[Security Solution] Exceptions flyout refreshes when it regains focus, causing configured fields to get cleared #166550
Comments
peluja1012
added
bug
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
peluja1012
added
Team:Detections and Resp
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
peluja1012
added
the
impact:high
|
This bug is probably related to this other one, where you can see that additional calls to the |
|
Another related and possible duplicate bug: #166759 |
|
@e40pud since I'm on SDH today I'm investing this one, as it relates to a few tickets that came through. I will update here with my findings. |
|
Alright, so I've traced the cause, but the solution is going to be more involved since it involves changing caching logic. What's happening is that we have several The following diff will "fix" the problem by always caching those queries: diff --git a/x-pack/plugins/security_solution/public/common/components/ml/hooks/use_fetch_jobs_summary_query.ts b/x-pack/plugins/security_solution/public/common/components/ml/hooks/use_fetch_jobs_summary_query.ts
index f2958de5a9a..477fa8fe838 100644
--- a/x-pack/plugins/security_solution/public/common/components/ml/hooks/use_fetch_jobs_summary_query.ts
+++ b/x-pack/plugins/security_solution/public/common/components/ml/hooks/use_fetch_jobs_summary_query.ts
@@ -24,7 +24,7 @@ export const useFetchJobsSummaryQuery = (
async ({ signal }) => getJobsSummary({ signal, ...queryArgs }),
{
refetchIntervalInBackground: false,
- staleTime: ONE_MINUTE * 5,
+ staleTime: Infinity,
retry: false,
...options,
}
diff --git a/x-pack/plugins/security_solution/public/common/components/ml_popover/hooks/use_fetch_modules_query.ts b/x-pack/plugins/security_solution/public/common/components/ml_popover/hooks/use_fetch_modules_query.ts
index 810801e96a5..4b8146a76c5 100644
--- a/x-pack/plugins/security_solution/public/common/components/ml_popover/hooks/use_fetch_modules_query.ts
+++ b/x-pack/plugins/security_solution/public/common/components/ml_popover/hooks/use_fetch_modules_query.ts
@@ -23,7 +23,7 @@ export const useFetchModulesQuery = (
async ({ signal }) => getModules({ signal, ...queryArgs }),
{
refetchIntervalInBackground: false,
- staleTime: ONE_MINUTE * 5,
+ staleTime: Infinity,
retry: false,
...options,
}
diff --git a/x-pack/plugins/security_solution/public/common/components/ml_popover/hooks/use_fetch_recognizer_query.ts b/x-pack/plugins/security_solution/public/common/components/ml_popover/hooks/use_fetch_recognizer_query.ts
index bd17b82cc56..f98799a482e 100644
--- a/x-pack/plugins/security_solution/public/common/components/ml_popover/hooks/use_fetch_recognizer_query.ts
+++ b/x-pack/plugins/security_solution/public/common/components/ml_popover/hooks/use_fetch_recognizer_query.ts
@@ -23,7 +23,7 @@ export const useFetchRecognizerQuery = (
async ({ signal }) => checkRecognizer({ signal, ...queryArgs }),
{
refetchIntervalInBackground: false,
- staleTime: ONE_MINUTE * 5,
+ staleTime: Infinity,
retry: false,
...options,
}
with these changes, I was able to re-focus the exceptions window after 10 minutes and not rerender/lose data. (Similarly, if you want to reliably reproduce the issue, change one of the above hooks to Next steps
|
|
After thinking a bit about this issue, here are couple thoughts:
The UI looks buggy with
refetch-on-focus-true.movvs refetch-on-focus-false.movWe most probably cannot just blindly disable |
|
That all makes sense to me, @e40pud! Let's see if we can address this at the exceptions component itself, and bring the |
|
To fix the state preservation properly would involve some refactoring of exception flyout components. This will take some time and will not fit FF phase. Discussed with @yctercero and we will do a quick fix which matches current behaviour of the Refactoring will be prioritised in the next release https://github.com/elastic/security-team/issues/8197 |
…, causing configured fields to get cleared (elastic#166550)
