Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Negated rule filters with custom labels are not displayed as negated on the Rule Details page #176866

Closed
banderror opened this issue Feb 13, 2024 · 3 comments · Fixed by #177081
Closed

[Security Solution] Negated rule filters with custom labels are not displayed as negated on the Rule Details page #176866

banderror opened this issue Feb 13, 2024 · 3 comments · Fixed by #177081
Assignees
@banderror
Labels
8.13 candidate bug Fixes for quality problems that affect the customer experience Feature:Rule Details Security Solution Detection Rule Details page fixed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.13.0 v8.14.0

Comments

@banderror
Copy link
Contributor

banderror commented Feb 13, 2024
edited
Loading

Related to: #141458

Summary

Create a rule. On the Rule Creation page, add a filter with a custom label:

Screenshot_2024-02-13_at_21_19_42

Click "Exclude results". See that a NOT prefix was added to the filter's element:

Screenshot_2024-02-13_at_21_19_57

Save the rule. Notice that on the Rule Details page we don't show that NOT prefix:

Screenshot_2024-02-13_at_21_20_24
@banderror banderror added bug Fixes for quality problems that affect the customer experience impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Detection Rule Management Security Detection Rule Management Team Feature:Rule Details Security Solution Detection Rule Details page labels Feb 13, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

@banderror banderror changed the title [Security Solution] Negated rule filters with custom labels are not displayed as negated on the Rule Details page [Security Solution] Negated filters with custom labels are not displayed as negated on the Rule Details page Feb 13, 2024
@banderror banderror changed the title [Security Solution] Negated filters with custom labels are not displayed as negated on the Rule Details page [Security Solution] Negated rule filters with custom labels are not displayed as negated on the Rule Details page Feb 13, 2024
This was referenced Feb 13, 2024
Closed
Merged
@shayfeld shayfeld mentioned this issue Feb 15, 2024
Closed
@banderror banderror mentioned this issue Feb 15, 2024
Merged
6 tasks
@banderror banderror self-assigned this Feb 15, 2024
kibanamachine pushed a commit to kibanamachine/kibana that referenced this issue Feb 19, 2024
@banderror
[Security Solution] Fix rule filters on the Rule Details page (elasti…
e92252d 
…c#177081)

**Fixes: elastic#141458
**Fixes: elastic#176866

## Summary

Fixes the bugs above by changing the `Filters` component:

- from using lower-level components like `FilterBadgeGroup` and custom
rendering
- to using a higher-level `FilterItems` component that's used inside a
larger component `QueryBar` (see the first screenshot below) on the Rule
Creation / Editing pages

Note that for some reason the end result still does not fully equal to
how filters look on the Rule Creation / Editing pages, where there are
fewer warnings. It's hard to say which rendering is the right one.

## Screenshots

**How filters look on the Rule Creation / Editing pages:**

<img width="989" alt="Screenshot 2024-02-15 at 21 25 00"
src="https://github.com/elastic/kibana/assets/7359339/01ca468f-be99-469a-8d75-ee5aa1a31fb0">

**Rule Details page BEFORE the fix:**

<img width="1792" alt="Screenshot 2024-02-15 at 21 23 46"
src="https://github.com/elastic/kibana/assets/7359339/d0e2aa6e-3050-4327-8025-f37125498fd6">
<img width="1792" alt="Screenshot 2024-02-15 at 21 24 02"
src="https://github.com/elastic/kibana/assets/7359339/a89302b2-f991-4547-bdac-c0f5a594a881">
<img width="1792" alt="Screenshot 2024-02-15 at 21 24 18"
src="https://github.com/elastic/kibana/assets/7359339/49c16b02-8d82-4f93-932f-3846880a0457">

**Rule Details page AFTER the fix 1 (filters use non-existing fields and
show warnings):**

<img width="1790" alt="Screenshot 2024-02-15 at 21 28 46"
src="https://github.com/elastic/kibana/assets/7359339/e229b4ff-6ee7-4444-b5c1-deb00d2b9b39">

**Rule Details page AFTER the fix 2 (filters use existing fields and
look normal):**

<img width="1792" alt="Screenshot 2024-02-15 at 21 37 45"
src="https://github.com/elastic/kibana/assets/7359339/b10905e7-803d-4404-aa02-8692ff964891">

### Checklist

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [ ] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [ ] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [ ] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)

### For maintainers

- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

(cherry picked from commit 2672662)
kibanamachine referenced this issue Feb 19, 2024
@kibanamachine @banderror
[8.13] [Security Solution] Fix rule filters on the Rule Details page (#…
7476496 
…177081) (#177242)

# Backport

This will backport the following commits from `main` to `8.13`:
- [[Security Solution] Fix rule filters on the Rule Details page
(#177081)](#177081)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Georgii
Gorbachev","email":"georgii.gorbachev@elastic.co"},"sourceCommit":{"committedDate":"2024-02-19T21:26:12Z","message":"[Security
Solution] Fix rule filters on the Rule Details page
(#177081)\n\n**Fixes:
https://github.com/elastic/kibana/issues/141458**\r\n**Fixes:
https://github.com/elastic/kibana/issues/176866**\r\n\r\n##
Summary\r\n\r\nFixes the bugs above by changing the `Filters`
component:\r\n\r\n- from using lower-level components like
`FilterBadgeGroup` and custom\r\nrendering\r\n- to using a higher-level
`FilterItems` component that's used inside a\r\nlarger component
`QueryBar` (see the first screenshot below) on the Rule\r\nCreation /
Editing pages\r\n\r\nNote that for some reason the end result still does
not fully equal to\r\nhow filters look on the Rule Creation / Editing
pages, where there are\r\nfewer warnings. It's hard to say which
rendering is the right one.\r\n\r\n## Screenshots\r\n\r\n**How filters
look on the Rule Creation / Editing pages:**\r\n\r\n<img width=\"989\"
alt=\"Screenshot 2024-02-15 at 21 25
00\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/01ca468f-be99-469a-8d75-ee5aa1a31fb0\">\r\n\r\n**Rule
Details page BEFORE the fix:**\r\n\r\n<img width=\"1792\"
alt=\"Screenshot 2024-02-15 at 21 23
46\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/d0e2aa6e-3050-4327-8025-f37125498fd6\">\r\n<img
width=\"1792\" alt=\"Screenshot 2024-02-15 at 21 24
02\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/a89302b2-f991-4547-bdac-c0f5a594a881\">\r\n<img
width=\"1792\" alt=\"Screenshot 2024-02-15 at 21 24
18\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/49c16b02-8d82-4f93-932f-3846880a0457\">\r\n\r\n**Rule
Details page AFTER the fix 1 (filters use non-existing fields
and\r\nshow warnings):**\r\n\r\n<img width=\"1790\" alt=\"Screenshot
2024-02-15 at 21 28
46\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/e229b4ff-6ee7-4444-b5c1-deb00d2b9b39\">\r\n\r\n**Rule
Details page AFTER the fix 2 (filters use existing fields and\r\nlook
normal):**\r\n\r\n<img width=\"1792\" alt=\"Screenshot 2024-02-15 at 21
37
45\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/b10905e7-803d-4404-aa02-8692ff964891\">\r\n\r\n\r\n###
Checklist\r\n\r\n- [ ] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [ ] Any UI
touched in this PR is usable by keyboard only (learn more\r\nabout
[keyboard accessibility](https://webaim.org/techniques/keyboard/))\r\n-
[ ] Any UI touched in this PR does not create any new axe
failures\r\n(run axe in
browser:\r\n[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),\r\n[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))\r\n-
[ ] This renders correctly on smaller devices using a
