[Security Solution] Users can import custom rules with rule_id equal to that of a not-installed prebuilt rule
#180198
Labels
8.18 candidate
bug
Fixes for quality problems that affect the customer experience
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules area
impact:medium
Addressing this issue will have a medium level of impact on the quality/strength of our product.
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Comments
jpdjere
added
bug
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
banderror
changed the title
rule_id equal to that of a not-installed prebuilt rulerule_id equal to that of a not-installed prebuilt rule (DRAFT)
banderror
changed the title
rule_id equal to that of a not-installed prebuilt rule (DRAFT)rule_id equal to that of a not-installed prebuilt rule
banderror
added
impact:medium
5 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Epics: https://github.com/elastic/security-team/issues/1974 (internal), #174168
Summary
rule_idthan an existing prebuilt rule, if this prebuilt rule is not installed.rule_idcopied from a prebuilt rule, then installing prebuilt rules after that and ended up with 2 rules (custom and prebuilt) with the samerule_id.The text was updated successfully, but these errors were encountered: