Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] No warning/error message displayed when creating exceptions without the proper index privileges #117289

Open
MadameSheema opened this issue Nov 3, 2021 · 5 comments
Open

[Security Solution] No warning/error message displayed when creating exceptions without the proper index privileges #117289

MadameSheema opened this issue Nov 3, 2021 · 5 comments
Labels
bug Fixes for quality problems that affect the customer experience Feature:Rule Exceptions Security Solution Detection Rule Exceptions area impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. Team:Detection Engine Security Solution Detection Engine Area Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.

Comments

@MadameSheema
Copy link
Member

Describe the bug:

  • No warning/error message displayed when creating exceptions without the proper index privileges

Kibana/Elasticsearch Stack version:

Initial setup:

  • Create a rule with just one index pattern
  • Generate alerts for that rule
  • Create a user without privileges on the index pattern used by the rule

Steps to reproduce:

  1. Login with the last created user
  2. Add an exception for the rule

Current behavior:

  • The field value is not populated

Screenshot 2021-11-03 at 13 04 10

Expected behavior:

  • The user is warned about the lack of privileges
@MadameSheema MadameSheema added bug Fixes for quality problems that affect the customer experience triage_needed Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Nov 3, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@MadameSheema MadameSheema added Team:Detection Alerts Security Detection Alerts Area Team impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. Team:Security Solution Platform Security Solution Platform Team and removed triage_needed labels Nov 3, 2021
@MindyRS MindyRS added the Team:Detections and Resp Security Detection Response Team label Feb 23, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@peluja1012 peluja1012 added the Feature:Rule Exceptions Security Solution Detection Rule Exceptions area label Apr 4, 2022
@yctercero yctercero mentioned this issue Sep 26, 2022
Closed
13 tasks
@yctercero yctercero mentioned this issue Oct 11, 2022
Merged
13 tasks
@peluja1012
Copy link
Contributor

Hi @MadameSheema, This was fixed by #143127. Could you please retest when you get a chance?

@sukhwindersingh-qasource
Copy link

Hi @MadameSheema

We have validated this issue on 8.6.0 BC1 build and observed that issue Exists .

Please find the below Testing Details:

Build info

VERSION: 8.6.0 BC1
BUILD: 58392
COMMIT: 50a7feb0a5eb068d3acccc49c83b9ccb6db6734f

Screen Shots
rule

role
exception

Please let us know if anything is required from our end.
Thank you!!

@MadameSheema
Copy link
Member Author

@dhurley14 @peluja1012 seems that this is still happening

@marshallmain marshallmain added v8.7.0 and removed v8.6.0 labels Dec 1, 2022
@yctercero yctercero added Team:Detection Engine Security Solution Detection Engine Area and removed Team:Detection Alerts Security Detection Alerts Area Team Team:Security Solution Platform Security Solution Platform Team labels May 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Fixes for quality problems that affect the customer experience Feature:Rule Exceptions Security Solution Detection Rule Exceptions area impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. Team:Detection Engine Security Solution Detection Engine Area Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@peluja1012 @MindyRS @yctercero @elasticmachine @MadameSheema @marshallmain @sukhwindersingh-qasource