Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Fixes create/edit rule form subtechnique selection bug #170465

Merged
merged 3 commits into from
Nov 10, 2023
Merged

[Security Solution] Fixes create/edit rule form subtechnique selection bug #170465

merged 3 commits into from
Nov 10, 2023
+9 −10

Conversation

dplumlee
Copy link
Contributor

@dplumlee dplumlee commented Nov 2, 2023
edited by kibanamachine
Loading

Fixes: #170347

Summary

Fixes a bug that occurred whenever a user tried to select a MITRE subtechnique in the create/edit rules form that shared its name with another subtechnique. We previously obtained the subtechnique details via a non-unique value field (that we thought would be unique at the time!), this PR switches the logic to use a unique id field so the correct subtechnique data will always be fetched. It also switches the logic in the technique_fields.tsx file to the same pattern as it could have fallen into the same pitfall.

Screenshots

Before

When you save the rule, the Subtechnique DNS (T1590.001) is selected instead of DNS (T1701.004).

After

Screenshot 2023-11-02 at 1 18 18 PM

When you save the rule, the Subtechnique DNS (T1701.004) is correctly selected.

Screenshot 2023-11-02 at 1 18 34 PM

### For maintainers

@dplumlee dplumlee added bug Fixes for quality problems that affect the customer experience release_note:fix Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Feature:Rule Management Security Solution Detection Rule Management area Team:Detection Rule Management Security Detection Rule Management Team v8.12.0 v8.11.1 labels Nov 2, 2023
@dplumlee dplumlee self-assigned this Nov 2, 2023
@dplumlee dplumlee requested a review from a team as a code owner November 2, 2023 17:33
@dplumlee dplumlee requested a review from banderror November 2, 2023 17:33
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@dplumlee dplumlee requested a review from spong November 2, 2023 17:33
@dplumlee dplumlee added the Team:Detections and Resp Security Detection Response Team label Nov 2, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@dplumlee
Copy link
Contributor Author

dplumlee commented Nov 2, 2023

@elasticmachine merge upstream

@banderror banderror added impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Feature:Rule Creation Security Solution Detection Rule Creation workflow and removed Feature:Rule Management Security Solution Detection Rule Management area labels Nov 6, 2023
spong
spong approved these changes Nov 8, 2023
View reviewed changes
Copy link
Member

@spong spong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checked out, tested fix locally, and code reviewed -- LGTM! 👍 Thanks for the quick fix @dplumlee!

We discussed offline some ways we can better test these scenarios around MITRE data, and plan to address in future updates to how we manage this data.

@banderror banderror removed their request for review November 9, 2023 14:00
@dplumlee
Copy link
Contributor Author

@elasticmachine merge upstream

@dplumlee dplumlee enabled auto-merge (squash) November 10, 2023 15:11
@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 13.0MB 13.0MB -2.0B

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @dplumlee

@dplumlee dplumlee merged commit 41cacd1 into elastic:main Nov 10, 2023
@kibanamachine kibanamachine mentioned this pull request Nov 10, 2023
Open
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Nov 10, 2023
@dplumlee
[Security Solution] Fixes create/edit rule form subtechnique selectio…
7662a39 
…n bug (elastic#170465)

(cherry picked from commit 41cacd1)
@kibanamachine
Copy link
Contributor

💚 All backports created successfully

Status Branch Result
8.11

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

29 similar comments
@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@spong spong spong approved these changes

Assignees

@dplumlee dplumlee

Labels
backport missing Added to PRs automatically when the are determined to be missing a backport. bug Fixes for quality problems that affect the customer experience Feature:Rule Creation Security Solution Detection Rule Creation workflow impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. release_note:fix Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.12.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Security Solution] Incorrect MITRE Subtechnique is selected when creating Rule
6 participants
@dplumlee @elasticmachine @kibana-ci @kibanamachine @spong @banderror