[Security Solution] Detection Rules fail to install/update with basic license #197246

syk-99 · 2024-10-22T13:40:26Z

Describe the bug:

Some rules (probably machine learning rules) fail to install/update when basic license is in use.

Kibana/Elasticsearch Stack version:

8.15.3

Server OS version:

Debian and Ubuntu

Original install method (e.g. download page, yum, from source, etc.):

Debian Package from artifacts.elastic.co

Functional Area (e.g. Endpoint management, timelines, resolver, etc.):

Detection Rules

Steps to reproduce:

Install Elasticsearch, Kibana (Debian Package)
Add Prebuilt Rules
Install all Rules (maybe the error happens here as well - could not test with a new setup)
Wait for new rules to be available (including machine learning rules)
Try to install the new rules

Current behavior:

Some/all ML-rules fail to install - showing a green success-message in the bottom right of the screen "X rules failed to install" without any hint of the cause.
Numbers for installable rules (upgradable rules) increase over time.
Some ML-rules can be enabled even with a basic license in use.

Expected behavior:

All rules should be installable/upgradable regardless of applied license.

Errors in browser console:

Request to
[...]internal/detection_engine/prebuilt_rules/install/_perform
is answered with
"message": "Your license does not support machine learning. Please upgrade your license."
(same behaviour for certain conditions when requesting
[...]internal/detection_engine/prebuilt_rules/update/_perform

Any additional context (logs, chat logs, magical formulas, etc.):

Similar reports of this bug:
#190753
https://discuss.elastic.co/t/detection-rules-update-failure/369051
Screenshot of ML-rules that can be enabled even with a basic license:

The text was updated successfully, but these errors were encountered:

elasticmachine · 2024-10-22T13:40:28Z

Pinging @elastic/security-solution (Team: SecuritySolution)

elasticmachine · 2024-10-22T14:36:59Z

Pinging @elastic/security-detections-response (Team:Detections and Resp)

elasticmachine · 2024-10-22T14:36:59Z

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

syk-99 · 2024-10-29T06:57:20Z

Todays Update of "Prebuilt Security Detection Rules" to Version 8.15.8 completed showing this mixed Error/Success-Message (Screenshot):

syk-99 added bug Fixes for quality problems that affect the customer experience Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. triage_needed labels Oct 22, 2024

MadameSheema added Team:Detections and Resp Security Detection Response Team Team:Detection Rule Management Security Detection Rule Management Team labels Oct 22, 2024

MadameSheema assigned banderror Oct 22, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Security Solution] Detection Rules fail to install/update with basic license #197246

[Security Solution] Detection Rules fail to install/update with basic license #197246

syk-99 commented Oct 22, 2024

elasticmachine commented Oct 22, 2024

elasticmachine commented Oct 22, 2024

elasticmachine commented Oct 22, 2024

syk-99 commented Oct 29, 2024

[Security Solution] Detection Rules fail to install/update with basic license #197246

[Security Solution] Detection Rules fail to install/update with basic license #197246

Comments

syk-99 commented Oct 22, 2024

Describe the bug:

Kibana/Elasticsearch Stack version:

Server OS version:

Original install method (e.g. download page, yum, from source, etc.):

Functional Area (e.g. Endpoint management, timelines, resolver, etc.):

Steps to reproduce:

Current behavior:

Expected behavior:

Errors in browser console:

Any additional context (logs, chat logs, magical formulas, etc.):

elasticmachine commented Oct 22, 2024

elasticmachine commented Oct 22, 2024

elasticmachine commented Oct 22, 2024

syk-99 commented Oct 29, 2024