Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Disabled rule filters are displayed as enabled in rule details #141458

Closed
marshallmain opened this issue Sep 22, 2022 · 4 comments · Fixed by #177081
Closed

[Security Solution] Disabled rule filters are displayed as enabled in rule details #141458

marshallmain opened this issue Sep 22, 2022 · 4 comments · Fixed by #177081
Assignees
@banderror
Labels
8.13 candidate bug Fixes for quality problems that affect the customer experience Feature:Rule Details Security Solution Detection Rule Details page fixed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.13.0 v8.14.0

Comments

@marshallmain
Copy link
Contributor

marshallmain commented Sep 22, 2022
edited by banderror
Loading

Related to: #176866

Summary

Filters on detection rules can be temporarily disabled through the UI while leaving them attached to the rule.

image

However, there is no indication on the rule details page that the filter is disabled:

image

We should add an indication in the rule details UI when filters are disabled.
@marshallmain marshallmain added bug Fixes for quality problems that affect the customer experience impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Detection Alerts Security Detection Alerts Area Team labels Sep 22, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@marshallmain marshallmain mentioned this issue Nov 1, 2022
Closed
@marshallmain marshallmain added Team:Detection Rule Management Security Detection Rule Management Team and removed Team:Detection Alerts Security Detection Alerts Area Team labels Nov 17, 2022
@marshallmain marshallmain added the Feature:Rule Details Security Solution Detection Rule Details page label Nov 17, 2022
@banderror banderror added Team:Detections and Resp Security Detection Response Team and removed v8.6.0 labels Nov 24, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@banderror banderror changed the title [Security Solution][Alerts] Disabled rule filters are displayed as enabled in rule details [Security Solution] Disabled rule filters are displayed as enabled in rule details Nov 24, 2022
@banderror banderror mentioned this issue Feb 13, 2024
Closed
@banderror banderror mentioned this issue Feb 15, 2024
Merged
6 tasks
@banderror banderror self-assigned this Feb 15, 2024
banderror added a commit that referenced this issue Feb 19, 2024
@banderror
[Security Solution] Fix rule filters on the Rule Details page (#177081)
2672662 
**Fixes: #141458
**Fixes: #176866

## Summary

Fixes the bugs above by changing the `Filters` component:

- from using lower-level components like `FilterBadgeGroup` and custom
rendering
- to using a higher-level `FilterItems` component that's used inside a
larger component `QueryBar` (see the first screenshot below) on the Rule
Creation / Editing pages

Note that for some reason the end result still does not fully equal to
how filters look on the Rule Creation / Editing pages, where there are
fewer warnings. It's hard to say which rendering is the right one.

## Screenshots

**How filters look on the Rule Creation / Editing pages:**

<img width="989" alt="Screenshot 2024-02-15 at 21 25 00"
src="https://github.com/elastic/kibana/assets/7359339/01ca468f-be99-469a-8d75-ee5aa1a31fb0">

**Rule Details page BEFORE the fix:**

<img width="1792" alt="Screenshot 2024-02-15 at 21 23 46"
src="https://github.com/elastic/kibana/assets/7359339/d0e2aa6e-3050-4327-8025-f37125498fd6">
<img width="1792" alt="Screenshot 2024-02-15 at 21 24 02"
src="https://github.com/elastic/kibana/assets/7359339/a89302b2-f991-4547-bdac-c0f5a594a881">
<img width="1792" alt="Screenshot 2024-02-15 at 21 24 18"
src="https://github.com/elastic/kibana/assets/7359339/49c16b02-8d82-4f93-932f-3846880a0457">

**Rule Details page AFTER the fix 1 (filters use non-existing fields and
show warnings):**

<img width="1790" alt="Screenshot 2024-02-15 at 21 28 46"
src="https://github.com/elastic/kibana/assets/7359339/e229b4ff-6ee7-4444-b5c1-deb00d2b9b39">

