Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[RAM][Security Solution] Timezones are not taken into consideration in rule snooze #156535

Closed
MadameSheema opened this issue May 3, 2023 · 12 comments · Fixed by #157338
Closed
Assignees
Labels
bug Fixes for quality problems that affect the customer experience Feature:Alerting/RulesManagement Issues related to the Rules Management UX Feature:Rule Management Security Solution Detection Rule Management area fixed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.8.0 v8.9.0

Comments

@MadameSheema
Copy link
Member

MadameSheema commented May 3, 2023

Describe the bug:

  • Timezones are not taken into consideration in rule snooze

Kibana/Elasticsearch Stack version:

  • 8.8.0-BC1

Initial setup:

  • To have a detection rule with an action configured

Steps to reproduce:

  1. Navigate to the Rules page
  2. Click on the Snooze icon of the detection rule
  3. Click on Add schedule
  4. Schedule the snooze to happen in 1 or 2 minutes from now, being now the time where you are performing the action.
  5. Select a Timezone different from the one you are placed (In mi case my Timezone is: Europe/Madrid and I've selected one in America)
  6. Wait for the time you have set

Current behavior:

  • The rule is snoozed

Expected behavior:

  • The rule should be snoozed when the time arrives taking into consideration the selected timezone.
Untitled_.May.3.2023.3_38.PM.webm
@MadameSheema MadameSheema added bug Fixes for quality problems that affect the customer experience triage_needed Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Detection Rule Management Security Detection Rule Management Team labels May 3, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@banderror banderror added impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) Feature:Rule Management Security Solution Detection Rule Management area Feature:Alerting/RulesManagement Issues related to the Rules Management UX and removed triage_needed labels May 3, 2023
@banderror banderror removed their assignment May 3, 2023
@banderror
Copy link
Contributor

@MadameSheema could you please include a video recording? I think I understood the issue but a video would be helpful still.

Redirecting this to the Response Ops team. cc @XavierM @elastic/response-ops-ram

@banderror banderror changed the title [Security Solution] Timezones are not taken into consideration in rule snooze [RAM][Security Solution] Timezones are not taken into consideration in rule snooze May 3, 2023
@MadameSheema
Copy link
Member Author

@banderror adding here a video recording. Please let me know if you need any other information. Thanks!

Untitled_.May.3.2023.3_38.PM.webm

@Zacqary
Copy link
Contributor

Zacqary commented May 17, 2023

Noticed this while working on On Week and didn't realize we had an issue open for it. #157338 should fix

Zacqary added a commit that referenced this issue May 17, 2023
## Summary

Closes #156535 

The Snooze Scheduler was failing to properly save and load snoozes if
the user selected a timezone other than the Kibana default. This is
because the datepicker only converts timestamp values between UTC and
the default Kibana timezone.

This PR fixes the issue by offsetting all dates that come in and out of
the scheduler UI relative to local time.

To test, create a snooze like this on `main` and make sure you select
timezone America/Los_Angeles. (If your local timezone is equivalent to
America/Los_Angeles, select a different timezone)

<img width="426" alt="Screenshot 2023-05-10 at 3 58 57 PM"
src="https://github.com/elastic/kibana/assets/1445834/ab95c47c-30a0-44d5-bd9d-45fdb929193d">

On `main`, editing the snooze will (erroneously) display the wrong
times:

<img width="423" alt="Screenshot 2023-05-10 at 4 03 24 PM"
src="https://github.com/elastic/kibana/assets/1445834/ff28ccdd-f491-43ce-87cd-d606c8d71c64">

Repeating this process on this PR's branch will save a snooze with the
correct `dtstart` and consequently load the correct snooze time.
Zacqary added a commit to Zacqary/kibana that referenced this issue May 17, 2023
## Summary

Closes elastic#156535

The Snooze Scheduler was failing to properly save and load snoozes if
the user selected a timezone other than the Kibana default. This is
because the datepicker only converts timestamp values between UTC and
the default Kibana timezone.

This PR fixes the issue by offsetting all dates that come in and out of
the scheduler UI relative to local time.

