functionality. It is currently typed as a field guaranteed to be there, but as search strategy is something actively being developed, seems some updates have been made. More information is needed.Steps to reproduce:
any where true
Expected behavior:
When previewing EQL query, histogram should successfully resolve.
Screenshots (if relevant):
Errors in browser console (if relevant):
Any additional context:
Error message originating from
x-pack/plugins/security_solution/public/common/hooks/eql/helpers.ts
-formatInspect
The text was updated successfully, but these errors were encountered: