Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability regex changed to match with 4.9.0 solved vulnerability alerts #5624

Merged
merged 1 commit into from
Aug 1, 2024
Merged

Vulnerability regex changed to match with 4.9.0 solved vulnerability alerts #5624

merged 1 commit into from
Aug 1, 2024

Conversation

hossam1522
Copy link
Member

Description

This pull request is based on #5608.

Concerning the detection of vulnerability mitigation alerts despite the change in the rule description, the change implemented in the regex module has managed to get all mitigated alerts detected except for those related to agent 2 and agent 5, which are the ones that give problems with vulnerability detection (as indicated in the issue above) so that no mitigated alerts can be detected. Here is the evidence:

Testing performed

OS Package used
Validation Jenkins Local OS Commit Notes
🟢 🟢 ⚫⚫ Vulnerability regex changed to match with 4.9.0 solved vulnerability alert Nothing to highlight

@hossam1522 hossam1522 self-assigned this Jul 30, 2024
@hossam1522 hossam1522 linked an issue Jul 30, 2024 that may be closed by this pull request
E2E tests fails to detect vulnerability mitigation alerts due to change in rule description #5608
Closed
@hossam1522 hossam1522 mentioned this pull request Jul 30, 2024
Closed
@pro-akim
Copy link
Member

Review Notes

After a brief communication with @hossam1522, he explained to me that by implementing the change in the regex, the focus of the detection of missing_mitigated_alerts has been effectively corrected.
This increased the number of failures in the tests, which is expected since without the modifications, the test was not correctly detecting the vulnerabilities in the problem agents.

LGTM

@rauldpm rauldpm merged commit 0a440dc into 4.9.0 Aug 1, 2024
@rauldpm rauldpm deleted the change/5608-regex-vulnerability-mitigation branch August 1, 2024 12:02
This was referenced Aug 2, 2024
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pro-akim pro-akim pro-akim approved these changes

@rauldpm rauldpm rauldpm approved these changes

Assignees

@hossam1522 hossam1522

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

E2E tests fails to detect vulnerability mitigation alerts due to change in rule description
3 participants
@hossam1522 @pro-akim @rauldpm