…, causing configured fields to get cleared (#166550) (#172666) ## Summary Addresses #166550 These changes fix the issue where user can experience data loss while adding rule exceptions. The main issue is that we keep conditions state inside the child component `ExceptionsConditions` which is rendered conditionally based on `isLoading` flag. This flag changes when `useQuery` data gets stale and refetching is triggered. In this case we would remove `ExceptionsConditions` component while loading data and re-create it after. Since conditions state stored inside `ExceptionsConditions` we will lose it. This is a quick fix to make sure our users are not frustrated. The state refactoring will come separately in the next release when we are going to address the main issue elastic/security-team#8197 To reproduce: 1. Open "add rule exception" flyout 2. Add exception conditions 3. Wait for 5 minutes (to avoid waiting this long you can use [this approach](#166550 (comment))) 4. Remove focus from the page (by switching to another app or navigating to a different tab in a browser) 5. Focus on the page again When you are back to the page all exception conditions should still be there. --------- Co-authored-by: Vitalii Dmyterko <[email protected]>
…, causing configured fields to get cleared (elastic#166550) (elastic#172666) ## Summary Addresses elastic#166550 These changes fix the issue where user can experience data loss while adding rule exceptions. The main issue is that we keep conditions state inside the child component `ExceptionsConditions` which is rendered conditionally based on `isLoading` flag. This flag changes when `useQuery` data gets stale and refetching is triggered. In this case we would remove `ExceptionsConditions` component while loading data and re-create it after. Since conditions state stored inside `ExceptionsConditions` we will lose it. This is a quick fix to make sure our users are not frustrated. The state refactoring will come separately in the next release when we are going to address the main issue elastic/security-team#8197 To reproduce: 1. Open "add rule exception" flyout 2. Add exception conditions 3. Wait for 5 minutes (to avoid waiting this long you can use [this approach](elastic#166550 (comment))) 4. Remove focus from the page (by switching to another app or navigating to a different tab in a browser) 5. Focus on the page again When you are back to the page all exception conditions should still be there. --------- Co-authored-by: Vitalii Dmyterko <[email protected]> (cherry picked from commit a0631cf)
…s focus, causing configured fields to get cleared (#166550) (#172666) (#173131) # Backport This will backport the following commits from `main` to `8.12`: - [[Security Solution] Exceptions flyout refreshes when it regains focus, causing configured fields to get cleared (#166550) (#172666)](#172666) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Ievgen Sorokopud","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-12-12T09:14:57Z","message":"[Security Solution] Exceptions flyout refreshes when it regains focus, causing configured fields to get cleared (#166550) (#172666)\n\n## Summary\r\n\r\nAddresses https://github.com/elastic/kibana/issues/166550\r\n\r\nThese changes fix the issue where user can experience data loss while\r\nadding rule exceptions.\r\n\r\nThe main issue is that we keep conditions state inside the child\r\ncomponent `ExceptionsConditions` which is rendered conditionally based\r\non `isLoading` flag. This flag changes when `useQuery` data gets stale\r\nand refetching is triggered. In this case we would remove\r\n`ExceptionsConditions` component while loading data and re-create it\r\nafter. Since conditions state stored inside `ExceptionsConditions` we\r\nwill lose it.\r\n\r\nThis is a quick fix to make sure our users are not frustrated. The state\r\nrefactoring will come separately in the next release when we are going\r\nto address the main issue\r\nhttps://github.com/elastic/security-team/issues/8197\r\n\r\nTo reproduce:\r\n1. Open \"add rule exception\" flyout\r\n2. Add exception conditions\r\n3. Wait for 5 minutes (to avoid waiting this long you can use [this\r\napproach](https://github.com/elastic/kibana/issues/166550#issuecomment-1802941467))\r\n4. Remove focus from the page (by switching to another app or navigating\r\nto a different tab in a browser)\r\n5. Focus on the page again\r\n\r\nWhen you are back to the page all exception conditions should still be\r\nthere.\r\n\r\n---------\r\n\r\nCo-authored-by: Vitalii Dmyterko <[email protected]>","sha":"a0631cf8bd0ce820c1a3768f02e8384afc922b27","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team: SecuritySolution","backport:prev-minor","Team:Detection Engine","v8.13.0"],"number":172666,"url":"https://github.com/elastic/kibana/pull/172666","mergeCommit":{"message":"[Security Solution] Exceptions flyout refreshes when it regains focus, causing configured fields to get cleared (#166550) (#172666)\n\n## Summary\r\n\r\nAddresses https://github.com/elastic/kibana/issues/166550\r\n\r\nThese changes fix the issue where user can experience data loss while\r\nadding rule exceptions.