**Rule Details page AFTER the fix 2 (filters use existing fields and
look normal):**

<img width="1792" alt="Screenshot 2024-02-15 at 21 37 45"
src="https://github.com/elastic/kibana/assets/7359339/b10905e7-803d-4404-aa02-8692ff964891">


### Checklist

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [ ] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [ ] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [ ] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)



### For maintainers

- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
kibanamachine pushed a commit to kibanamachine/kibana that referenced this issue Feb 19, 2024
@banderror
[Security Solution] Fix rule filters on the Rule Details page (elasti…
e92252d 
…c#177081)

**Fixes: elastic#141458
**Fixes: elastic#176866

## Summary

Fixes the bugs above by changing the `Filters` component:

- from using lower-level components like `FilterBadgeGroup` and custom
rendering
- to using a higher-level `FilterItems` component that's used inside a
larger component `QueryBar` (see the first screenshot below) on the Rule
Creation / Editing pages

Note that for some reason the end result still does not fully equal to
how filters look on the Rule Creation / Editing pages, where there are
fewer warnings. It's hard to say which rendering is the right one.

## Screenshots

**How filters look on the Rule Creation / Editing pages:**

<img width="989" alt="Screenshot 2024-02-15 at 21 25 00"
src="https://github.com/elastic/kibana/assets/7359339/01ca468f-be99-469a-8d75-ee5aa1a31fb0">

**Rule Details page BEFORE the fix:**

<img width="1792" alt="Screenshot 2024-02-15 at 21 23 46"
src="https://github.com/elastic/kibana/assets/7359339/d0e2aa6e-3050-4327-8025-f37125498fd6">
<img width="1792" alt="Screenshot 2024-02-15 at 21 24 02"
src="https://github.com/elastic/kibana/assets/7359339/a89302b2-f991-4547-bdac-c0f5a594a881">
<img width="1792" alt="Screenshot 2024-02-15 at 21 24 18"
src="https://github.com/elastic/kibana/assets/7359339/49c16b02-8d82-4f93-932f-3846880a0457">

**Rule Details page AFTER the fix 1 (filters use non-existing fields and
show warnings):**

<img width="1790" alt="Screenshot 2024-02-15 at 21 28 46"
src="https://github.com/elastic/kibana/assets/7359339/e229b4ff-6ee7-4444-b5c1-deb00d2b9b39">

**Rule Details page AFTER the fix 2 (filters use existing fields and
look normal):**

<img width="1792" alt="Screenshot 2024-02-15 at 21 37 45"
src="https://github.com/elastic/kibana/assets/7359339/b10905e7-803d-4404-aa02-8692ff964891">

### Checklist

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [ ] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [ ] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [ ] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)

### For maintainers

- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

(cherry picked from commit 2672662)
kibanamachine referenced this issue Feb 19, 2024
@kibanamachine @banderror
[8.13] [Security Solution] Fix rule filters on the Rule Details page (#…
7476496 
…177081) (#177242)

# Backport

This will backport the following commits from `main` to `8.13`:
- [[Security Solution] Fix rule filters on the Rule Details page
(#177081)](#177081)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Georgii
Gorbachev","email":"georgii.gorbachev@elastic.co"},"sourceCommit":{"committedDate":"2024-02-19T21:26:12Z","message":"[Security
Solution] Fix rule filters on the Rule Details page
(#177081)\n\n**Fixes:
https://github.com/elastic/kibana/issues/141458**\r\n**Fixes:
https://github.com/elastic/kibana/issues/176866**\r\n\r\n##
Summary\r\n\r\nFixes the bugs above by changing the `Filters`
component:\r\n\r\n- from using lower-level components like
`FilterBadgeGroup` and custom\r\nrendering\r\n- to using a higher-level
`FilterItems` component that's used inside a\r\nlarger component
`QueryBar` (see the first screenshot below) on the Rule\r\nCreation /
Editing pages\r\n\r\nNote that for some reason the end result still does
not fully equal to\r\nhow filters look on the Rule Creation / Editing
pages, where there are\r\nfewer warnings. It's hard to say which
rendering is the right one.\r\n\r\n## Screenshots\r\n\r\n**How filters
look on the Rule Creation / Editing pages:**\r\n\r\n<img width=\"989\"
alt=\"Screenshot 2024-02-15 at 21 25
00\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/01ca468f-be99-469a-8d75-ee5aa1a31fb0\">\r\n\r\n**Rule
Details page BEFORE the fix:**\r\n\r\n<img width=\"1792\"
alt=\"Screenshot 2024-02-15 at 21 23
46\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/d0e2aa6e-3050-4327-8025-f37125498fd6\">\r\n<img
width=\"1792\" alt=\"Screenshot 2024-02-15 at 21 24
02\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/a89302b2-f991-4547-bdac-c0f5a594a881\">\r\n<img
width=\"1792\" alt=\"Screenshot 2024-02-15 at 21 24
18\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/49c16b02-8d82-4f93-932f-3846880a0457\">\r\n\r\n**Rule
Details page AFTER the fix 1 (filters use non-existing fields
and\r\nshow warnings):**\r\n\r\n<img width=\"1790\" alt=\"Screenshot
2024-02-15 at 21 28
46\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/e229b4ff-6ee7-4444-b5c1-deb00d2b9b39\">\r\n\r\n**Rule
Details page AFTER the fix 2 (filters use existing fields and\r\nlook
normal):**\r\n\r\n<img width=\"1792\" alt=\"Screenshot 2024-02-15 at 21
37
45\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/b10905e7-803d-4404-aa02-8692ff964891\">\r\n\r\n\r\n###
Checklist\r\n\r\n- [ ] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [ ] Any UI
touched in this PR is usable by keyboard only (learn more\r\nabout
[keyboard accessibility](https://webaim.org/techniques/keyboard/))\r\n-
[ ] Any UI touched in this PR does not create any new axe
failures\r\n(run axe in
browser:\r\n[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),\r\n[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))\r\n-
[ ] This renders correctly on smaller devices using a
responsive\r\nlayout. (You can test this [in
your\r\nbrowser](https://www.browserstack.com/guide/responsive-testing-on-local-server))\r\n-
[ ] This was checked for
[cross-browser\r\ncompatibility](https://www.elastic.co/support/matrix#matrix_browsers)\r\n\r\n\r\n\r\n###
For maintainers\r\n\r\n- [x] This was checked for breaking API changes
and was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"26726625394dfc4a5143dd1e1c895487c2f90380","branchLabelMapping":{"^v8.14.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","impact:medium","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection Rule
Management","Feature:Rule Details","8.13
candidate","v8.13.0","v8.12.2","v8.14.0"],"title":"[Security Solution]
Fix rule filters on the Rule Details
page","number":177081,"url":"https://github.com/elastic/kibana/pull/177081","mergeCommit":{"message":"[Security
Solution] Fix rule filters on the Rule Details page
(#177081)\n\n**Fixes:
https://github.com/elastic/kibana/issues/141458**\r\n**Fixes:
https://github.com/elastic/kibana/issues/176866**\r\n\r\n##
Summary\r\n\r\nFixes the bugs above by changing the `Filters`
component:\r\n\r\n- from using lower-level components like
`FilterBadgeGroup` and custom\r\nrendering\r\n- to using a higher-level
`FilterItems` component that's used inside a\r\nlarger component
`QueryBar` (see the first screenshot below) on the Rule\r\nCreation /
Editing pages\r\n\r\nNote that for some reason the end result still does
not fully equal to\r\nhow filters look on the Rule Creation / Editing
pages, where there are\r\nfewer warnings. It's hard to say which
rendering is the right one.\r\n\r\n## Screenshots\r\n\r\n**How filters
look on the Rule Creation / Editing pages:**\r\n\r\n<img width=\"989\"
alt=\"Screenshot 2024-02-15 at 21 25
00\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/01ca468f-be99-469a-8d75-ee5aa1a31fb0\">\r\n\r\n**Rule
Details page BEFORE the fix:**\r\n\r\n<img width=\"1792\"
alt=\"Screenshot 2024-02-15 at 21 23
46\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/d0e2aa6e-3050-4327-8025-f37125498fd6\">\r\n<img
width=\"1792\" alt=\"Screenshot 2024-02-15 at 21 24
