Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[SECURITY_SOLUTIONS] Only query security alerts with current user #174216

Merged
merged 8 commits into from
Jan 4, 2024

Conversation

XavierM
Copy link
Contributor

@XavierM XavierM commented Jan 3, 2024

Summary

We just got an SDH#814 that tell us that some feature like KPIs and grouping are not acting as they should be.

@PhilippeOberti is doing an investigation to check which feature has been impacted by this bug. This bug has been introduced in this #112113 since 8.0.0

I think this simple solution should not impact any features.

@XavierM XavierM added bug Fixes for quality problems that affect the customer experience release_note:fix impact:critical This issue should be addressed immediately due to a critical level of impact on the product. Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) Team:Detection Alerts Security Detection Alerts Area Team v8.12.0 v8.11.4 labels Jan 3, 2024
@XavierM XavierM force-pushed the alert-use-current-user branch from f26b804 to 6db785b Compare January 3, 2024 19:57
@elastic elastic deleted a comment from PhilippeOberti Jan 4, 2024
@XavierM XavierM marked this pull request as ready for review January 4, 2024 19:02
@XavierM XavierM requested a review from a team as a code owner January 4, 2024 19:02
@XavierM XavierM requested a review from nkhristinin January 4, 2024 19:02
@elasticmachine
Copy link
Contributor

Pinging @elastic/response-ops (Team:ResponseOps)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-engine (Team:Detection Alerts)

Copy link
Contributor

@marshallmain marshallmain left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code changes and tests LGTM, thanks for the quick turnaround on this!

],
},
};
const roleToAccessSecuritySolutionWithDsl = {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: all instances of dsl should be dls

Copy link
Contributor Author

@XavierM XavierM Jan 4, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh Zut, I will change that

@XavierM XavierM enabled auto-merge (squash) January 4, 2024 21:10
@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@XavierM XavierM merged commit 4af36fe into elastic:main Jan 4, 2024
37 checks passed
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Jan 4, 2024
…astic#174216)

## Summary

We just got an
[SDH#814](elastic/sdh-security-team#814) that
tell us that some feature like `KPIs` and `grouping` are not acting as
they should be.

@PhilippeOberti is doing an investigation to check which feature has
been impacted by this bug. This bug has been introduced in this
elastic#112113 since 8.0.0

I think this simple solution should not impact any features.

(cherry picked from commit 4af36fe)
@kibanamachine
Copy link
Contributor

💔 Some backports could not be created

Status Branch Result
8.11 Backport failed because of merge conflicts
8.12

Note: Successful backport PRs will be merged automatically after passing CI.

Manual backport

To create the backport manually run:

node scripts/backport --pr 174216

Questions ?

Please refer to the Backport tool documentation

XavierM added a commit that referenced this pull request Jan 4, 2024
…74216)

We just got an
[SDH#814](elastic/sdh-security-team#814) that
tell us that some feature like `KPIs` and `grouping` are not acting as
they should be.

@PhilippeOberti is doing an investigation to check which feature has
been impacted by this bug. This bug has been introduced in this
#112113 since 8.0.0

I think this simple solution should not impact any features.

(cherry picked from commit 4af36fe)
kibanamachine added a commit that referenced this pull request Jan 4, 2024
…ser (#174216) (#174304)

