Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SIEM][Detections] Rule Import performs unnecessary work when signals index DNE #65565

Closed
rylnd opened this issue May 6, 2020 · 2 comments
Closed

[SIEM][Detections] Rule Import performs unnecessary work when signals index DNE #65565

rylnd opened this issue May 6, 2020 · 2 comments
Assignees
@FrankHassanabad
Labels
bug Fixes for quality problems that affect the customer experience Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM v7.7.0

Comments

@rylnd
Copy link
Contributor

rylnd commented May 6, 2020

This code verifies that the signal index exists (and sets an error if not), but that happens once for each rule being imported.

Additionally, if the index does not exist, we still try to upsert the rule, which seems like it may actually succeed.

There may be a few bugs here, but I think that the solution is to move the indexExists check outside of the loop and exit early, similar to how we handle a parsing error
@rylnd rylnd added bug Fixes for quality problems that affect the customer experience Team:SIEM v7.7.0 labels May 6, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/siem (Team:SIEM)

@FrankHassanabad FrankHassanabad self-assigned this May 6, 2020
@FrankHassanabad FrankHassanabad mentioned this issue May 6, 2020
Merged
1 task
FrankHassanabad added a commit that referenced this issue May 7, 2020
@FrankHassanabad
[SIEM][Detection Engine] Fixes import bug with non existent signals i…
e3b4b99 
…ndex (#65595)

See: #65565

* Fixes it to where if there is an import without an index then the rule is not created

### Checklist

- [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
FrankHassanabad added a commit to FrankHassanabad/kibana that referenced this issue May 7, 2020
@FrankHassanabad
[SIEM][Detection Engine] Fixes import bug with non existent signals i…
0560c80 
…ndex (elastic#65595)

See: elastic#65565

* Fixes it to where if there is an import without an index then the rule is not created

### Checklist

- [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
FrankHassanabad added a commit that referenced this issue May 7, 2020
@FrankHassanabad
[SIEM][Detection Engine] Fixes import bug with non existent signals i…
49feeb3 
…ndex (#65595) (#65690)

See: #65565

* Fixes it to where if there is an import without an index then the rule is not created

### Checklist

- [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
@rylnd
Copy link
Contributor Author

rylnd commented May 7, 2020

Closed by #65595

@rylnd rylnd closed this as completed May 7, 2020
@MindyRS MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Oct 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@FrankHassanabad FrankHassanabad

Labels
bug Fixes for quality problems that affect the customer experience Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM v7.7.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rylnd @FrankHassanabad @MindyRS @elasticmachine