kibana icon indicating copy to clipboard operation
kibana copied to clipboard

Published 20 hours ago verified publisher icon elastic

[Security Solution] [ENHANCEMENT] Unassigned impact is not allowed while adding in the asset criticality via bulk upload

Open muskangulati-qasource opened this issue 1 year ago • 10 comments

Describe the bug Unassigned impact is not allowed while adding in the asset criticality via bulk upload

Kibana/Elasticsearch Stack version

VERSION: 8.16.0
BUILD: 78825
COMMIT: a805375758e4bc931cf13dfdcac89b8d877a15d2

Steps

  1. Kibana version 8.16.0 or above should exist without endpoints
  2. securitySolution:enableAssetCriticality flag should be enabled for Asset Criticality
  3. Navigate to Security >> Manage >> Asset criticality
  4. Create a file according to the example given
  5. Click on ‘select or drag and drop a file’
  6. Add the file created
  7. Click on assign and observe for the output message: with error for unassigned value

Screenshot Image

muskangulati-qasource avatar Oct 08 '24 12:10 muskangulati-qasource

Pinging @elastic/security-solution (Team: SecuritySolution)

elasticmachine avatar Oct 08 '24 12:10 elasticmachine

@amolnater-qasource please review!

muskangulati-qasource avatar Oct 08 '24 12:10 muskangulati-qasource

Reviewed & assigned to @MadameSheema

amolnater-qasource avatar Oct 08 '24 12:10 amolnater-qasource

Pinging @elastic/security-entity-analytics (Team:Entity Analytics)

elasticmachine avatar Oct 08 '24 13:10 elasticmachine

👀

jaredburgettelastic avatar Oct 08 '24 13:10 jaredburgettelastic

@hop-dev what is the new string value for unassignment, now that the /delete API is a soft delete?

jaredburgettelastic avatar Oct 08 '24 13:10 jaredburgettelastic

This is a great feature request, but it isn't a bug.

machadoum avatar Oct 16 '24 12:10 machadoum

Thank you for the update @machadoum,

Please let us know if we need to change this ticket type from Query to Enhancement

Thanks!

muskangulati-qasource avatar Oct 16 '24 12:10 muskangulati-qasource

Please let us know if we need to change this ticket type from Query to Enhancement

@muskangulati-qasource that works, thank you! We've gone ahead and added to our prioritized backlog

jaredburgettelastic avatar Oct 18 '24 22:10 jaredburgettelastic

Hi @jaredburgettelastic,

We have updated the ticket and labels for the same.

Thanks!

muskangulati-qasource avatar Oct 19 '24 05:10 muskangulati-qasource

PR : https://github.com/elastic/kibana/pull/208884

abhishekbhatia1710 avatar Jan 30 '25 08:01 abhishekbhatia1710

Implementation plan as discussed in standup:

  • Add the new unassigned status to bulk upload only
  • All other asset criticality routes and UIs should be unaffected
  • We can see here where the bulk upload assignment logic happens, I would expect us to copy the soft delete logic here

hop-dev avatar Feb 07 '25 08:02 hop-dev

👋 Hey @muskangulati-qasource!

Apologies, I closed this issue without a proper update in comments.

As this was an enhancement and not a bug, it was only merged into the 9.1 branch.

So from our team's perspective, this issue is "Done". However, as you all raised the issue, would you like it to remain open until validated on your end? We've done sufficient validation/testing from our end, so the feature has already applied to Serverless.

Thanks!

jaredburgettelastic avatar Feb 28 '25 22:02 jaredburgettelastic

Hi @jaredburgettelastic,

Thank you for looking into our ticket.

It would be helpful to keep the fixed ticket open so we can verify the bug resolution and gain a better understanding of the feature, especially in case any other related changes were included in the fix.

If you believe otherwise, please let us know.

cc: @MadameSheema Thank you!

muskangulati-qasource avatar Mar 03 '25 07:03 muskangulati-qasource

Hi @MadameSheema,

We have validated this ticket against both 8.18.0 & 9.0 rc1 builds and found the fix is not available on any of them.

