[Security Solution][Detections] Fixes Severity Override not matching for Elastic Endpoint Security rule #74317
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
spong
added
bug
|
Pinging @elastic/siem (Team:SIEM) |
| _id: sampleIdGuid, | ||
| _source: { | ||
| someKey: 'someValue', | ||
| '@timestamp': '2020-04-20T21:27:45+0000', |
There was a problem hiding this comment.
That doesn't look like a Zulu? It's fine if you want to test other values, just mentioning
There was a problem hiding this comment.
I had used a similar mock from above, that's all.
| @@ -109,6 +109,24 @@ export const sampleDocNoSortId = ( | |||
| sort: [], | |||
| }); | |||
|
|
|||
| export const sampleDocSeverity = ( | |||
| severity?: Array<string | number | null> | string | number | null | |||
There was a problem hiding this comment.
👍 looks like you covered your bases of odd ball types that can come up
...ty_solution/server/lib/detection_engine/signals/mappings/build_severity_from_mapping.test.ts
Outdated
Show resolved
Hide resolved
FrankHassanabad
approved these changes
Aug 4, 2020
💚 Build SucceededBuild metrics
History
To update your PR or re-run it, just comment with: |
spong
added a commit
to spong/kibana
that referenced
this pull request
Aug 5, 2020
…for Elastic Endpoint Security rule (elastic#74317) ## Summary Fixes an issue where the `Severity Override` would not match for the `Elastic Endpoint Security` rule. This is a temporary fix until we can provide more robust comparisons between the user provided `severityMapping.value` (string) and the `severityMapping.field`'s type. ### Checklist - [x] [Unit or functional tests](https:/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
spong
added a commit
to spong/kibana
that referenced
this pull request
Aug 5, 2020
…for Elastic Endpoint Security rule (elastic#74317) ## Summary Fixes an issue where the `Severity Override` would not match for the `Elastic Endpoint Security` rule. This is a temporary fix until we can provide more robust comparisons between the user provided `severityMapping.value` (string) and the `severityMapping.field`'s type. ### Checklist - [x] [Unit or functional tests](https:/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
spong
added a commit
that referenced
this pull request
Aug 5, 2020
…for Elastic Endpoint Security rule (#74317) (#74325) ## Summary Fixes an issue where the `Severity Override` would not match for the `Elastic Endpoint Security` rule. This is a temporary fix until we can provide more robust comparisons between the user provided `severityMapping.value` (string) and the `severityMapping.field`'s type. ### Checklist - [x] [Unit or functional tests](https:/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
spong
added a commit
that referenced
this pull request
Aug 5, 2020
…for Elastic Endpoint Security rule (#74317) (#74324) ## Summary Fixes an issue where the `Severity Override` would not match for the `Elastic Endpoint Security` rule. This is a temporary fix until we can provide more robust comparisons between the user provided `severityMapping.value` (string) and the `severityMapping.field`'s type. ### Checklist - [x] [Unit or functional tests](https:/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Aug 5, 2020
* master: (74 commits) [Discover] Inline noWhiteSpace function (elastic#74331) [DOCS] Add Observability topic (elastic#73041) skip flaky suite (elastic#74327) [Security Solution][Detections] Fixes Severity Override not matching for Elastic Endpoint Security rule (elastic#74317) [Security Solution][Exceptions] - Fixes exceptions builder nested deletion issue and adds unit tests (elastic#74250) Fixed Alert details does not update page title and breadcrumb (elastic#74214) [src/dev/build] build Kibana Platform bundles from source (elastic#73591) [Reporting] Shorten asset path to help CLI FS Watcher (elastic#74185) Fix TMS not loaded in legacy maps (elastic#73570) [Security Solution] styling for notes' panel (elastic#74274) [Security Solution][Tech Debt] cleans up ts-ignore issues and some smaller linter issues (elastic#74268) Make the actions plugin support generics (elastic#71439) [Security Solution] Keep original note creator (elastic#74203) [CI] Fix xpack kibana build dir in xpack visual regression script [CI] Fix baseline_capture job by adding parallel process number back [Monitoring] Ensure setup mode works on cloud but only for alerts (elastic#73127) [Maps] Custom color ramps should show correctly on the map for mvt layers (elastic#74169) [kbn/optimizer] remove unused modules (elastic#74195) [CI] Add pipeline task queue framework and merge workers into one (elastic#71268) Using msearch for tree api endpoint (elastic#73813) ...