To test, create a snooze like this on `main` and make sure you select
timezone America/Los_Angeles. (If your local timezone is equivalent to
America/Los_Angeles, select a different timezone)

<img width="426" alt="Screenshot 2023-05-10 at 3 58 57 PM"
src="https://github.com/elastic/kibana/assets/1445834/ab95c47c-30a0-44d5-bd9d-45fdb929193d">

On `main`, editing the snooze will (erroneously) display the wrong
times:

<img width="423" alt="Screenshot 2023-05-10 at 4 03 24 PM"
src="https://github.com/elastic/kibana/assets/1445834/ff28ccdd-f491-43ce-87cd-d606c8d71c64">

Repeating this process on this PR's branch will save a snooze with the
correct `dtstart` and consequently load the correct snooze time.

(cherry picked from commit 213a697)
kibanamachine pushed a commit to kibanamachine/kibana that referenced this issue May 17, 2023
## Summary

Closes elastic#156535

The Snooze Scheduler was failing to properly save and load snoozes if
the user selected a timezone other than the Kibana default. This is
because the datepicker only converts timestamp values between UTC and
the default Kibana timezone.

This PR fixes the issue by offsetting all dates that come in and out of
the scheduler UI relative to local time.

To test, create a snooze like this on `main` and make sure you select
timezone America/Los_Angeles. (If your local timezone is equivalent to
America/Los_Angeles, select a different timezone)

<img width="426" alt="Screenshot 2023-05-10 at 3 58 57 PM"
src="https://github.com/elastic/kibana/assets/1445834/ab95c47c-30a0-44d5-bd9d-45fdb929193d">

On `main`, editing the snooze will (erroneously) display the wrong
times:

<img width="423" alt="Screenshot 2023-05-10 at 4 03 24 PM"
src="https://github.com/elastic/kibana/assets/1445834/ff28ccdd-f491-43ce-87cd-d606c8d71c64">

Repeating this process on this PR's branch will save a snooze with the
correct `dtstart` and consequently load the correct snooze time.

(cherry picked from commit 213a697)
Zacqary added a commit that referenced this issue May 17, 2023
# Backport

