Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] “Author” and “License” Fields Are Editable in UI but Result in Errors When Updated #200251

Closed
Tracked by #201502
pborgonovi opened this issue Nov 14, 2024 · 6 comments · Fixed by #201887
Assignees
Labels
8.18 candidate bug Fixes for quality problems that affect the customer experience Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area Feature:Rule Edit Security Solution Detection Rule Editing workflow fixed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.17.0 v8.18.0

Comments

@pborgonovi
Copy link
Contributor

Describe the bug:
In the rule editing UI, the fields “Author” and “License” for prebuilt rules are currently enabled, allowing users to make edits. However, when the user attempts to save the changes, errors occur:

For the Author field: “Cannot update ‘author’ field for prebuilt rules (400)”
For the License field: “Cannot update ‘license’ field for prebuilt rules (400)”

The backend validation correctly blocks these changes, as these fields are not meant to be edited for prebuilt rules. However, the UI behavior is misleading, as it suggests that these fields can be modified.

Kibana/Elasticsearch Stack version:
8.x

Current branch: 8.x  
Latest commit: d0c9a2f1f52 - [8.x] [Stack Monitoring / Logs] Fix Stack Monitoring logs links (#200043) (#200227)  
Remote tracking: origin/8.x  
Status relative to remote: up to date (no pending commits)  

Server OS version:

Browser and Browser OS versions:

Elastic Endpoint version:

Original install method (e.g. download page, yum, from source, etc.):

Functional Area (e.g. Endpoint management, timelines, resolver, etc.):

Steps to reproduce:

  1. Open the Edit Rule page for a prebuilt rule.
  2. Modify the “Author” or “License” field.
  3. Attempt to save the changes.
  4. Observe the following errors in the UI:
    • For “Author”: “Cannot update ‘author’ field for prebuilt rules (400)”
    • For “License”: “Cannot update ‘license’ field for prebuilt rules (400)”

Current behavior:
The “Author” and “License” fields are enabled and editable in the UI.

Expected behavior:
The “Author” and “License” fields should be disabled (read-only) in the UI for prebuilt rules, preventing users from attempting to edit them.

Screenshots (if relevant):

Screen.Recording.2024-11-14.at.11.49.38.AM.mov

Errors in browser console (if relevant):

Provide logs and/or server output (if relevant):

Any additional context (logs, chat logs, magical formulas, etc.):

@pborgonovi pborgonovi added bug Fixes for quality problems that affect the customer experience impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team triage_needed labels Nov 14, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

@banderror
Copy link
Contributor

@dplumlee Please prioritize fixing this in the next 2 weeks. We should also reflect this use case in the test plan for the customization workflow you're working on and cover it with tests.

kibanamachine pushed a commit to kibanamachine/kibana that referenced this issue Dec 4, 2024
…it form for prebuilt rule types (elastic#201887)

## Summary

Fixes elastic#200251

> [!NOTE]
> This bug/related fix is only visible with the
`prebuiltRulesCustomizationEnabled` feature flag turned on.

Disables `author` and `license` fields in rule edit form for prebuilt
rule types as we throw API errors when they are changed from the
existing rule value if the rule source is external.

### Screenshots - the same prebuilt rule in the Rule edit form
**Before**
<img width="738" alt="Screenshot 2024-11-26 at 5 32 00 PM"
src="https://github.com/user-attachments/assets/6262cdb2-750a-47fb-b6b8-ec07f4acd8aa">

**After**
![Screenshot 2024-12-03 at 3 22
34 PM](https://github.com/user-attachments/assets/bfb4c468-3ea2-4fa0-bd36-a90c32eacce4)

### Checklist

Check the PR satisfies following conditions.

Reviewers should verify this PR satisfies this list as well.

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

(cherry picked from commit 13fa525)
kibanamachine pushed a commit to kibanamachine/kibana that referenced this issue Dec 4, 2024
…it form for prebuilt rule types (elastic#201887)

## Summary

Fixes elastic#200251

> [!NOTE]
> This bug/related fix is only visible with the
`prebuiltRulesCustomizationEnabled` feature flag turned on.

Disables `author` and `license` fields in rule edit form for prebuilt
rule types as we throw API errors when they are changed from the
existing rule value if the rule source is external.

### Screenshots - the same prebuilt rule in the Rule edit form
**Before**
<img width="738" alt="Screenshot 2024-11-26 at 5 32 00 PM"
src="https://github.com/user-attachments/assets/6262cdb2-750a-47fb-b6b8-ec07f4acd8aa">

**After**
![Screenshot 2024-12-03 at 3 22
34 PM](https://github.com/user-attachments/assets/bfb4c468-3ea2-4fa0-bd36-a90c32eacce4)

### Checklist

Check the PR satisfies following conditions.

Reviewers should verify this PR satisfies this list as well.

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

(cherry picked from commit 13fa525)
@banderror banderror added the fixed label Dec 5, 2024
@banderror
Copy link
Contributor

@pborgonovi Feel free to validate the fix or close right away.

@banderror banderror reopened this Dec 5, 2024
@pborgonovi
Copy link
Contributor Author

I've validated the fix and it looks good:

Screen.Recording.2024-12-05.at.9.32.38.AM.mov

Closing this ticket.