02\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/a89302b2-f991-4547-bdac-c0f5a594a881\">\r\n<img
width=\"1792\" alt=\"Screenshot 2024-02-15 at 21 24
18\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/49c16b02-8d82-4f93-932f-3846880a0457\">\r\n\r\n**Rule
Details page AFTER the fix 1 (filters use non-existing fields
and\r\nshow warnings):**\r\n\r\n<img width=\"1790\" alt=\"Screenshot
2024-02-15 at 21 28
46\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/e229b4ff-6ee7-4444-b5c1-deb00d2b9b39\">\r\n\r\n**Rule
Details page AFTER the fix 2 (filters use existing fields and\r\nlook
normal):**\r\n\r\n<img width=\"1792\" alt=\"Screenshot 2024-02-15 at 21
37
45\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/b10905e7-803d-4404-aa02-8692ff964891\">\r\n\r\n\r\n###
Checklist\r\n\r\n- [ ] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [ ] Any UI
touched in this PR is usable by keyboard only (learn more\r\nabout
[keyboard accessibility](https://webaim.org/techniques/keyboard/))\r\n-
[ ] Any UI touched in this PR does not create any new axe
failures\r\n(run axe in
browser:\r\n[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),\r\n[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))\r\n-
[ ] This renders correctly on smaller devices using a
responsive\r\nlayout. (You can test this [in
your\r\nbrowser](https://www.browserstack.com/guide/responsive-testing-on-local-server))\r\n-
[ ] This was checked for
[cross-browser\r\ncompatibility](https://www.elastic.co/support/matrix#matrix_browsers)\r\n\r\n\r\n\r\n###
For maintainers\r\n\r\n- [x] This was checked for breaking API changes
and was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"26726625394dfc4a5143dd1e1c895487c2f90380"}},"sourceBranch":"main","suggestedTargetBranches":["8.13","8.12"],"targetPullRequestStates":[{"branch":"8.13","label":"v8.13.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.12","label":"v8.12.2","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.14.0","branchLabelMappingKey":"^v8.14.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/177081","number":177081,"mergeCommit":{"message":"[Security
Solution] Fix rule filters on the Rule Details page
(#177081)\n\n**Fixes:
https://github.com/elastic/kibana/issues/141458**\r\n**Fixes:
https://github.com/elastic/kibana/issues/176866**\r\n\r\n##
Summary\r\n\r\nFixes the bugs above by changing the `Filters`
component:\r\n\r\n- from using lower-level components like
`FilterBadgeGroup` and custom\r\nrendering\r\n- to using a higher-level
`FilterItems` component that's used inside a\r\nlarger component
`QueryBar` (see the first screenshot below) on the Rule\r\nCreation /
Editing pages\r\n\r\nNote that for some reason the end result still does
not fully equal to\r\nhow filters look on the Rule Creation / Editing
pages, where there are\r\nfewer warnings. It's hard to say which
rendering is the right one.\r\n\r\n## Screenshots\r\n\r\n**How filters
look on the Rule Creation / Editing pages:**\r\n\r\n<img width=\"989\"
alt=\"Screenshot 2024-02-15 at 21 25
00\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/01ca468f-be99-469a-8d75-ee5aa1a31fb0\">\r\n\r\n**Rule
Details page BEFORE the fix:**\r\n\r\n<img width=\"1792\"
alt=\"Screenshot 2024-02-15 at 21 23
46\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/d0e2aa6e-3050-4327-8025-f37125498fd6\">\r\n<img
width=\"1792\" alt=\"Screenshot 2024-02-15 at 21 24
02\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/a89302b2-f991-4547-bdac-c0f5a594a881\">\r\n<img
width=\"1792\" alt=\"Screenshot 2024-02-15 at 21 24
18\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/49c16b02-8d82-4f93-932f-3846880a0457\">\r\n\r\n**Rule
Details page AFTER the fix 1 (filters use non-existing fields
and\r\nshow warnings):**\r\n\r\n<img width=\"1790\" alt=\"Screenshot
2024-02-15 at 21 28
46\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/e229b4ff-6ee7-4444-b5c1-deb00d2b9b39\">\r\n\r\n**Rule
Details page AFTER the fix 2 (filters use existing fields and\r\nlook
normal):**\r\n\r\n<img width=\"1792\" alt=\"Screenshot 2024-02-15 at 21
37
45\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/b10905e7-803d-4404-aa02-8692ff964891\">\r\n\r\n\r\n###
Checklist\r\n\r\n- [ ] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [ ] Any UI
touched in this PR is usable by keyboard only (learn more\r\nabout
[keyboard accessibility](https://webaim.org/techniques/keyboard/))\r\n-
[ ] Any UI touched in this PR does not create any new axe
failures\r\n(run axe in
browser:\r\n[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),\r\n[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))\r\n-
[ ] This renders correctly on smaller devices using a
responsive\r\nlayout. (You can test this [in
your\r\nbrowser](https://www.browserstack.com/guide/responsive-testing-on-local-server))\r\n-
[ ] This was checked for
[cross-browser\r\ncompatibility](https://www.elastic.co/support/matrix#matrix_browsers)\r\n\r\n\r\n\r\n###
For maintainers\r\n\r\n- [x] This was checked for breaking API changes
and was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"26726625394dfc4a5143dd1e1c895487c2f90380"}}]}]
BACKPORT-->

Co-authored-by: Georgii Gorbachev <georgii.gorbachev@elastic.co>
banderror added a commit to banderror/kibana that referenced this issue Feb 20, 2024
@banderror
[Security Solution] Fix rule filters on the Rule Details page (elasti…
797c347 
…c#177081)

**Fixes: elastic#141458
**Fixes: elastic#176866

## Summary

Fixes the bugs above by changing the `Filters` component:

- from using lower-level components like `FilterBadgeGroup` and custom
rendering
- to using a higher-level `FilterItems` component that's used inside a
larger component `QueryBar` (see the first screenshot below) on the Rule
Creation / Editing pages

Note that for some reason the end result still does not fully equal to
how filters look on the Rule Creation / Editing pages, where there are
fewer warnings. It's hard to say which rendering is the right one.

## Screenshots

**How filters look on the Rule Creation / Editing pages:**

<img width="989" alt="Screenshot 2024-02-15 at 21 25 00"
src="https://github.com/elastic/kibana/assets/7359339/01ca468f-be99-469a-8d75-ee5aa1a31fb0">

**Rule Details page BEFORE the fix:**

<img width="1792" alt="Screenshot 2024-02-15 at 21 23 46"
src="https://github.com/elastic/kibana/assets/7359339/d0e2aa6e-3050-4327-8025-f37125498fd6">
<img width="1792" alt="Screenshot 2024-02-15 at 21 24 02"
src="https://github.com/elastic/kibana/assets/7359339/a89302b2-f991-4547-bdac-c0f5a594a881">
<img width="1792" alt="Screenshot 2024-02-15 at 21 24 18"
src="https://github.com/elastic/kibana/assets/7359339/49c16b02-8d82-4f93-932f-3846880a0457">

**Rule Details page AFTER the fix 1 (filters use non-existing fields and
show warnings):**

<img width="1790" alt="Screenshot 2024-02-15 at 21 28 46"
src="https://github.com/elastic/kibana/assets/7359339/e229b4ff-6ee7-4444-b5c1-deb00d2b9b39">