responsive\r\nlayout. (You can test this [in
your\r\nbrowser](https://www.browserstack.com/guide/responsive-testing-on-local-server))\r\n-
[ ] This was checked for
[cross-browser\r\ncompatibility](https://www.elastic.co/support/matrix#matrix_browsers)\r\n\r\n\r\n\r\n###
For maintainers\r\n\r\n- [x] This was checked for breaking API changes
and was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"26726625394dfc4a5143dd1e1c895487c2f90380","branchLabelMapping":{"^v8.14.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","impact:medium","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection Rule
Management","Feature:Rule Details","8.13
candidate","v8.13.0","v8.12.2","v8.14.0"],"title":"[Security Solution]
Fix rule filters on the Rule Details
page","number":177081,"url":"https://github.com/elastic/kibana/pull/177081","mergeCommit":{"message":"[Security
Solution] Fix rule filters on the Rule Details page
(#177081)\n\n**Fixes:
https://github.com/elastic/kibana/issues/141458**\r\n**Fixes:
https://github.com/elastic/kibana/issues/176866**\r\n\r\n##
Summary\r\n\r\nFixes the bugs above by changing the `Filters`
component:\r\n\r\n- from using lower-level components like
`FilterBadgeGroup` and custom\r\nrendering\r\n- to using a higher-level
`FilterItems` component that's used inside a\r\nlarger component
`QueryBar` (see the first screenshot below) on the Rule\r\nCreation /
Editing pages\r\n\r\nNote that for some reason the end result still does
not fully equal to\r\nhow filters look on the Rule Creation / Editing
pages, where there are\r\nfewer warnings. It's hard to say which
rendering is the right one.\r\n\r\n## Screenshots\r\n\r\n**How filters
look on the Rule Creation / Editing pages:**\r\n\r\n<img width=\"989\"
alt=\"Screenshot 2024-02-15 at 21 25
00\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/01ca468f-be99-469a-8d75-ee5aa1a31fb0\">\r\n\r\n**Rule
Details page BEFORE the fix:**\r\n\r\n<img width=\"1792\"
alt=\"Screenshot 2024-02-15 at 21 23
46\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/d0e2aa6e-3050-4327-8025-f37125498fd6\">\r\n<img
width=\"1792\" alt=\"Screenshot 2024-02-15 at 21 24
02\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/a89302b2-f991-4547-bdac-c0f5a594a881\">\r\n<img
width=\"1792\" alt=\"Screenshot 2024-02-15 at 21 24
18\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/49c16b02-8d82-4f93-932f-3846880a0457\">\r\n\r\n**Rule
Details page AFTER the fix 1 (filters use non-existing fields
and\r\nshow warnings):**\r\n\r\n<img width=\"1790\" alt=\"Screenshot
2024-02-15 at 21 28
46\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/e229b4ff-6ee7-4444-b5c1-deb00d2b9b39\">\r\n\r\n**Rule
Details page AFTER the fix 2 (filters use existing fields and\r\nlook
normal):**\r\n\r\n<img width=\"1792\" alt=\"Screenshot 2024-02-15 at 21
37
45\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/b10905e7-803d-4404-aa02-8692ff964891\">\r\n\r\n\r\n###
Checklist\r\n\r\n- [ ] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [ ] Any UI
touched in this PR is usable by keyboard only (learn more\r\nabout
[keyboard accessibility](https://webaim.org/techniques/keyboard/))\r\n-
[ ] Any UI touched in this PR does not create any new axe
failures\r\n(run axe in
browser:\r\n[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),\r\n[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))\r\n-
[ ] This renders correctly on smaller devices using a
responsive\r\nlayout. (You can test this [in
your\r\nbrowser](https://www.browserstack.com/guide/responsive-testing-on-local-server))\r\n-
[ ] This was checked for
[cross-browser\r\ncompatibility](https://www.elastic.co/support/matrix#matrix_browsers)\r\n\r\n\r\n\r\n###
