kibana
kibana copied to clipboard
elastic
[Security Solution] Fix rule filters on the Rule Details page
Fixes: https://github.com/elastic/kibana/issues/141458 Fixes: https://github.com/elastic/kibana/issues/176866
Summary
Fixes the bugs above by changing the Filters component:
- from using lower-level components like
FilterBadgeGroupand custom rendering - to using a higher-level
FilterItemscomponent that's used inside a larger componentQueryBar(see the first screenshot below) on the Rule Creation / Editing pages
Note that for some reason the end result still does not fully equal to how filters look on the Rule Creation / Editing pages, where there are fewer warnings. It's hard to say which rendering is the right one.
Screenshots
How filters look on the Rule Creation / Editing pages:
Rule Details page BEFORE the fix:
Rule Details page AFTER the fix 1 (filters use non-existing fields and show warnings):
Rule Details page AFTER the fix 2 (filters use existing fields and look normal):
Checklist
- [ ] Unit or functional tests were updated or added to match the most common scenarios
- [ ] Any UI touched in this PR is usable by keyboard only (learn more about keyboard accessibility)
- [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: FF, Chrome)
- [ ] This renders correctly on smaller devices using a responsive layout. (You can test this in your browser)
- [ ] This was checked for cross-browser compatibility
For maintainers
- [x] This was checked for breaking API changes and was labeled appropriately
Pinging @elastic/security-detections-response (Team:Detections and Resp)
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)
@maximpn I addressed your comments and enabled auto-merge. Feel free to check it one more time if you're interested. We can push any other improvements separately. Thank you!
:green_heart: Build Succeeded
- Buildkite Build
- Commit: 746c388ae362cc1d979becc144cf3a04c846ac6c
Metrics [docs]
Module Count
Fewer modules leads to a faster build time
| id | before | after | diff |
|---|---|---|---|
securitySolution |
5002 | 5003 | +1 |
Async chunks
Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app
| id | before | after | diff |
|---|---|---|---|
securitySolution |
11.6MB | 11.6MB | -1.1KB |
History
- :yellow_heart: Build #194108 was flaky fb67b07cfc84b0413c756ff98750622382492aa3
- :broken_heart: Build #194009 failed 9541ff3210ed02da70772c383489def4ed0ca989
- :broken_heart: Build #193952 failed 00eacc08009c53c29d73485d02ba2e9099c69dc8
- :broken_heart: Build #193950 failed df0d9dab8a5f7c622e6548922f9d5c4daaa44c70
To update your PR or re-run it, just comment with:
@elasticmachine merge upstream
cc @banderror
💔 Some backports could not be created
| Status | Branch | Result |
|---|---|---|
| ❌ | 8.12 | Backport failed because of merge conflicts |
| ✅ | 8.13 |  |
Note: Successful backport PRs will be merged automatically after passing CI.
Manual backport
To create the backport manually run:
node scripts/backport --pr 177081
Questions ?
Please refer to the Backport tool documentation
💚 All backports created successfully
| Status | Branch | Result |
|---|---|---|
| ✅ | 8.12 |  |
Note: Successful backport PRs will be merged automatically after passing CI.
Questions ?
Please refer to the Backport tool documentation
This PR didn't landed on time to be included on v8.12.2. Updating the labels.
Hi @banderror ,
In 8.11.1 there is bug with "NOT" filter, I am using "AND" inside the filter. Can you check that it's fixed?
Thank you :)
@shayfeld That one is tracked in https://github.com/elastic/kibana/issues/176866, it's been fixed by this PR and the fix will be released in 8.13.0
@shayfeld Yes, the negation ("NOT") now works correctly for both regular filters and filters with custom labels. Here's an example from the latest 8.13.0 prerelease version:
Rule Creation page:
Rule Details page:
There's an issue with that Warnings on the Details page, but that's a different one. I'll probably open a dedicated ticket for it.