This will backport the following commits from `main` to `8.8`:
- [[RAM] Fix snooze scheduler timezone handling
(#157338)](#157338)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Zacqary Adam
Xeper","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-05-17T16:41:04Z","message":"[RAM]
Fix snooze scheduler timezone handling (#157338)\n\n##
Summary\r\n\r\nCloses #156535 \r\n\r\nThe Snooze Scheduler was failing
to properly save and load snoozes if\r\nthe user selected a timezone
other than the Kibana default. This is\r\nbecause the datepicker only
converts timestamp values between UTC and\r\nthe default Kibana
timezone.\r\n\r\nThis PR fixes the issue by offsetting all dates that
come in and out of\r\nthe scheduler UI relative to local time.\r\n\r\nTo
test, create a snooze like this on `main` and make sure you
select\r\ntimezone America/Los_Angeles. (If your local timezone is
equivalent to\r\nAmerica/Los_Angeles, select a different
timezone)\r\n\r\n<img width=\"426\" alt=\"Screenshot 2023-05-10 at 3 58
57
PM\"\r\nsrc=\"https://github.com/elastic/kibana/assets/1445834/ab95c47c-30a0-44d5-bd9d-45fdb929193d\">\r\n\r\nOn
`main`, editing the snooze will (erroneously) display the
wrong\r\ntimes:\r\n\r\n<img width=\"423\" alt=\"Screenshot 2023-05-10 at
4 03 24
PM\"\r\nsrc=\"https://github.com/elastic/kibana/assets/1445834/ff28ccdd-f491-43ce-87cd-d606c8d71c64\">\r\n\r\nRepeating
this process on this PR's branch will save a snooze with the\r\ncorrect
`dtstart` and consequently load the correct snooze
time.","sha":"213a69739f89bde0fefab284618968a77d1798b8","branchLabelMapping":{"^v8.9.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:ResponseOps","Feature:Alerting/RulesManagement","v8.8.0","v8.9.0"],"number":157338,"url":"https://github.com/elastic/kibana/pull/157338","mergeCommit":{"message":"[RAM]
Fix snooze scheduler timezone handling (#157338)\n\n##
Summary\r\n\r\nCloses #156535 \r\n\r\nThe Snooze Scheduler was failing
to properly save and load snoozes if\r\nthe user selected a timezone
other than the Kibana default. This is\r\nbecause the datepicker only
converts timestamp values between UTC and\r\nthe default Kibana
timezone.\r\n\r\nThis PR fixes the issue by offsetting all dates that
come in and out of\r\nthe scheduler UI relative to local time.\r\n\r\nTo
test, create a snooze like this on `main` and make sure you
select\r\ntimezone America/Los_Angeles. (If your local timezone is
equivalent to\r\nAmerica/Los_Angeles, select a different
timezone)\r\n\r\n<img width=\"426\" alt=\"Screenshot 2023-05-10 at 3 58
57
PM\"\r\nsrc=\"https://github.com/elastic/kibana/assets/1445834/ab95c47c-30a0-44d5-bd9d-45fdb929193d\">\r\n\r\nOn
`main`, editing the snooze will (erroneously) display the
wrong\r\ntimes:\r\n\r\n<img width=\"423\" alt=\"Screenshot 2023-05-10 at
4 03 24
PM\"\r\nsrc=\"https://github.com/elastic/kibana/assets/1445834/ff28ccdd-f491-43ce-87cd-d606c8d71c64\">\r\n\r\nRepeating
this process on this PR's branch will save a snooze with the\r\ncorrect
`dtstart` and consequently load the correct snooze
time.","sha":"213a69739f89bde0fefab284618968a77d1798b8"}},"sourceBranch":"main","suggestedTargetBranches":["8.8"],"targetPullRequestStates":[{"branch":"8.8","label":"v8.8.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.9.0","labelRegex":"^v8.9.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/157338","number":157338,"mergeCommit":{"message":"[RAM]
Fix snooze scheduler timezone handling (#157338)\n\n##
Summary\r\n\r\nCloses #156535 \r\n\r\nThe Snooze Scheduler was failing
to properly save and load snoozes if\r\nthe user selected a timezone
other than the Kibana default. This is\r\nbecause the datepicker only
converts timestamp values between UTC and\r\nthe default Kibana
timezone.\r\n\r\nThis PR fixes the issue by offsetting all dates that
come in and out of\r\nthe scheduler UI relative to local time.\r\n\r\nTo
test, create a snooze like this on `main` and make sure you
select\r\ntimezone America/Los_Angeles. (If your local timezone is
equivalent to\r\nAmerica/Los_Angeles, select a different
timezone)\r\n\r\n<img width=\"426\" alt=\"Screenshot 2023-05-10 at 3 58
57
PM\"\r\nsrc=\"https://github.com/elastic/kibana/assets/1445834/ab95c47c-30a0-44d5-bd9d-45fdb929193d\">\r\n\r\nOn
`main`, editing the snooze will (erroneously) display the
wrong\r\ntimes:\r\n\r\n<img width=\"423\" alt=\"Screenshot 2023-05-10 at
4 03 24
PM\"\r\nsrc=\"https://github.com/elastic/kibana/assets/1445834/ff28ccdd-f491-43ce-87cd-d606c8d71c64\">\r\n\r\nRepeating
this process on this PR's branch will save a snooze with the\r\ncorrect
`dtstart` and consequently load the correct snooze
time.","sha":"213a69739f89bde0fefab284618968a77d1798b8"}}]}] BACKPORT-->
kibanamachine added a commit that referenced this issue May 17, 2023
# Backport