Please find below the testing details:

Build details

VERSION: 8.18.0
BUILD: 82557
COMMIT: b1da764d7db918082e4b9b82a8df5007f555e9b0

VERSION: 9.0.0-rc1
BUILD: 83822
COMMIT: 07dc0afa460bddff658ee6d5342ad1f087fc766b

Screenshots

  • 8.18.0:

Image

  • 9.0.0:

Image

File used:

user.txt

Please let us know if anything else is required from our end.

Thanks!

muskangulati-qasource avatar Mar 03 '25 07:03 muskangulati-qasource

@abhishekbhatia1710 can you please take a look at the above?

MadameSheema avatar Mar 03 '25 14:03 MadameSheema

Jared mentioned that it is only available on 9.1, but the feature was tested for 8.18.0 & 9.0. It is also hard to understand the prints because they don't mention the unassigned impact and try to set criticality many times for the same user and host, which generates the warning.

As this was an enhancement and not a bug, it was only merged into the 9.1 branch.

machadoum avatar Mar 03 '25 16:03 machadoum

Hi @machadoum,

Thank you for looking into the same!

We did validate this ticket on 8.18 and 9.0 as per update from @MadameSheema.

Please refer to the updated screenshots below:

  • 9.0.0:

Image

  • 8.18.0

Image

We will validate this ticket on the mentioned 9.1 version and will close out this ticket afterwards.

Thank you!

muskangulati-qasource avatar Mar 03 '25 16:03 muskangulati-qasource

Hi Team,

I have updates the labels to add labels for builds where the fix was merged.

Please update if required!

Thanks!

muskangulati-qasource avatar Mar 06 '25 10:03 muskangulati-qasource

@muskangulati-qasource yes, the labels look appropriate.

If you'd like to test the functionality, you should be able to do so in Serverless!

jaredburgettelastic avatar Mar 17 '25 19:03 jaredburgettelastic

Hi @jaredburgettelastic

Thanks for the update.

We have validated this ticket on Serverless 9.1.0 and found that issue is still reproducible.

Please find the below observations

Build Details

VERSION: 9.1.0
BUILD: 84688
COMMIT: a9352bb57287cc6a06da99067b5dea694786e212

Observations

  • Error shown for unknow_impact

Image

Thanks.

arvindersingh-qasource avatar Mar 19 '25 09:03 arvindersingh-qasource

👋 Hi @arvindersingh-qasource !

The above functionality is expected, as unknown_impact is indeed an invalid assignment.

What is now available in Serverless is unassigned_impact. See below screenshot for an example:

Image

jaredburgettelastic avatar Mar 19 '25 21:03 jaredburgettelastic

Hi @jaredburgettelastic

Thanks for the update.

We have Validated this ticket on Serverless 9.1.0 build and at our end issue is still reproducible.

Please find the below observations

Build Details

VERSION: 9.1.0
BUILD: 84688
COMMIT: a9352bb57287cc6a06da99067b5dea694786e212

Observations

  • Entry with unassigned_impact still shows the error.

Image

  • [ ] **Query ** : can you please share your build commits so that we can validate this issue on the same build version?

Thanks.

arvindersingh-qasource avatar Mar 20 '25 10:03 arvindersingh-qasource

@abhishekbhatia1710 can you please have a look at the above, to see if this new unassigned_impact functionality should be available in Serverless?

jaredburgettelastic avatar Mar 20 '25 17:03 jaredburgettelastic

@arvindersingh-qasource : The new level is unassigned, rather than unassigned_impact or unknown_impact.

Screenshots for ref:

Serverless :

Image

ESS:

Image

abhishekbhatia1710 avatar Mar 24 '25 09:03 abhishekbhatia1710

Hey @abhishekbhatia1710

Thanks for the clarification.

We have validated this issue on latest kibana v9.1.0 Snapshot build and found that issue is now fixed

Please find the below observations

Build Details

VERSION: 9.1.0
BUILD: 86565
COMMIT: b6c788655a044c70d9bce8545823669d3471361b

Observations

  • unassigned impact as assignment Image

Hence, we are closing this ticket as QA Validated.

Thanks.

arvindersingh-qasource avatar May 28 '25 10:05 arvindersingh-qasource