Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[8.x] [Security Solution] Fixes data normalization in diff algorithms…
… for `threat` and `rule_schedule` fields (#200105) (#200646) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] Fixes data normalization in diff algorithms for `threat` and `rule_schedule` fields (#200105)](#200105) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Davis Plumlee","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-18T19:48:14Z","message":"[Security Solution] Fixes data normalization in diff algorithms for `threat` and `rule_schedule` fields (#200105)\n\n**Fixes https://github.com/elastic/kibana/issues/199629**\r\n\r\n## Summary\r\n\r\nFixes the data normalization we do before comparison for the `threat`\r\nand `rule_schedule` fields so that they align with our prebuilt rule\r\nspecs. Specifically:\r\n\r\n- Trims any extra optional nested fields in the `threat` field that were\r\nleft as empty arrays\r\n- Removes the logic to use the `from` value in the `meta` field if it\r\nexisted, so that we can normalize the time strings for `rule_schedule`\r\n\r\nThese errors were occurring when a rule was saved via the Rule Editing\r\nform in the UI and extra fields were added in the update API call. This\r\nPR makes the diff algorithms more robust against different field values\r\nthat are represented differently but are logically the same.\r\n\r\nThis extra data added in the Rule Edit UI form was also causing rules to\r\nappear as modified when saved from the form, even if no fields had been\r\nmodified.\r\n\r\n\r\n\r\n### Checklist\r\n\r\nCheck the PR satisfies following conditions. \r\n\r\nReviewers should verify this PR satisfies this list as well.\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed","sha":"a8fd0c95148ab42411e5ad8e6a65df0634f67dbe","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","impact:high","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v8.17.0","v8.16.1"],"title":"[Security Solution] Fixes data normalization in diff algorithms for `threat` and `rule_schedule` fields","number":200105,"url":"https://github.com/elastic/kibana/pull/200105","mergeCommit":{"message":"[Security Solution] Fixes data normalization in diff algorithms for `threat` and `rule_schedule` fields (#200105)\n\n**Fixes https://github.com/elastic/kibana/issues/199629**\r\n\r\n## Summary\r\n\r\nFixes the data normalization we do before comparison for the `threat`\r\nand `rule_schedule` fields so that they align with our prebuilt rule\r\nspecs. Specifically:\r\n\r\n- Trims any extra optional nested fields in the `threat` field that were\r\nleft as empty arrays\r\n- Removes the logic to use the `from` value in the `meta` field if it\r\nexisted, so that we can normalize the time strings for `rule_schedule`\r\n\r\nThese errors were occurring when a rule was saved via the Rule Editing\r\nform in the UI and extra fields were added in the update API call. This\r\nPR makes the diff algorithms more robust against different field values\r\nthat are represented differently but are logically the same.\r\n\r\nThis extra data added in the Rule Edit UI form was also causing rules to\r\nappear as modified when saved from the form, even if no fields had been\r\nmodified.\r\n\r\n\r\n\r\n### Checklist\r\n\r\nCheck the PR satisfies following conditions. \r\n\r\nReviewers should verify this PR satisfies this list as well.\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed","sha":"a8fd0c95148ab42411e5ad8e6a65df0634f67dbe"}},"sourceBranch":"main","suggestedTargetBranches":["8.x","8.16"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/200105","number":200105,"mergeCommit":{"message":"[Security Solution] Fixes data normalization in diff algorithms for `threat` and `rule_schedule` fields (#200105)\n\n**Fixes https://github.com/elastic/kibana/issues/199629**\r\n\r\n## Summary\r\n\r\nFixes the data normalization we do before comparison for the `threat`\r\nand `rule_schedule` fields so that they align with our prebuilt rule\r\nspecs. Specifically:\r\n\r\n- Trims any extra optional nested fields in the `threat` field that were\r\nleft as empty arrays\r\n- Removes the logic to use the `from` value in the `meta` field if it\r\nexisted, so that we can normalize the time strings for `rule_schedule`\r\n\r\nThese errors were occurring when a rule was saved via the Rule Editing\r\nform in the UI and extra fields were added in the update API call. This\r\nPR makes the diff algorithms more robust against different field values\r\nthat are represented differently but are logically the same.\r\n\r\nThis extra data added in the Rule Edit UI form was also causing rules to\r\nappear as modified when saved from the form, even if no fields had been\r\nmodified.\r\n\r\n\r\n\r\n### Checklist\r\n\r\nCheck the PR satisfies following conditions. \r\n\r\nReviewers should verify this PR satisfies this list as well.\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed","sha":"a8fd0c95148ab42411e5ad8e6a65df0634f67dbe"}},{"branch":"8.x","label":"v8.17.0","branchLabelMappingKey":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.16","label":"v8.16.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Davis Plumlee <[email protected]>
- Loading branch information