For maintainers\r\n\r\n- [x] This was checked for breaking API changes
and was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"26726625394dfc4a5143dd1e1c895487c2f90380"}},"sourceBranch":"main","suggestedTargetBranches":["8.13","8.12"],"targetPullRequestStates":[{"branch":"8.13","label":"v8.13.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.12","label":"v8.12.2","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.14.0","branchLabelMappingKey":"^v8.14.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/177081","number":177081,"mergeCommit":{"message":"[Security
Solution] Fix rule filters on the Rule Details page
(#177081)\n\n**Fixes:
https://github.com/elastic/kibana/issues/141458**\r\n**Fixes:
https://github.com/elastic/kibana/issues/176866**\r\n\r\n##
Summary\r\n\r\nFixes the bugs above by changing the `Filters`
component:\r\n\r\n- from using lower-level components like
`FilterBadgeGroup` and custom\r\nrendering\r\n- to using a higher-level
`FilterItems` component that's used inside a\r\nlarger component
`QueryBar` (see the first screenshot below) on the Rule\r\nCreation /
Editing pages\r\n\r\nNote that for some reason the end result still does
not fully equal to\r\nhow filters look on the Rule Creation / Editing
pages, where there are\r\nfewer warnings. It's hard to say which
rendering is the right one.\r\n\r\n## Screenshots\r\n\r\n**How filters
look on the Rule Creation / Editing pages:**\r\n\r\n<img width=\"989\"
alt=\"Screenshot 2024-02-15 at 21 25
00\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/01ca468f-be99-469a-8d75-ee5aa1a31fb0\">\r\n\r\n**Rule
Details page BEFORE the fix:**\r\n\r\n<img width=\"1792\"
alt=\"Screenshot 2024-02-15 at 21 23
46\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/d0e2aa6e-3050-4327-8025-f37125498fd6\">\r\n<img
width=\"1792\" alt=\"Screenshot 2024-02-15 at 21 24
02\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/a89302b2-f991-4547-bdac-c0f5a594a881\">\r\n<img
width=\"1792\" alt=\"Screenshot 2024-02-15 at 21 24
18\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/49c16b02-8d82-4f93-932f-3846880a0457\">\r\n\r\n**Rule
Details page AFTER the fix 1 (filters use non-existing fields
and\r\nshow warnings):**\r\n\r\n<img width=\"1790\" alt=\"Screenshot
2024-02-15 at 21 28
46\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/e229b4ff-6ee7-4444-b5c1-deb00d2b9b39\">\r\n\r\n**Rule
Details page AFTER the fix 2 (filters use existing fields and\r\nlook
normal):**\r\n\r\n<img width=\"1792\" alt=\"Screenshot 2024-02-15 at 21
37
45\"\r\nsrc=\"https://github.com/elastic/kibana/assets/7359339/b10905e7-803d-4404-aa02-8692ff964891\">\r\n\r\n\r\n###
Checklist\r\n\r\n- [ ] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [ ] Any UI
touched in this PR is usable by keyboard only (learn more\r\nabout
[keyboard accessibility](https://webaim.org/techniques/keyboard/))\r\n-
[ ] Any UI touched in this PR does not create any new axe
failures\r\n(run axe in
browser:\r\n[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),\r\n[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))\r\n-
[ ] This renders correctly on smaller devices using a
responsive\r\nlayout. (You can test this [in
your\r\nbrowser](https://www.browserstack.com/guide/responsive-testing-on-local-server))\r\n-
[ ] This was checked for
[cross-browser\r\ncompatibility](https://www.elastic.co/support/matrix#matrix_browsers)\r\n\r\n\r\n\r\n###
For maintainers\r\n\r\n- [x] This was checked for breaking API changes
and was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"26726625394dfc4a5143dd1e1c895487c2f90380"}}]}]
BACKPORT-->

Co-authored-by: Georgii Gorbachev <georgii.gorbachev@elastic.co>
banderror added a commit to banderror/kibana that referenced this issue Feb 20, 2024
@banderror
[Security Solution] Fix rule filters on the Rule Details page (elasti…
797c347 
…c#177081)

**Fixes: elastic#141458
**Fixes: elastic#176866

## Summary

Fixes the bugs above by changing the `Filters` component:

- from using lower-level components like `FilterBadgeGroup` and custom
rendering
- to using a higher-level `FilterItems` component that's used inside a
larger component `QueryBar` (see the first screenshot below) on the Rule
Creation / Editing pages

Note that for some reason the end result still does not fully equal to
how filters look on the Rule Creation / Editing pages, where there are
fewer warnings. It's hard to say which rendering is the right one.

## Screenshots

**How filters look on the Rule Creation / Editing pages:**

<img width="989" alt="Screenshot 2024-02-15 at 21 25 00"
src="https://github.com/elastic/kibana/assets/7359339/01ca468f-be99-469a-8d75-ee5aa1a31fb0">

**Rule Details page BEFORE the fix:**

<img width="1792" alt="Screenshot 2024-02-15 at 21 23 46"
src="https://github.com/elastic/kibana/assets/7359339/d0e2aa6e-3050-4327-8025-f37125498fd6">
<img width="1792" alt="Screenshot 2024-02-15 at 21 24 02"
src="https://github.com/elastic/kibana/assets/7359339/a89302b2-f991-4547-bdac-c0f5a594a881">
<img width="1792" alt="Screenshot 2024-02-15 at 21 24 18"
src="https://github.com/elastic/kibana/assets/7359339/49c16b02-8d82-4f93-932f-3846880a0457">

**Rule Details page AFTER the fix 1 (filters use non-existing fields and
show warnings):**

<img width="1790" alt="Screenshot 2024-02-15 at 21 28 46"
src="https://github.com/elastic/kibana/assets/7359339/e229b4ff-6ee7-4444-b5c1-deb00d2b9b39">

**Rule Details page AFTER the fix 2 (filters use existing fields and
look normal):**

<img width="1792" alt="Screenshot 2024-02-15 at 21 37 45"
src="https://github.com/elastic/kibana/assets/7359339/b10905e7-803d-4404-aa02-8692ff964891">

### Checklist

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [ ] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [ ] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [ ] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)

### For maintainers

- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

(cherry picked from commit 2672662)

# Conflicts:
#	x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/rule_definition_section.tsx
@banderror banderror mentioned this issue Feb 20, 2024
Merged
fkanout pushed a commit to fkanout/kibana that referenced this issue Mar 4, 2024
@banderror @fkanout
[Security Solution] Fix rule filters on the Rule Details page (elasti…
0b662ec 
…c#177081)

**Fixes: elastic#141458
**Fixes: elastic#176866

## Summary

Fixes the bugs above by changing the `Filters` component:

- from using lower-level components like `FilterBadgeGroup` and custom
rendering
- to using a higher-level `FilterItems` component that's used inside a
larger component `QueryBar` (see the first screenshot below) on the Rule
Creation / Editing pages

Note that for some reason the end result still does not fully equal to
how filters look on the Rule Creation / Editing pages, where there are
fewer warnings. It's hard to say which rendering is the right one.

## Screenshots

**How filters look on the Rule Creation / Editing pages:**

<img width="989" alt="Screenshot 2024-02-15 at 21 25 00"
src="https://github.com/elastic/kibana/assets/7359339/01ca468f-be99-469a-8d75-ee5aa1a31fb0">

**Rule Details page BEFORE the fix:**

<img width="1792" alt="Screenshot 2024-02-15 at 21 23 46"
src="https://github.com/elastic/kibana/assets/7359339/d0e2aa6e-3050-4327-8025-f37125498fd6">
<img width="1792" alt="Screenshot 2024-02-15 at 21 24 02"
src="https://github.com/elastic/kibana/assets/7359339/a89302b2-f991-4547-bdac-c0f5a594a881">
<img width="1792" alt="Screenshot 2024-02-15 at 21 24 18"
src="https://github.com/elastic/kibana/assets/7359339/49c16b02-8d82-4f93-932f-3846880a0457">

**Rule Details page AFTER the fix 1 (filters use non-existing fields and
show warnings):**

<img width="1790" alt="Screenshot 2024-02-15 at 21 28 46"
src="https://github.com/elastic/kibana/assets/7359339/e229b4ff-6ee7-4444-b5c1-deb00d2b9b39">

**Rule Details page AFTER the fix 2 (filters use existing fields and
look normal):**

<img width="1792" alt="Screenshot 2024-02-15 at 21 37 45"
src="https://github.com/elastic/kibana/assets/7359339/b10905e7-803d-4404-aa02-8692ff964891">


### Checklist

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [ ] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [ ] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [ ] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)



### For maintainers

- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@banderror banderror

Labels
8.13 candidate bug Fixes for quality problems that affect the customer experience Feature:Rule Details Security Solution Detection Rule Details page fixed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.13.0 v8.14.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Security Solution] Fix rule filters on the Rule Details page banderror/kibana
2 participants
@banderror @elasticmachine