This will backport the following commits from `main` to `8.8`:
- [[RAM] Fix snooze scheduler timezone handling
(#157338)](#157338)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Zacqary Adam
Xeper","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-05-17T16:41:04Z","message":"[RAM]
Fix snooze scheduler timezone handling (#157338)\n\n##
Summary\r\n\r\nCloses #156535 \r\n\r\nThe Snooze Scheduler was failing
to properly save and load snoozes if\r\nthe user selected a timezone
other than the Kibana default. This is\r\nbecause the datepicker only
converts timestamp values between UTC and\r\nthe default Kibana
timezone.\r\n\r\nThis PR fixes the issue by offsetting all dates that
come in and out of\r\nthe scheduler UI relative to local time.\r\n\r\nTo
test, create a snooze like this on `main` and make sure you
select\r\ntimezone America/Los_Angeles. (If your local timezone is
equivalent to\r\nAmerica/Los_Angeles, select a different
timezone)\r\n\r\n<img width=\"426\" alt=\"Screenshot 2023-05-10 at 3 58
57
PM\"\r\nsrc=\"https://github.com/elastic/kibana/assets/1445834/ab95c47c-30a0-44d5-bd9d-45fdb929193d\">\r\n\r\nOn
`main`, editing the snooze will (erroneously) display the
wrong\r\ntimes:\r\n\r\n<img width=\"423\" alt=\"Screenshot 2023-05-10 at
4 03 24
PM\"\r\nsrc=\"https://github.com/elastic/kibana/assets/1445834/ff28ccdd-f491-43ce-87cd-d606c8d71c64\">\r\n\r\nRepeating
this process on this PR's branch will save a snooze with the\r\ncorrect
`dtstart` and consequently load the correct snooze
time.","sha":"213a69739f89bde0fefab284618968a77d1798b8","branchLabelMapping":{"^v8.9.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:ResponseOps","Feature:Alerting/RulesManagement","v8.9.0","v8.8.1"],"number":157338,"url":"https://github.com/elastic/kibana/pull/157338","mergeCommit":{"message":"[RAM]
Fix snooze scheduler timezone handling (#157338)\n\n##
Summary\r\n\r\nCloses #156535 \r\n\r\nThe Snooze Scheduler was failing
to properly save and load snoozes if\r\nthe user selected a timezone
other than the Kibana default. This is\r\nbecause the datepicker only
converts timestamp values between UTC and\r\nthe default Kibana
timezone.\r\n\r\nThis PR fixes the issue by offsetting all dates that
come in and out of\r\nthe scheduler UI relative to local time.\r\n\r\nTo
test, create a snooze like this on `main` and make sure you
select\r\ntimezone America/Los_Angeles. (If your local timezone is
equivalent to\r\nAmerica/Los_Angeles, select a different
timezone)\r\n\r\n<img width=\"426\" alt=\"Screenshot 2023-05-10 at 3 58
57
PM\"\r\nsrc=\"https://github.com/elastic/kibana/assets/1445834/ab95c47c-30a0-44d5-bd9d-45fdb929193d\">\r\n\r\nOn
`main`, editing the snooze will (erroneously) display the
wrong\r\ntimes:\r\n\r\n<img width=\"423\" alt=\"Screenshot 2023-05-10 at
4 03 24
PM\"\r\nsrc=\"https://github.com/elastic/kibana/assets/1445834/ff28ccdd-f491-43ce-87cd-d606c8d71c64\">\r\n\r\nRepeating
this process on this PR's branch will save a snooze with the\r\ncorrect
`dtstart` and consequently load the correct snooze
time.","sha":"213a69739f89bde0fefab284618968a77d1798b8"}},"sourceBranch":"main","suggestedTargetBranches":["8.8"],"targetPullRequestStates":[{"branch":"main","label":"v8.9.0","labelRegex":"^v8.9.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/157338","number":157338,"mergeCommit":{"message":"[RAM]
Fix snooze scheduler timezone handling (#157338)\n\n##
Summary\r\n\r\nCloses #156535 \r\n\r\nThe Snooze Scheduler was failing
to properly save and load snoozes if\r\nthe user selected a timezone
other than the Kibana default. This is\r\nbecause the datepicker only
converts timestamp values between UTC and\r\nthe default Kibana
timezone.\r\n\r\nThis PR fixes the issue by offsetting all dates that
come in and out of\r\nthe scheduler UI relative to local time.\r\n\r\nTo
test, create a snooze like this on `main` and make sure you
select\r\ntimezone America/Los_Angeles. (If your local timezone is
equivalent to\r\nAmerica/Los_Angeles, select a different
timezone)\r\n\r\n<img width=\"426\" alt=\"Screenshot 2023-05-10 at 3 58
57
PM\"\r\nsrc=\"https://github.com/elastic/kibana/assets/1445834/ab95c47c-30a0-44d5-bd9d-45fdb929193d\">\r\n\r\nOn
`main`, editing the snooze will (erroneously) display the
wrong\r\ntimes:\r\n\r\n<img width=\"423\" alt=\"Screenshot 2023-05-10 at
4 03 24
PM\"\r\nsrc=\"https://github.com/elastic/kibana/assets/1445834/ff28ccdd-f491-43ce-87cd-d606c8d71c64\">\r\n\r\nRepeating
this process on this PR's branch will save a snooze with the\r\ncorrect
`dtstart` and consequently load the correct snooze
time.","sha":"213a69739f89bde0fefab284618968a77d1798b8"}},{"branch":"8.8","label":"v8.8.1","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Zacqary Adam Xeper <[email protected]>
@banderror banderror reopened this May 20, 2023
@banderror
Copy link
Contributor

