Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[8.x] [Security Solution] Fixes data normalization in diff algorithms for `threat` and `rule_schedule` fields (#200105) #200646

Merged
merged 1 commit into from
Nov 18, 2024
Merged

[8.x] [Security Solution] Fixes data normalization in diff algorithms for `threat` and `rule_schedule` fields (#200105) #200646

merged 1 commit into from
Nov 18, 2024

Conversation

kibanamachine
Copy link
Contributor

Backport

This will backport the following commits from main to 8.x:

Questions ?

Please refer to the Backport tool documentation

@dplumlee
[Security Solution] Fixes data normalization in diff algorithms for `…
f463c40 
…threat` and `rule_schedule` fields (elastic#200105)

**Fixes elastic#199629

## Summary

Fixes the data normalization we do before comparison for the `threat`
and `rule_schedule` fields so that they align with our prebuilt rule
specs. Specifically:

- Trims any extra optional nested fields in the `threat` field that were
left as empty arrays
- Removes the logic to use the `from` value in the `meta` field if it
existed, so that we can normalize the time strings for `rule_schedule`

These errors were occurring when a rule was saved via the Rule Editing
form in the UI and extra fields were added in the update API call. This
PR makes the diff algorithms more robust against different field values
that are represented differently but are logically the same.

This extra data added in the Rule Edit UI form was also causing rules to
appear as modified when saved from the form, even if no fields had been
modified.

### Checklist

Check the PR satisfies following conditions.

Reviewers should verify this PR satisfies this list as well.

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed

(cherry picked from commit a8fd0c9)
@kibanamachine kibanamachine enabled auto-merge (squash) November 18, 2024 19:53
@kibanamachine kibanamachine mentioned this pull request Nov 18, 2024
Merged
2 tasks
@kibanamachine kibanamachine merged commit 29e3669 into elastic:8.x Nov 18, 2024
36 checks passed
@elasticmachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 6204 6205 +1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 13.4MB 13.4MB -17.0B

cc @dplumlee

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

@dplumlee dplumlee

Labels
backport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kibanamachine @elasticmachine @dplumlee