Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] The endpoint goes to unhealthy state with warnings in the policy if we disable auto updates for the 'Protection updates' and select the current date #170847

Closed
muskangulati-qasource opened this issue Nov 8, 2023 · 13 comments
Closed

[Security Solution] The endpoint goes to unhealthy state with warnings in the policy if we disable auto updates for the 'Protection updates' and select the current date #170847

muskangulati-qasource opened this issue Nov 8, 2023 · 13 comments
Assignees
@szwarckonrad @kevinlog
Labels
bug Fixes for quality problems that affect the customer experience impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. OLM Sprint QA:Validated Issue has been validated by QA Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.11.0 v8.11.2

Comments

@muskangulati-qasource
Copy link

muskangulati-qasource commented Nov 8, 2023
edited
Loading

Description:
The endpoint goes to unhealthy state with warnings in the policy if we disable auto updates for the 'Protection updates'

Build Details:

VERSION: 8.11.0
BUILD: 68160
COMMIT: f2ea0c43ec0d854259d63d926b97e5c556b5f6b2

Browser Details:
All

OS

  • Windows
  • Linux Ubuntu
  • Linux SLES

Preconditions:

  1. Kibana user should be logged in
  2. Endpoints should exist

Steps to Reproduce:

  1. Login to a fresh Kibana environment
  2. Navigate to the 'Endpoints' tab under the Manage section under Security section
  3. Select any policy
  4. Go to the 'Protection updates' tab
  5. Disable the auto update pill
  6. Wait for a minute and observe the endpoint goes to unhealthy state

Actual Result:
The endpoint goes to unhealthy state with warnings in the policy if we disable auto updates for the 'Protection updates'

Expected Result:
The endpoint should be healthy all the time if we disable auto updates for the 'Protection updates'

Screenshots:
image (6)

12

Logs

elastic-agent-diagnostics-2023-11-08T05-05-08Z-00.zip

ip-172-31-75-64-agent-details.json

NOTE:
It only occurs when the date is the current date i.e. today's date.
@muskangulati-qasource muskangulati-qasource added bug Fixes for quality problems that affect the customer experience impact:critical This issue should be addressed immediately due to a critical level of impact on the product. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v8.11.0 labels Nov 8, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

@manishgupta-qasource
Copy link

Reviewed and assigned to @kevinlog

@muskangulati-qasource muskangulati-qasource changed the title [Security Solution] The endpoint goes to unhealthy state with warnings in the policy if we disable auto updates for the 'Protection updates' [Security Solution] The endpoint goes to unhealthy state with warnings in the policy if we disable auto updates for the 'Protection updates' and select the current date Nov 8, 2023
@muskangulati-qasource muskangulati-qasource added impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. and removed impact:critical This issue should be addressed immediately due to a critical level of impact on the product. labels Nov 8, 2023
@kevinlog kevinlog mentioned this issue Nov 8, 2023
Merged
@szwarckonrad szwarckonrad mentioned this issue Nov 9, 2023
Merged
kevinlog pushed a commit that referenced this issue Nov 10, 2023
@szwarckonrad
[EDR Workflows] Protection updates latest date is capped at yesterday (
682600f 
…#170932)

#170847

With this PR latest selectable date is set to yesterday.

Changes:
1. Datepicker start date is set to `today - 1 day`
2. Api adjusted to accept dates starting at `today - 1 day`
3. Tests aligned.


https://github.com/elastic/kibana/assets/29123534/ae2e8ac8-9d35-4cee-a47b-af39fa13485a
kibanamachine pushed a commit to kibanamachine/kibana that referenced this issue Nov 10, 2023
@szwarckonrad
[EDR Workflows] Protection updates latest date is capped at yesterday (
5506a02 
…elastic#170932)

elastic#170847

With this PR latest selectable date is set to yesterday.

Changes:
1. Datepicker start date is set to `today - 1 day`
2. Api adjusted to accept dates starting at `today - 1 day`
3. Tests aligned.

https://github.com/elastic/kibana/assets/29123534/ae2e8ac8-9d35-4cee-a47b-af39fa13485a
(cherry picked from commit 682600f)
kibanamachine added a commit that referenced this issue Nov 10, 2023
@kibanamachine @szwarckonrad
[8.11] [EDR Workflows] Protection updates latest date is capped at ye…
8c233cd 
…sterday (#170932) (#171051)

