Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Defend Workflows]When we run the Live query it doesnot picks the Timeout Field value what we set while running it. #174082

Closed
sukhwindersingh-qasource opened this issue Jan 2, 2024 · 6 comments
Closed

[Defend Workflows]When we run the Live query it doesnot picks the Timeout Field value what we set while running it. #174082

sukhwindersingh-qasource opened this issue Jan 2, 2024 · 6 comments
Assignees
@szwarckonrad
Labels
bug Fixes for quality problems that affect the customer experience impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. OLM Sprint QA:Validated Issue has been validated by QA Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. triage_needed v8.12.1

Comments

@sukhwindersingh-qasource
Copy link

Describe the bug:
When we run the Live query it doesnot picks the Timeout Field value what we set while running it.

Build Details:

VERSION: 8.12.0 BC4
BUILD: 70016
COMMIT: c2fda4713eb89786cf07dba596f6d45136858fd5

Preconditions

  • Kibana should be running.
  • Agent with Osquery manager integration should be installed.
  • Create a Live query with the timeout field value as say 550s.

Steps to Reproduce

  • Navigate to Osquery > Live queries
  • Now click on run button of the Live query mentioned in the preconditions
  • Observe when we are running a Live query it's timeout field time changed to default time (60s), Instead of the time we have configured while we Run the query.

Actual result

  • When we run the Live query it doesnot picks the Timeout field value what we set while running it.

Expected Result

  • When we run the Live query it Should picks the Timeout field value what we set while running it like it does for ECS mapping

Screen-Cast

Live.queries.-.Osquery.-.Elastic.Mozilla.Firefox.2024-01-02.18-03-18.mp4
@sukhwindersingh-qasource sukhwindersingh-qasource added bug Fixes for quality problems that affect the customer experience triage_needed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Defend Workflows “EDR Workflows” sub-team of Security Solution labels Jan 2, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

@sukhwindersingh-qasource
Copy link
Author

@manishgupta-qasource please review this.
Thanks!

@manishgupta-qasource
Copy link

Reviewed and assigned to @dasansol92

Closed
@szwarckonrad szwarckonrad self-assigned this Jan 2, 2024
@szwarckonrad szwarckonrad mentioned this issue Jan 2, 2024
Merged
@sukhwindersingh-qasource sukhwindersingh-qasource changed the title [Security Solution]When we run the Live query it doesnot picks the Timeout Field value what we set while running it. [Defend Workflows]When we run the Live query it doesnot picks the Timeout Field value what we set while running it. Jan 4, 2024
szwarckonrad added a commit that referenced this issue Jan 22, 2024
@szwarckonrad
[EDR Workflows][Osquery] Missing timeout value when running query fro…
0aadaa9 
…m query history (#174088)

#174082

Fixed bug with `timeout` field not being properly passed from Query
History list to query form.
Added test coverage.
 

https://github.com/elastic/kibana/assets/29123534/48862490-d308-47c6-bdc1-d2c10ec8533d
szwarckonrad added a commit that referenced this issue Jan 22, 2024
@szwarckonrad
[8.12] [EDR Workflows][Osquery] Missing timeout value when running qu…
db5068d 
…ery from query history (#174088) (#175217)

# Backport

This will backport the following commits from `main` to `8.12`:
- [[EDR Workflows][Osquery] Missing timeout value when running query
from query history
(#174088)](#174088)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Konrad
Szwarc","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-01-22T14:17:12Z","message":"[EDR
Workflows][Osquery] Missing timeout value when running query from query
history
(#174088)\n\nhttps://github.com//issues/174082\r\n\r\nFixed
bug with `timeout` field not being properly passed from Query\r\nHistory
list to query form.\r\nAdded test coverage.\r\n
\r\n\r\nhttps://github.com/elastic/kibana/assets/29123534/48862490-d308-47c6-bdc1-d2c10ec8533d","sha":"0aadaa9d7cdc8c1b1f2c49731169b767176b9377","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","Team:Defend
Workflows","ci:all-cypress-suites","Osquery","v8.12.1","v8.13.0"],"number":174088,"url":"https://github.com/elastic/kibana/pull/174088","mergeCommit":{"message":"[EDR
Workflows][Osquery] Missing timeout value when running query from query
history
(#174088)\n\nhttps://github.com//issues/174082\r\n\r\nFixed
bug with `timeout` field not being properly passed from Query\r\nHistory
list to query form.\r\nAdded test coverage.\r\n
\r\n\r\nhttps://github.com/elastic/kibana/assets/29123534/48862490-d308-47c6-bdc1-d2c10ec8533d","sha":"0aadaa9d7cdc8c1b1f2c49731169b767176b9377"}},"sourceBranch":"main","suggestedTargetBranches":["8.12"],"targetPullRequestStates":[{"branch":"8.12","label":"v8.12.1","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.13.0","labelRegex":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/174088","number":174088,"mergeCommit":{"message":"[EDR
Workflows][Osquery] Missing timeout value when running query from query
history
(#174088)\n\nhttps://github.com//issues/174082\r\n\r\nFixed
bug with `timeout` field not being properly passed from Query\r\nHistory
list to query form.\r\nAdded test coverage.\r\n
\r\n\r\nhttps://github.com/elastic/kibana/assets/29123534/48862490-d308-47c6-bdc1-d2c10ec8533d","sha":"0aadaa9d7cdc8c1b1f2c49731169b767176b9377"}}]}]
BACKPORT-->
@szwarckonrad
Copy link
Contributor

Merged to main and backported to 8.12 should be available with next 8.12.1 BC

@szwarckonrad szwarckonrad added the QA:Ready for Testing Code is merged and ready for QA to validate label Jan 22, 2024
@muskangulati-qasource
Copy link

Hi @dasansol92,

We have tested this ticket on the BC1 build for 8.12.1. Please find below the testing details:

Build Details

VERSION: 8.12.1
BUILD: 70228
COMMIT: 3457f326b763887d154c9da00bd4e489221a2ff3

Screen Recording & Observations

  • The timeout field does not reset after navigating back to the query🟢
Live.queries.-.Osquery.-.Timeout.field.mp4

Hence, we are closing this issue and marking this as QA Validated.

Thank you!

@muskangulati-qasource muskangulati-qasource added QA:Validated Issue has been validated by QA and removed QA:Ready for Testing Code is merged and ready for QA to validate labels Feb 5, 2024
CoenWarmer pushed a commit to CoenWarmer/kibana that referenced this issue Feb 15, 2024
@szwarckonrad @CoenWarmer
[EDR Workflows][Osquery] Missing timeout value when running query fro…
8d1f3f7 
…m query history (elastic#174088)

elastic#174082

Fixed bug with `timeout` field not being properly passed from Query
History list to query form.
Added test coverage.
 

https://github.com/elastic/kibana/assets/29123534/48862490-d308-47c6-bdc1-d2c10ec8533d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@szwarckonrad szwarckonrad

Labels
bug Fixes for quality problems that affect the customer experience impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. OLM Sprint QA:Validated Issue has been validated by QA Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. triage_needed v8.12.1
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@dasansol92 @elasticmachine @szwarckonrad @manishgupta-qasource @muskangulati-qasource @sukhwindersingh-qasource