@MadameSheema The bug should be fixed by #157338

@MadameSheema
Copy link
Member Author

Thanks @banderror!!

@karanbirsingh-qasource can you please validate the fix of this issue on current BC6? Thanks!

@sukhwindersingh-qasource
Copy link

sukhwindersingh-qasource commented May 22, 2023

Hi @MadameSheema

We have validated this issue on 8.8.0 BC6 build and observed that issue looks like , It is Fixed. ✔️ . Timezone conversion is working fine .We have additional observation mentioned is this comment.

Please find the below Testing Details:

Build info

VERSION: 8.8.0 BC6
BUILD: 63115
COMMIT: a4c256b39f7d1ee34abe61109a817ec7f5329009

Screen-Recording

rules-kibana-mozilla-firefox-2023-05-22-16-08-26_zQP6RyNK.mp4

Additional Information
The timezone conversion is working fine . but we have observed that time conversion is overriding the scheduling basic functionality which is we can not schedule the snooze in the past i.e if now is May 22nd 4:00pm then we can not add scheduling behind May 22nd 4:00pm. But by the time conversion we are able to achieve this thing.

Screen-Recording

Trying to add time which is in past
we are not able to add the scheduling in the past.

Rules.-.Kibana.Mozilla.Firefox.2023-05-22.16-19-47.mp4

We can add time which is in past with the help of scheduling
we are able to add scheduling in the past. Just select the timezone which are ahead of our timezone.

Rules.-.Kibana.Mozilla.Firefox.2023-05-22.16-18-42.mp4

Please let us know if anything else is required from our side.
Thanks!!

@MadameSheema
Copy link
Member Author

@banderror may you please take a look at the above observations when you have the chance? Thanks! :)

@banderror
Copy link
Contributor

@sukhwindersingh-qasource This is an interesting observation. The fact that a user can workaround this limitation by setting a different timezone looks like a low-impact bug. I'd suggest to open a separate issue for that and close this one.

That said, is there any reason for snoozing a rule in the past?

@banderror
Copy link
Contributor

cc @maximpn

@sukhwindersingh-qasource

Hi @banderror thanks for the update we have logged a new ticket related to this observation #158534. Hence the above issue is fixed so we are adding QA Validated tag to it and closing this issue.

Thanks!!

@sukhwindersingh-qasource sukhwindersingh-qasource added the QA:Validated Issue has been validated by QA label May 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Fixes for quality problems that affect the customer experience Feature:Alerting/RulesManagement Issues related to the Rules Management UX Feature:Rule Management Security Solution Detection Rule Management area fixed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.8.0 v8.9.0
Projects
No open projects
Development

Successfully merging a pull request may close this issue.

5 participants