# Backport

This will backport the following commits from `main` to `8.12`:
- [[SECURITY_SOLUTIONS] Only query security alerts with current user
(#174216)](#174216)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Xavier
Mouligneau","email":"xavier.mouligneau@elastic.co"},"sourceCommit":{"committedDate":"2024-01-04T21:41:30Z","message":"[SECURITY_SOLUTIONS]
Only query security alerts with current user (#174216)\n\n##
Summary\r\n\r\nWe just got
an\r\n[SDH#814](elastic/sdh-security-team#814)
that\r\ntell us that some feature like `KPIs` and `grouping` are not
acting as\r\nthey should be.\r\n\r\n@PhilippeOberti is doing an
investigation to check which feature has\r\nbeen impacted by this bug.
This bug has been introduced in
this\r\nhttps://github.com//pull/112113 since
8.0.0\r\n\r\nI think this simple solution should not impact any
features.","sha":"4af36fece290263c4fd86f0e06d3e12bdb05f81b","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","blocker","release_note:fix","impact:critical","Team:ResponseOps","Team:Detection
Alerts","v8.12.0","v8.13.0","v8.11.4"],"title":"[SECURITY_SOLUTIONS]
Only query security alerts with current
user","number":174216,"url":"https://github.com/elastic/kibana/pull/174216","mergeCommit":{"message":"[SECURITY_SOLUTIONS]
Only query security alerts with current user (#174216)\n\n##
Summary\r\n\r\nWe just got
an\r\n[SDH#814](elastic/sdh-security-team#814)
that\r\ntell us that some feature like `KPIs` and `grouping` are not
acting as\r\nthey should be.\r\n\r\n@PhilippeOberti is doing an
investigation to check which feature has\r\nbeen impacted by this bug.
This bug has been introduced in
this\r\nhttps://github.com//pull/112113 since
8.0.0\r\n\r\nI think this simple solution should not impact any
features.","sha":"4af36fece290263c4fd86f0e06d3e12bdb05f81b"}},"sourceBranch":"main","suggestedTargetBranches":["8.12","8.11"],"targetPullRequestStates":[{"branch":"8.12","label":"v8.12.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.13.0","branchLabelMappingKey":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/174216","number":174216,"mergeCommit":{"message":"[SECURITY_SOLUTIONS]
Only query security alerts with current user (#174216)\n\n##
Summary\r\n\r\nWe just got
an\r\n[SDH#814](elastic/sdh-security-team#814)
that\r\ntell us that some feature like `KPIs` and `grouping` are not
acting as\r\nthey should be.\r\n\r\n@PhilippeOberti is doing an
investigation to check which feature has\r\nbeen impacted by this bug.
This bug has been introduced in
this\r\nhttps://github.com//pull/112113 since
8.0.0\r\n\r\nI think this simple solution should not impact any
features.","sha":"4af36fece290263c4fd86f0e06d3e12bdb05f81b"}},{"branch":"8.11","label":"v8.11.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Xavier Mouligneau <xavier.mouligneau@elastic.co>
XavierM added a commit that referenced this pull request Jan 5, 2024
…ser (#174216) (#174306)

# Backport

This will backport the following commits from `main` to `8.11`:
- [[SECURITY_SOLUTIONS] Only query security alerts with current user
(#174216)](#174216)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Xavier
Mouligneau","email":"xavier.mouligneau@elastic.co"},"sourceCommit":{"committedDate":"2024-01-04T21:41:30Z","message":"[SECURITY_SOLUTIONS]
Only query security alerts with current user (#174216)\n\n##
Summary\r\n\r\nWe just got
an\r\n[SDH#814](elastic/sdh-security-team#814)
that\r\ntell us that some feature like `KPIs` and `grouping` are not
acting as\r\nthey should be.\r\n\r\n@PhilippeOberti is doing an
investigation to check which feature has\r\nbeen impacted by this bug.
This bug has been introduced in
this\r\nhttps://github.com//pull/112113 since
8.0.0\r\n\r\nI think this simple solution should not impact any
features.","sha":"4af36fece290263c4fd86f0e06d3e12bdb05f81b","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","blocker","release_note:fix","impact:critical","Team:ResponseOps","Team:Detection
Alerts","v8.12.0","v8.13.0","v8.11.4"],"title":"[SECURITY_SOLUTIONS]
Only query security alerts with current
user","number":174216,"url":"https://github.com/elastic/kibana/pull/174216","mergeCommit":{"message":"[SECURITY_SOLUTIONS]
Only query security alerts with current user (#174216)\n\n##
Summary\r\n\r\nWe just got
an\r\n[SDH#814](elastic/sdh-security-team#814)
that\r\ntell us that some feature like `KPIs` and `grouping` are not
acting as\r\nthey should be.\r\n\r\n@PhilippeOberti is doing an
investigation to check which feature has\r\nbeen impacted by this bug.
This bug has been introduced in
this\r\nhttps://github.com//pull/112113 since
8.0.0\r\n\r\nI think this simple solution should not impact any
features.","sha":"4af36fece290263c4fd86f0e06d3e12bdb05f81b"}},"sourceBranch":"main","suggestedTargetBranches":["8.12","8.11"],"targetPullRequestStates":[{"branch":"8.12","label":"v8.12.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.13.0","branchLabelMappingKey":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/174216","number":174216,"mergeCommit":{"message":"[SECURITY_SOLUTIONS]
Only query security alerts with current user (#174216)\n\n##
Summary\r\n\r\nWe just got
an\r\n[SDH#814](elastic/sdh-security-team#814)
that\r\ntell us that some feature like `KPIs` and `grouping` are not
acting as\r\nthey should be.\r\n\r\n@PhilippeOberti is doing an
investigation to check which feature has\r\nbeen impacted by this bug.
This bug has been introduced in
this\r\nhttps://github.com//pull/112113 since
8.0.0\r\n\r\nI think this simple solution should not impact any
features.","sha":"4af36fece290263c4fd86f0e06d3e12bdb05f81b"}},{"branch":"8.11","label":"v8.11.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