SoniaSanzV pushed a commit to SoniaSanzV/kibana that referenced this issue Dec 9, 2024
…it form for prebuilt rule types (elastic#201887)

## Summary

Fixes elastic#200251

> [!NOTE]  
> This bug/related fix is only visible with the
`prebuiltRulesCustomizationEnabled` feature flag turned on.

Disables `author` and `license` fields in rule edit form for prebuilt
rule types as we throw API errors when they are changed from the
existing rule value if the rule source is external.


### Screenshots - the same prebuilt rule in the Rule edit form
**Before**
<img width="738" alt="Screenshot 2024-11-26 at 5 32 00 PM"
src="https://github.com/user-attachments/assets/6262cdb2-750a-47fb-b6b8-ec07f4acd8aa">


**After**
![Screenshot 2024-12-03 at 3 22
34 PM](https://github.com/user-attachments/assets/bfb4c468-3ea2-4fa0-bd36-a90c32eacce4)

### Checklist

Check the PR satisfies following conditions. 

Reviewers should verify this PR satisfies this list as well.

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
SoniaSanzV pushed a commit to SoniaSanzV/kibana that referenced this issue Dec 9, 2024
…it form for prebuilt rule types (elastic#201887)

## Summary

Fixes elastic#200251

> [!NOTE]  
> This bug/related fix is only visible with the
`prebuiltRulesCustomizationEnabled` feature flag turned on.

Disables `author` and `license` fields in rule edit form for prebuilt
rule types as we throw API errors when they are changed from the
existing rule value if the rule source is external.


### Screenshots - the same prebuilt rule in the Rule edit form
**Before**
<img width="738" alt="Screenshot 2024-11-26 at 5 32 00 PM"
src="https://github.com/user-attachments/assets/6262cdb2-750a-47fb-b6b8-ec07f4acd8aa">


**After**
![Screenshot 2024-12-03 at 3 22
34 PM](https://github.com/user-attachments/assets/bfb4c468-3ea2-4fa0-bd36-a90c32eacce4)

### Checklist

Check the PR satisfies following conditions. 

Reviewers should verify this PR satisfies this list as well.

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
CAWilson94 pushed a commit to CAWilson94/kibana that referenced this issue Dec 9, 2024
…it form for prebuilt rule types (elastic#201887)

## Summary

Fixes elastic#200251

> [!NOTE]  
> This bug/related fix is only visible with the
`prebuiltRulesCustomizationEnabled` feature flag turned on.

Disables `author` and `license` fields in rule edit form for prebuilt
rule types as we throw API errors when they are changed from the
existing rule value if the rule source is external.


### Screenshots - the same prebuilt rule in the Rule edit form
**Before**
<img width="738" alt="Screenshot 2024-11-26 at 5 32 00 PM"
src="https://github.com/user-attachments/assets/6262cdb2-750a-47fb-b6b8-ec07f4acd8aa">


**After**
![Screenshot 2024-12-03 at 3 22
34 PM](https://github.com/user-attachments/assets/bfb4c468-3ea2-4fa0-bd36-a90c32eacce4)

### Checklist

Check the PR satisfies following conditions. 

Reviewers should verify this PR satisfies this list as well.

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
Samiul-TheSoccerFan pushed a commit to Samiul-TheSoccerFan/kibana that referenced this issue Dec 10, 2024
…it form for prebuilt rule types (elastic#201887)

## Summary

Fixes elastic#200251

> [!NOTE]  
> This bug/related fix is only visible with the
`prebuiltRulesCustomizationEnabled` feature flag turned on.

Disables `author` and `license` fields in rule edit form for prebuilt
rule types as we throw API errors when they are changed from the
existing rule value if the rule source is external.


### Screenshots - the same prebuilt rule in the Rule edit form
**Before**
<img width="738" alt="Screenshot 2024-11-26 at 5 32 00 PM"
src="https://github.com/user-attachments/assets/6262cdb2-750a-47fb-b6b8-ec07f4acd8aa">


**After**
![Screenshot 2024-12-03 at 3 22
34 PM](https://github.com/user-attachments/assets/bfb4c468-3ea2-4fa0-bd36-a90c32eacce4)

### Checklist

Check the PR satisfies following conditions. 

Reviewers should verify this PR satisfies this list as well.

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
CAWilson94 pushed a commit to CAWilson94/kibana that referenced this issue Dec 12, 2024
…it form for prebuilt rule types (elastic#201887)

## Summary

Fixes elastic#200251

> [!NOTE]  
> This bug/related fix is only visible with the
`prebuiltRulesCustomizationEnabled` feature flag turned on.

Disables `author` and `license` fields in rule edit form for prebuilt
rule types as we throw API errors when they are changed from the
existing rule value if the rule source is external.


### Screenshots - the same prebuilt rule in the Rule edit form
**Before**
<img width="738" alt="Screenshot 2024-11-26 at 5 32 00 PM"
src="https://github.com/user-attachments/assets/6262cdb2-750a-47fb-b6b8-ec07f4acd8aa">


**After**
![Screenshot 2024-12-03 at 3 22
34 PM](https://github.com/user-attachments/assets/bfb4c468-3ea2-4fa0-bd36-a90c32eacce4)

### Checklist

Check the PR satisfies following conditions. 

Reviewers should verify this PR satisfies this list as well.

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
8.18 candidate bug Fixes for quality problems that affect the customer experience Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area Feature:Rule Edit Security Solution Detection Rule Editing workflow fixed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.17.0 v8.18.0
Projects
None yet
4 participants