# Backport

This will backport the following commits from `main` to `8.11`:
- [[EDR Workflows] Protection updates latest date is capped at yesterday
(#170932)](#170932)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Konrad
Szwarc","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-11-10T18:56:42Z","message":"[EDR
Workflows] Protection updates latest date is capped at yesterday
(#170932)\n\nhttps://github.com//issues/170847\r\n\r\nWith
this PR latest selectable date is set to
yesterday.\r\n\r\nChanges:\r\n1. Datepicker start date is set to `today
- 1 day`\r\n2. Api adjusted to accept dates starting at `today - 1
day`\r\n3. Tests
aligned.\r\n\r\n\r\nhttps://github.com/elastic/kibana/assets/29123534/ae2e8ac8-9d35-4cee-a47b-af39fa13485a","sha":"682600f01c5d7f7f7be5846e6f3906583544bfeb","branchLabelMapping":{"^v8.12.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Defend
Workflows","v8.11.0","v8.12.0"],"number":170932,"url":"https://github.com/elastic/kibana/pull/170932","mergeCommit":{"message":"[EDR
Workflows] Protection updates latest date is capped at yesterday
(#170932)\n\nhttps://github.com//issues/170847\r\n\r\nWith
this PR latest selectable date is set to
yesterday.\r\n\r\nChanges:\r\n1. Datepicker start date is set to `today
- 1 day`\r\n2. Api adjusted to accept dates starting at `today - 1
day`\r\n3. Tests
aligned.\r\n\r\n\r\nhttps://github.com/elastic/kibana/assets/29123534/ae2e8ac8-9d35-4cee-a47b-af39fa13485a","sha":"682600f01c5d7f7f7be5846e6f3906583544bfeb"}},"sourceBranch":"main","suggestedTargetBranches":["8.11"],"targetPullRequestStates":[{"branch":"8.11","label":"v8.11.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.12.0","labelRegex":"^v8.12.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/170932","number":170932,"mergeCommit":{"message":"[EDR
Workflows] Protection updates latest date is capped at yesterday
(#170932)\n\nhttps://github.com//issues/170847\r\n\r\nWith
this PR latest selectable date is set to
yesterday.\r\n\r\nChanges:\r\n1. Datepicker start date is set to `today
- 1 day`\r\n2. Api adjusted to accept dates starting at `today - 1
day`\r\n3. Tests
aligned.\r\n\r\n\r\nhttps://github.com/elastic/kibana/assets/29123534/ae2e8ac8-9d35-4cee-a47b-af39fa13485a","sha":"682600f01c5d7f7f7be5846e6f3906583544bfeb"}}]}]
BACKPORT-->

Co-authored-by: Konrad Szwarc <[email protected]>
@szwarckonrad szwarckonrad added the QA:Ready for Testing Code is merged and ready for QA to validate label Nov 13, 2023
@szwarckonrad
Copy link
Contributor

Merged to main and backported to 8.11.1

@kevinlog
Copy link
Contributor

@szwarckonrad unfortunately for this, it wasn't picked up by the 8.11.1 build. Since it was released quickly to fix another issue, Kibana wasn't rebuilt in BC2. Here are the commits picked up for 8.11.1. https://github.com/elastic/kibana/commits/09feaf416f986b239b8e8ad95ecdda0f9d56ebec

We will have to mark this one for 8.11.2

@szwarckonrad
Copy link
Contributor

Added 8.11.2 label, CC @manishgupta-qasource

@sukhwindersingh-qasource
Copy link

Hi @szwarckonrad , @kevinlog

We have validated this ticket on the latest 8.11.2 BC1 build and found the issue is NOT FIXED. ❌
We have observed that it is also happening if we are selecting any previous date i.e Today is 6th December. We have selected 3rd December 2023

Please find below the testing details

Build Details:

VERSION: 8.11.2
BUILD: 68299
COMMIT: 9274635

Screen Cast:

Endpoints.-.Kibana.Mozilla.Firefox.2023-12-06.15-18-12.mp4

Please let us know if anything else is required from our end.

Thanks!

@intxgo
Copy link
Contributor

intxgo commented Dec 6, 2023

hi, @sukhwindersingh-qasource do you have agent diagnostics maybe?

@kevinlog
Copy link
Contributor

kevinlog commented Dec 6, 2023
edited
Loading

@sukhwindersingh-qasource

After discussion with the team, we realized that the reason this is happening is that we haven't published the artifacts for the 8.11.2 Endpoint yet since it is still unreleased.

To verify this bug, can you test it again, but use either an 8.11.0 or 8.11.1 Endpoint?

After 8.11.2 is released, the artifacts will be available and it will work with that Endpoint.

cc @jeska

@sukhwindersingh-qasource
Copy link

Hi @kevinlog ,

We have validated this ticket on the latest 8.11.2 BC1 build using 8.11.1 Endpoint and found the issue is not occurring.
but we have also observed if we select the date which is way back i.e select any date from the October month , then the Endpoint goes to unhealthy state.

Please find below the testing details

Build Details:

VERSION: 8.11.2
BUILD: 68299
COMMIT: 9274635

Screen Cast:
Selecting December date :

Endpoints.-.Kibana.Mozilla.Firefox.2023-12-07.16-45-09.mp4

Selecting October date :

Policies.-.Kibana.Mozilla.Firefox.2023-12-07.16-46-24.mp4

Please do let us know if anything else is required.

Thanks!!

@kevinlog
Copy link
Contributor

kevinlog commented Dec 7, 2023

@sukhwindersingh-qasource thanks for the update.

This would be expected since when a user upgrades an Endpoint, there would be newer artifacts that they would need to download. As part of an upgrade process, users would also need to update the artifacts to a later date.

Users who use this feature would not upgrade their Agents or their artifacts during a critical period, so it's OK that if they upgrade their Agents, they would also need to pick a later date

cc @jeska @intxgo

@sukhwindersingh-qasource
Copy link

Hi @kevinlog thanks for confirming this behavior as the expected so we will be adding note of same in our test-content.
Also we are closing this issue and marking it as QA Validated.
Thanks!

@sukhwindersingh-qasource sukhwindersingh-qasource added QA:Validated Issue has been validated by QA and removed QA:Ready for Testing Code is merged and ready for QA to validate labels Dec 8, 2023
@sukhwindersingh-qasource
Copy link

Bug Conversion

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@szwarckonrad szwarckonrad

@kevinlog kevinlog

Labels
bug Fixes for quality problems that affect the customer experience impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. OLM Sprint QA:Validated Issue has been validated by QA Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.11.0 v8.11.2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@dasansol92 @elasticmachine @szwarckonrad @intxgo @kevinlog @manishgupta-qasource @muskangulati-qasource @sukhwindersingh-qasource