Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Rule view duplication on MITRE coverage page #167929

Closed
approksiu opened this issue Oct 3, 2023 · 7 comments
Closed

[Security Solution] Rule view duplication on MITRE coverage page #167929

approksiu opened this issue Oct 3, 2023 · 7 comments
Assignees
@dplumlee
Labels
8.12 candidate bug Fixes for quality problems that affect the customer experience Feature:Rule Management Security Solution Detection Rule Management area fixed impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.11.1 v8.12.0

Comments

@approksiu
Copy link

Describe the bug:
Rule is duplicated in the mitre att&ck page cell

Kibana/Elasticsearch Stack version:
8.10.2, 8.10.3

Server OS version:

Browser and Browser OS versions:

Elastic Endpoint version:

Original install method (e.g. download page, yum, from source, etc.):

Functional Area (e.g. Endpoint management, timelines, resolver, etc.):

Steps to reproduce:

  1. Install all rules, enable them
  2. Go to MITRE ATT&CK page
  3. Search for T1546.015 (as an example)
  4. Scroll down to the cell with the rules
  5. Click on the cell to see the list of rules

Current behavior:
The rule is shown twice for coverage.

Expected behavior:
Rule should be shown once.

Screenshots (if relevant):
Screenshot 2023-10-03 at 19 52 57

Errors in browser console (if relevant):

Provide logs and/or server output (if relevant):

Any additional context (logs, chat logs, magical formulas, etc.):
@approksiu approksiu added bug Fixes for quality problems that affect the customer experience triage_needed Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Oct 3, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@MadameSheema MadameSheema added Team:Detections and Resp Security Detection Response Team Team:Detection Rule Management Security Detection Rule Management Team labels Oct 4, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@banderror banderror added impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. Feature:Rule Management Security Solution Detection Rule Management area 8.11 candidate and removed triage_needed labels Oct 5, 2023
@banderror banderror changed the title [Security Solution]Rule view duplication on MITRE coverage page [Security Solution] Rule view duplication on MITRE coverage page Oct 5, 2023
@dplumlee dplumlee mentioned this issue Oct 24, 2023
Merged
3 tasks
@banderror banderror mentioned this issue Nov 6, 2023
Merged
@banderror
Copy link
Contributor

@vgomez-el Fixed by #169708 and should be available in the last 8.11.0 BC.

@banderror banderror added v8.11.1 and removed v8.11.0 labels Nov 7, 2023
@vgomez-el
Copy link

@banderror after double checking it with @approksiu we can say that the bug is not fixed on the last 8.11 BC available con cloud.

@banderror banderror added v8.12.1 and removed v8.12.1 labels Nov 7, 2023
@banderror
Copy link
Contributor

@vgomez-el Thanks for checking. Yes, because #169708 (comment). The fix will be available in 8.11.1 and the first BC for this patch release.

@banderror
Copy link
Contributor

Hey @vgomez-el, after chatting with @MadameSheema, I'd like to close this ticket.

We have very limited resources on the QA side, and it turns out (I didn't know) that by default we only have you and Tanisha dedicated to D&R teams, but not QASource. I think focusing on regression testing of 8.12 would be much more important now compared to verifying this bugfix. Also, I have good confidence in the bugfix, because it has been tested by two engineers during the code review + we have automated test coverage which is almost done for this feature (#168058).

Please feel free to reopen if/once you'd like to check the fix.

@banderror banderror mentioned this issue Dec 6, 2023
Closed
@ghost
Copy link

ghost commented Dec 7, 2023

hi @approksiu

we have validated this issue on 8.11.2 and single entry for component model object hijack is showing now ✔️

Build details:

Version: 8.11.2
Commit: 92746356b61c3e3ac62b6d7045727f8d737fa4b5
Build:68299

Screen-Shot

image

image

Hence we are adding "QA:Validated" tag to it.

thanks !!

@ghost ghost added the QA:Validated Issue has been validated by QA label Dec 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dplumlee dplumlee

Labels
8.12 candidate bug Fixes for quality problems that affect the customer experience Feature:Rule Management Security Solution Detection Rule Management area fixed impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.11.1 v8.12.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@banderror @elasticmachine @MadameSheema @approksiu @dplumlee @vgomez-el