**Rule Details page AFTER the fix 2 (filters use existing fields and
look normal):**

<img width="1792" alt="Screenshot 2024-02-15 at 21 37 45"
src="https://github.com/elastic/kibana/assets/7359339/b10905e7-803d-4404-aa02-8692ff964891">

### Checklist

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [ ] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [ ] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [ ] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)

### For maintainers

- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

(cherry picked from commit 2672662)

# Conflicts:
#	x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/rule_definition_section.tsx
@banderror banderror mentioned this issue Feb 20, 2024
Merged
@banderror
Copy link
Contributor

Hey @vgomez-el, we fixed two bugs by merging #177081, one of them is this ticket. I don't think we need validation from the QA side because of the way we fixed it and tested ourselves. However, it would be great if we could do extra exploratory testing for rule filters on the Rule Details page before the 8.13.0 release, because that PR replaced the components we used for rendering filters with completely different components. Thank you!

@banderror banderror reopened this Feb 20, 2024
fkanout pushed a commit to fkanout/kibana that referenced this issue Mar 4, 2024
@banderror @fkanout
[Security Solution] Fix rule filters on the Rule Details page (elasti…
0b662ec 
…c#177081)

**Fixes: elastic#141458
**Fixes: elastic#176866

## Summary

Fixes the bugs above by changing the `Filters` component:

- from using lower-level components like `FilterBadgeGroup` and custom
rendering
- to using a higher-level `FilterItems` component that's used inside a
larger component `QueryBar` (see the first screenshot below) on the Rule
Creation / Editing pages

Note that for some reason the end result still does not fully equal to
how filters look on the Rule Creation / Editing pages, where there are
fewer warnings. It's hard to say which rendering is the right one.

## Screenshots

**How filters look on the Rule Creation / Editing pages:**

<img width="989" alt="Screenshot 2024-02-15 at 21 25 00"
src="https://github.com/elastic/kibana/assets/7359339/01ca468f-be99-469a-8d75-ee5aa1a31fb0">

**Rule Details page BEFORE the fix:**

<img width="1792" alt="Screenshot 2024-02-15 at 21 23 46"
src="https://github.com/elastic/kibana/assets/7359339/d0e2aa6e-3050-4327-8025-f37125498fd6">
<img width="1792" alt="Screenshot 2024-02-15 at 21 24 02"
src="https://github.com/elastic/kibana/assets/7359339/a89302b2-f991-4547-bdac-c0f5a594a881">
<img width="1792" alt="Screenshot 2024-02-15 at 21 24 18"
src="https://github.com/elastic/kibana/assets/7359339/49c16b02-8d82-4f93-932f-3846880a0457">

**Rule Details page AFTER the fix 1 (filters use non-existing fields and
show warnings):**

<img width="1790" alt="Screenshot 2024-02-15 at 21 28 46"
src="https://github.com/elastic/kibana/assets/7359339/e229b4ff-6ee7-4444-b5c1-deb00d2b9b39">

**Rule Details page AFTER the fix 2 (filters use existing fields and
look normal):**

<img width="1792" alt="Screenshot 2024-02-15 at 21 37 45"
src="https://github.com/elastic/kibana/assets/7359339/b10905e7-803d-4404-aa02-8692ff964891">


### Checklist

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [ ] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [ ] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [ ] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)



### For maintainers

- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
@vgomez-el vgomez-el added the QA:Validated Issue has been validated by QA label Mar 6, 2024
@vgomez-el
Copy link

@banderror I have performed some exploratory testing and the bug is fixed and validated on 8.13 BC3:
image
but I have find some strange behaviours with the filter component so I will create a new bug for it.

Thanks for the fix!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@banderror banderror

Labels
8.13 candidate bug Fixes for quality problems that affect the customer experience Feature:Rule Details Security Solution Detection Rule Details page fixed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.13.0 v8.14.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Security Solution] Fix rule filters on the Rule Details page banderror/kibana
7 participants
@banderror @elasticmachine @nikitaindik @marshallmain @dplumlee @vitaliidm @vgomez-el