-
Notifications
You must be signed in to change notification settings - Fork 8.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] The detection rules have defined source values for severity overridden but there is no Source field selected for the same. #85951
Comments
@manishgupta-qasource Please review! |
Reviewed & assigned to @MadameSheema |
Sorry, I'm not sure I fully got the steps mentioned in the description of the ticket, but I managed to reproduce the bug with the following steps:
@muskangulati-qasource if you used other steps to reproduce it, please share, I want to make sure I addressed the case you described in the issue. |
Hi @banderror, Sorry for the confusions and thank you for providing detailed steps. Please let us know if we are missing anything! Thanks!! |
@muskangulati-qasource no worries, thank you, that's great! |
@muskangulati-qasource fix has been merged. Could you please validate when you get a chance? |
Hi @peluja1012, We validated this ticket on latest 7.11.0 build and found that issue is partially fixed. Please find the observations below: Build Details:
Observation:
We will validate this ticket on BC2 to ensure the fixes are present there. Please let us know if anything else is required from our end. Thanks!! |
Yep, the fix hasn't been propagated to 7.11.0 build candidate yet. |
Hi @MadameSheema, We have validated this ticket on both 7.11.0-BC2 & 8.0-SNAPSHOT builds and found that issue is now fixed: Build details:
Refer screenshots: Hence, we are closing this ticket!! Thanks! |
We have validated this ticket on 7.12.0 BC2 and found that issue is Fixed. The detection rules have both source values and Source fields for severity overridden when editing the rule. Build Details:
Please let us know if anything else is required from our end. Thanks!! |
Bug Conversion : Updated 01 test case for this ticket Thanks!! |
Description
The detection rules have defined source values for severity overridden but there is no Source field selected for the same.
Build Details:
Platform: Staging
Version: 7.11.0-SNAPSHOT
Commit: 9b0ec30
Build number: 37292
Artifact: https://artifacts-api.elastic.co/v1/search/7.11.0-SNAPSHOT
Browser Details:
All
Preconditions:
Steps to Reproduce:
Impacted Test case:
Actual Result:
The detection rules have defined source values for severity overridden but there is no Source field selected for the same.
Expected Result:
The detection rules should have both source values and Source fields for severity overridden.
What's working:
For 7.11 older builds, it is working fine:
What's not working:
N/A
Screenshot:
The text was updated successfully, but these errors were encountered: