Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] The 'is not one of' & 'is not' filters give 400 error #102617

Closed
muskangulati-qasource opened this issue Jun 18, 2021 · 8 comments
Closed

[Security Solution] The 'is not one of' & 'is not' filters give 400 error #102617

muskangulati-qasource opened this issue Jun 18, 2021 · 8 comments
Assignees
@kevinlog
Labels
bug Fixes for quality problems that affect the customer experience impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. OLM Sprint QA:Validated Issue has been validated by QA Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v7.14.0

Comments

@muskangulati-qasource
Copy link

Describe the feature
The 'is not one of' & 'is not' filters give 400 error

Build Details:

VERSION: 7.14.0-SNAPSHOT
BUILD: 41559
COMMIT: 9838db392e7fcfc12f004b68fb1b09739f131148
ARTIFACT: https://artifacts-api.elastic.co/v1/search/7.14.0-SNAPSHOT

Preconditions

  1. Elastic 7.14.0 environment should be deployed.

Steps to Reproduce

  1. Navigate to Administration Tab under the Security
  2. Go to Event Filtering Tab
  3. Add the following values:
    'event.category' 'is not' or 'is not one of'
  4. Save the entry
  5. Observe an error is thrown for the exclude events

Test data
N/A

Impacted Test case(s)
N/A

Actual Result
The 'is not one of' & 'is not' filters give 400 error

Expected Result
The 'is not one of' & 'is not' filters should be successfully added.

What's Working
N/A

What's Not Working
The same issue occurs if we close the flyout and open it again.
All the entries are removed but the issue pop up still occurs

Screenshot

BugForEventFiltering.mp4

Logs:
N/A
@muskangulati-qasource muskangulati-qasource added bug Fixes for quality problems that affect the customer experience impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v7.14.0 labels Jun 18, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-onboarding-and-lifecycle-mgt (Team:Onboarding and Lifecycle Mgt)

@dasansol92
Copy link
Contributor

Hi @muskangulati-qasource,
This issue is related to this one and has been fixed with this pr
Let me know if you have more questions on this,

Thanks

@muskangulati-qasource
Copy link
Author

Hi @dasansol92,

Thank you for the update. Should we close this issue then?

Thanks!

@dasansol92
Copy link
Contributor

I think you can close this or link this with the other one and close both together when those changes are available in 7.14 snapshot.
cc: @kevinlog

@muskangulati-qasource
Copy link
Author

Sure @dasansol92,

For now, we are keeping this issue open, and once the changes are merged, we will test both scenarios to be sure :)

Thanks!

@manishgupta-qasource
Copy link

Reviewed & Assigned to @kevinlog

@kevinlog kevinlog added QA:Ready for Testing Code is merged and ready for QA to validate OLM Sprint labels Jun 21, 2021
@muskangulati-qasource
Copy link
Author

Hi @kevinlog,

We tested this scenario on the latest 7.14.0-SNAPSHOT build and found that this issue is fixed.

Please find below the whole testing details:

Build Details:

VERSION: 7.14.0-SNAPSHOT
BUILD: 41846
COMMIT: 3cfbe712030c898819006195e6c9ddae6cbd0a3a
ARTIFACT: https://artifacts-api.elastic.co/v1/search/7.14.0-SNAPSHOT

Screenshot

  • Is Not:
    IsNot

  • Is Not one of:
    IsNotOneOf

Hence, closing this issue & marking it as "Validated".

Thanks!!

@muskangulati-qasource muskangulati-qasource added QA:Validated Issue has been validated by QA and removed QA:Ready for Testing Code is merged and ready for QA to validate labels Jun 22, 2021
@ghost
Copy link

ghost commented Aug 16, 2021

Bug Conversion

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kevinlog kevinlog

Labels
bug Fixes for quality problems that affect the customer experience impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. OLM Sprint QA:Validated Issue has been validated by QA Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v7.14.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@dasansol92 @elasticmachine @kevinlog @manishgupta-qasource @muskangulati-qasource