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Aug 5, 2020
* master: (115 commits) [Logs UI] Correct trial period duration in anomaly splash screen (elastic#74249) [Discover] Inline noWhiteSpace function (elastic#74331) [DOCS] Add Observability topic (elastic#73041) skip flaky suite (elastic#74327) [Security Solution][Detections] Fixes Severity Override not matching for Elastic Endpoint Security rule (elastic#74317) [Security Solution][Exceptions] - Fixes exceptions builder nested deletion issue and adds unit tests (elastic#74250) Fixed Alert details does not update page title and breadcrumb (elastic#74214) [src/dev/build] build Kibana Platform bundles from source (elastic#73591) [Reporting] Shorten asset path to help CLI FS Watcher (elastic#74185) Fix TMS not loaded in legacy maps (elastic#73570) [Security Solution] styling for notes' panel (elastic#74274) [Security Solution][Tech Debt] cleans up ts-ignore issues and some smaller linter issues (elastic#74268) Make the actions plugin support generics (elastic#71439) [Security Solution] Keep original note creator (elastic#74203) [CI] Fix xpack kibana build dir in xpack visual regression script [CI] Fix baseline_capture job by adding parallel process number back [Monitoring] Ensure setup mode works on cloud but only for alerts (elastic#73127) [Maps] Custom color ramps should show correctly on the map for mvt layers (elastic#74169) [kbn/optimizer] remove unused modules (elastic#74195) [CI] Add pipeline task queue framework and merge workers into one (elastic#71268) ...
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Aug 5, 2020
* master: (154 commits) [ML] Fix initial plugin's bundle size (elastic#74047) [Ingest Manager] prevent crash on unhandled rejection from setupIngestManager (elastic#74300) [Logs UI] Correct trial period duration in anomaly splash screen (elastic#74249) [Discover] Inline noWhiteSpace function (elastic#74331) [DOCS] Add Observability topic (elastic#73041) skip flaky suite (elastic#74327) [Security Solution][Detections] Fixes Severity Override not matching for Elastic Endpoint Security rule (elastic#74317) [Security Solution][Exceptions] - Fixes exceptions builder nested deletion issue and adds unit tests (elastic#74250) Fixed Alert details does not update page title and breadcrumb (elastic#74214) [src/dev/build] build Kibana Platform bundles from source (elastic#73591) [Reporting] Shorten asset path to help CLI FS Watcher (elastic#74185) Fix TMS not loaded in legacy maps (elastic#73570) [Security Solution] styling for notes' panel (elastic#74274) [Security Solution][Tech Debt] cleans up ts-ignore issues and some smaller linter issues (elastic#74268) Make the actions plugin support generics (elastic#71439) [Security Solution] Keep original note creator (elastic#74203) [CI] Fix xpack kibana build dir in xpack visual regression script [CI] Fix baseline_capture job by adding parallel process number back [Monitoring] Ensure setup mode works on cloud but only for alerts (elastic#73127) [Maps] Custom color ramps should show correctly on the map for mvt layers (elastic#74169) ...
MindyRS
added
the
Team: SecuritySolution
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Fixes an issue where the
Severity Overridewould not match for theElastic Endpoint Securityrule. This is a temporary fix until we can provide more robust comparisons between the user providedseverityMapping.value(string) and theseverityMapping.field's type.Checklist