\r\n\r\nThe main issue is that we keep conditions state inside the child\r\ncomponent `ExceptionsConditions` which is rendered conditionally based\r\non `isLoading` flag. This flag changes when `useQuery` data gets stale\r\nand refetching is triggered. In this case we would remove\r\n`ExceptionsConditions` component while loading data and re-create it\r\nafter. Since conditions state stored inside `ExceptionsConditions` we\r\nwill lose it.\r\n\r\nThis is a quick fix to make sure our users are not frustrated. The state\r\nrefactoring will come separately in the next release when we are going\r\nto address the main issue\r\nhttps://github.com/elastic/security-team/issues/8197\r\n\r\nTo reproduce:\r\n1. Open \"add rule exception\" flyout\r\n2. Add exception conditions\r\n3. Wait for 5 minutes (to avoid waiting this long you can use [this\r\napproach](https://github.com/elastic/kibana/issues/166550#issuecomment-1802941467))\r\n4. Remove focus from the page (by switching to another app or navigating\r\nto a different tab in a browser)\r\n5. Focus on the page again\r\n\r\nWhen you are back to the page all exception conditions should still be\r\nthere.\r\n\r\n---------\r\n\r\nCo-authored-by: Vitalii Dmyterko <[email protected]>","sha":"a0631cf8bd0ce820c1a3768f02e8384afc922b27"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.13.0","labelRegex":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/172666","number":172666,"mergeCommit":{"message":"[Security Solution] Exceptions flyout refreshes when it regains focus, causing configured fields to get cleared (#166550) (#172666)\n\n## Summary\r\n\r\nAddresses https://github.com/elastic/kibana/issues/166550\r\n\r\nThese changes fix the issue where user can experience data loss while\r\nadding rule exceptions.\r\n\r\nThe main issue is that we keep conditions state inside the child\r\ncomponent `ExceptionsConditions` which is rendered conditionally based\r\non `isLoading` flag. This flag changes when `useQuery` data gets stale\r\nand refetching is triggered. In this case we would remove\r\n`ExceptionsConditions` component while loading data and re-create it\r\nafter. Since conditions state stored inside `ExceptionsConditions` we\r\nwill lose it.\r\n\r\nThis is a quick fix to make sure our users are not frustrated. The state\r\nrefactoring will come separately in the next release when we are going\r\nto address the main issue\r\nhttps://github.com/elastic/security-team/issues/8197\r\n\r\nTo reproduce:\r\n1. Open \"add rule exception\" flyout\r\n2. Add exception conditions\r\n3. Wait for 5 minutes (to avoid waiting this long you can use [this\r\napproach](https://github.com/elastic/kibana/issues/166550#issuecomment-1802941467))\r\n4. Remove focus from the page (by switching to another app or navigating\r\nto a different tab in a browser)\r\n5. Focus on the page again\r\n\r\nWhen you are back to the page all exception conditions should still be\r\nthere.\r\n\r\n---------\r\n\r\nCo-authored-by: Vitalii Dmyterko <[email protected]>","sha":"a0631cf8bd0ce820c1a3768f02e8384afc922b27"}}]}] BACKPORT--> Co-authored-by: Ievgen Sorokopud <[email protected]>
|
@MadameSheema the fix was merged in both |
Tested in 8.12.0 BC6Describe the bug: Kibana/Elasticsearch Stack version: Server OS version: Browser and Browser OS versions:
Steps to reproduce:
Current behavior: Expected behavior: Screenshots (if relevant): Screenshot of Rule Exception in 8.12.0 after refresh of tab and focus regain: Screen share recordings:Screen recording of behavior in 8.10.0 exceptionsflyout8.mp4Screen recording of behavior in 8.12.0 exceptionlist.8.12.mp4Errors in browser console (if relevant): Provide logs and/or server output (if relevant): Any additional context (logs, chat logs, magical formulas, etc.): @yctercero @e40pud FYI QA Validated fix ✅ Please confirm if expected behavior to align with your updated fix @MadameSheema @vgomez-el FYI QA Validation of fix in |
|
I am closing this bug since it has been validated properly by @cybersecdiva on 8.12.0 BC6 |
Describe the bug:
The Exception flyout refreshes and clears all configured fields when the browser loses and then regains focus.
Kibana/Elasticsearch Stack version:
8.10
Browser and Browser OS versions:
Chrome, MS Edge (originally reported)
Steps to reproduce:
Screenshots (if relevant):
Screen.Recording.2023-09-14.at.5.19.44.PM.mov
The text was updated successfully, but these errors were encountered: