Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Rule] Changing any field of the rule on edit resets the output_index field #155356

Open
WafaaNasr opened this issue Apr 20, 2023 · 2 comments
Open

[Security Solution][Rule] Changing any field of the rule on edit resets the output_index field #155356

WafaaNasr opened this issue Apr 20, 2023 · 2 comments
Labels
bug Fixes for quality problems that affect the customer experience Feature:Detection Rules Security Solution rules and Detection Engine impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. Team:Detection Engine Security Solution Detection Engine Area

Comments

@WafaaNasr
Copy link
Contributor

Kibana version:
7.17.1

Describe the bug:

The rule is changing its output_index back to ".siem-signals-" whenever a modification is made.

Steps to reproduce:

  1. Create a Rule
  2. Export that Rule
  3. Change the output_index to a different index
  4. Modify any field in the Rule (for eg: changing schedule time from 1min to 2min)
  5. Export the Rule again
  6. Notice that the output_index is changed back to ".siem-signals-"

Expected behavior:

The output_index shouldn't be changed back to the default value if the user modified the rule
@WafaaNasr WafaaNasr added bug Fixes for quality problems that affect the customer experience Feature:Detection Rules Security Solution rules and Detection Engine Team:Detection Alerts Security Detection Alerts Area Team labels Apr 20, 2023
@yctercero yctercero added Team:Detection Engine Security Solution Detection Engine Area and removed Team:Detection Alerts Security Detection Alerts Area Team labels May 13, 2023
@yctercero
Copy link
Contributor

output_index field is deprecated - @banderror are we removing it for prebuilt rule customization work?

@yctercero yctercero added the impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. label Sep 28, 2024
@banderror
Copy link
Contributor

@yctercero We're not planning to remove it as part of the prebuilt rule customization work. It's gonna be handled in a certain way, this is described in #186544 and #188065 /cc @jpdjere

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Fixes for quality problems that affect the customer experience Feature:Detection Rules Security Solution rules and Detection Engine impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. Team:Detection Engine Security Solution Detection Engine Area
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@banderror @yctercero @WafaaNasr