---------

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
marshallmain added a commit that referenced this pull request Jan 22, 2024
…erying for threshold rule history (#174723)

## Summary

Follow up to #174216
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Jan 22, 2024
…erying for threshold rule history (elastic#174723)

## Summary

Follow up to elastic#174216

(cherry picked from commit f87a348)
kibanamachine referenced this pull request Jan 22, 2024
…when querying for threshold rule history (#174723) (#175270)

# Backport

This will backport the following commits from `main` to `8.12`:
- [[Security Solution] Use current user instead of internal user when
querying for threshold rule history
(#174723)](#174723)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Marshall
Main","email":"55718608+marshallmain@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-01-22T21:22:07Z","message":"[Security
Solution] Use current user instead of internal user when querying for
threshold rule history (#174723)\n\n## Summary\r\n\r\nFollow up to
https://github.com/elastic/kibana/pull/174216","sha":"f87a34838659fed1bd22f21f9de0bc1162ae917b","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection
Engine","v8.12.1","v8.13.0"],"title":"[Security Solution] Use current
user instead of internal user when querying for threshold rule
history","number":174723,"url":"https://github.com/elastic/kibana/pull/174723","mergeCommit":{"message":"[Security
Solution] Use current user instead of internal user when querying for
threshold rule history (#174723)\n\n## Summary\r\n\r\nFollow up to
https://github.com/elastic/kibana/pull/174216","sha":"f87a34838659fed1bd22f21f9de0bc1162ae917b"}},"sourceBranch":"main","suggestedTargetBranches":["8.12"],"targetPullRequestStates":[{"branch":"8.12","label":"v8.12.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.13.0","branchLabelMappingKey":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/174723","number":174723,"mergeCommit":{"message":"[Security
Solution] Use current user instead of internal user when querying for
threshold rule history (#174723)\n\n## Summary\r\n\r\nFollow up to
https://github.com/elastic/kibana/pull/174216","sha":"f87a34838659fed1bd22f21f9de0bc1162ae917b"}}]}]
BACKPORT-->

Co-authored-by: Marshall Main <55718608+marshallmain@users.noreply.github.com>
CoenWarmer pushed a commit to CoenWarmer/kibana that referenced this pull request Feb 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
blocker bug Fixes for quality problems that affect the customer experience impact:critical This issue should be addressed immediately due to a critical level of impact on the product. release_note:fix Team:Detection Alerts Security Detection Alerts Area Team Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) v8.11.4 v8.12.0 v8.13.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants