[Security Solution] Coverage Overview page: console errors when changing a filter #164846
Assignees
Labels
8.14 candidate
bug
Fixes for quality problems that affect the customer experience
Feature:Rule Management
Security Solution Detection Rule Management area
impact:medium
Addressing this issue will have a medium level of impact on the quality/strength of our product.
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
v8.13.0
v8.14.0
Comments
banderror
added
bug
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
4 tasks
banderror
added
8.14 candidate
impact:medium
|
The error is being logged from here: |
maximpn
added a commit
that referenced
this issue
Mar 11, 2024
**Fixes: #164846 ## Summary This PR fixes MITRE ATT&CK® Coverage Overview dashboard console errors when the page loads or filter is changed. ## Details An error message `Exception list is null when it never should be. This indicates potentially that saved object migrations did not run correctly. Returning empty exception list` appears each time MITRE ATT&CK® Coverage Overview dashboard is loaded or filter is changed (which lead to data reloading). If one tried to find the source of the console error message it lead to [kibana/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/saved_object_references/inject_exceptions_list.ts](https://github.com/elastic/kibana/blob/6cb73aaec15b230a65d2e17a9d6ef970a1061709/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/saved_object_references/inject_exceptions_list.ts#L30-L33). It happens whenever there is an attempt to inject rule exceptions from SO references. This operations happens for every rule wrapped in `securityRuleTypeWrapper` and registered in `alerting` plugin. Whenever such rule if fetched via `rulesClient.find()` it invokes registered `useSavedObjectReferences.injectReferences` finally invoking mentioned above `inject_exceptions_list.ts`. Coverage Overview API endpoint fetches only necessary set of rule fields (`name`, `enabled`, `params.threat`) to reduce transferring unnecessary data. It's not hard to guess that `params.exceptionsList` is missed and it ends up to be `undefined` (it's always an array in a SO) when the validation happens in `inject_exceptions_list.ts`. So it leads to the warning message appearing. This PR removes redundant `exceptionsList` injection validation.
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Mar 11, 2024
) **Fixes: elastic#164846 ## Summary This PR fixes MITRE ATT&CK® Coverage Overview dashboard console errors when the page loads or filter is changed. ## Details An error message `Exception list is null when it never should be. This indicates potentially that saved object migrations did not run correctly. Returning empty exception list` appears each time MITRE ATT&CK® Coverage Overview dashboard is loaded or filter is changed (which lead to data reloading). If one tried to find the source of the console error message it lead to [kibana/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/saved_object_references/inject_exceptions_list.ts](https://github.com/elastic/kibana/blob/6cb73aaec15b230a65d2e17a9d6ef970a1061709/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/saved_object_references/inject_exceptions_list.ts#L30-L33). It happens whenever there is an attempt to inject rule exceptions from SO references. This operations happens for every rule wrapped in `securityRuleTypeWrapper` and registered in `alerting` plugin. Whenever such rule if fetched via `rulesClient.find()` it invokes registered `useSavedObjectReferences.injectReferences` finally invoking mentioned above `inject_exceptions_list.ts`. Coverage Overview API endpoint fetches only necessary set of rule fields (`name`, `enabled`, `params.threat`) to reduce transferring unnecessary data. It's not hard to guess that `params.exceptionsList` is missed and it ends up to be `undefined` (it's always an array in a SO) when the validation happens in `inject_exceptions_list.ts`. So it leads to the warning message appearing. This PR removes redundant `exceptionsList` injection validation. (cherry picked from commit cd16d03)
kibanamachine
referenced
this issue
Mar 11, 2024
) (#178441) # Backport This will backport the following commits from `main` to `8.13`: - [[Security Solution] Fix coverage overview console errors (#178126)](#178126) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Maxim Palenov","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-03-11T20:40:00Z","message":"[Security Solution] Fix coverage overview console errors (#178126)\n\n**Fixes: https://github.com/elastic/kibana/issues/164846**\r\n\r\n## Summary\r\n\r\nThis PR fixes MITRE ATT&CK® Coverage Overview dashboard console errors when the page loads or filter is changed.\r\n\r\n## Details\r\n\r\nAn error message `Exception list is null when it never should be. This indicates potentially that saved object migrations did not run correctly. Returning empty exception list` appears each time MITRE ATT&CK® Coverage Overview dashboard is loaded or filter is changed (which lead to data reloading).\r\n\r\nIf one tried to find the source of the console error message it lead to [kibana/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/saved_object_references/inject_exceptions_list.ts](https://github.com/elastic/kibana/blob/6cb73aaec15b230a65d2e17a9d6ef970a1061709/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/saved_object_references/inject_exceptions_list.ts#L30-L33). It happens whenever there is an attempt to inject rule exceptions from SO references. This operations happens for every rule wrapped in `securityRuleTypeWrapper` and registered in `alerting` plugin. Whenever such rule if fetched via `rulesClient.find()` it invokes registered `useSavedObjectReferences.injectReferences` finally invoking mentioned above `inject_exceptions_list.ts`. Coverage Overview API endpoint fetches only necessary set of rule fields (`name`, `enabled`, `params.threat`) to reduce transferring unnecessary data. It's not hard to guess that `params.exceptionsList` is missed and it ends up to be `undefined` (it's always an array in a SO) when the validation happens in `inject_exceptions_list.ts`. So it leads to the warning message appearing.\r\n\r\nThis PR removes redundant `exceptionsList` injection validation.","sha":"cd16d03ca9627b21452eff6b72d771318e85557f","branchLabelMapping":{"^v8.14.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","impact:medium","Team:Detections and Resp","Team: SecuritySolution","Feature:Rule Management","Team:Detection Rule Management","v8.13.0","v8.14.0"],"title":"[Security Solution] Fix coverage overview console errors","number":178126,"url":"https://github.com/elastic/kibana/pull/178126","mergeCommit":{"message":"[Security Solution] Fix coverage overview console errors (#178126)\n\n**Fixes: https://github.com/elastic/kibana/issues/164846**\r\n\r\n## Summary\r\n\r\nThis PR fixes MITRE ATT&CK® Coverage Overview dashboard console errors when the page loads or filter is changed.\r\n\r\n## Details\r\n\r\nAn error message `Exception list is null when it never should be. This indicates potentially that saved object migrations did not run correctly. Returning empty exception list` appears each time MITRE ATT&CK® Coverage Overview dashboard is loaded or filter is changed (which lead to data reloading).\r\n\r\nIf one tried to find the source of the console error message it lead to [kibana/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/saved_object_references/inject_exceptions_list.ts](https://github.com/elastic/kibana/blob/6cb73aaec15b230a65d2e17a9d6ef970a1061709/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/saved_object_references/inject_exceptions_list.ts#L30-L33). It happens whenever there is an attempt to inject rule exceptions from SO references. This operations happens for every rule wrapped in `securityRuleTypeWrapper` and registered in `alerting` plugin. Whenever such rule if fetched via `rulesClient.find()` it invokes registered `useSavedObjectReferences.injectReferences` finally invoking mentioned above `inject_exceptions_list.ts`. Coverage Overview API endpoint fetches only necessary set of rule fields (`name`, `enabled`, `params.threat`) to reduce transferring unnecessary data. It's not hard to guess that `params.exceptionsList` is missed and it ends up to be `undefined` (it's always an array in a SO) when the validation happens in `inject_exceptions_list.ts`. So it leads to the warning message appearing.\r\n\r\nThis PR removes redundant `exceptionsList` injection validation.","sha":"cd16d03ca9627b21452eff6b72d771318e85557f"}},"sourceBranch":"main","suggestedTargetBranches":["8.13"],"targetPullRequestStates":[{"branch":"8.13","label":"v8.13.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.14.0","branchLabelMappingKey":"^v8.14.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/178126","number":178126,"mergeCommit":{"message":"[Security Solution] Fix coverage overview console errors (#178126)\n\n**Fixes: https://github.com/elastic/kibana/issues/164846**\r\n\r\n## Summary\r\n\r\nThis PR fixes MITRE ATT&CK® Coverage Overview dashboard console errors when the page loads or filter is changed.\r\n\r\n## Details\r\n\r\nAn error message `Exception list is null when it never should be. This indicates potentially that saved object migrations did not run correctly. Returning empty exception list` appears each time MITRE ATT&CK® Coverage Overview dashboard is loaded or filter is changed (which lead to data reloading).\r\n\r\nIf one tried to find the source of the console error message it lead to [kibana/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/saved_object_references/inject_exceptions_list.ts](https://github.com/elastic/kibana/blob/6cb73aaec15b230a65d2e17a9d6ef970a1061709/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/saved_object_references/inject_exceptions_list.ts#L30-L33). It happens whenever there is an attempt to inject rule exceptions from SO references. This operations happens for every rule wrapped in `securityRuleTypeWrapper` and registered in `alerting` plugin. Whenever such rule if fetched via `rulesClient.find()` it invokes registered `useSavedObjectReferences.injectReferences` finally invoking mentioned above `inject_exceptions_list.ts`. Coverage Overview API endpoint fetches only necessary set of rule fields (`name`, `enabled`, `params.threat`) to reduce transferring unnecessary data. It's not hard to guess that `params.exceptionsList` is missed and it ends up to be `undefined` (it's always an array in a SO) when the validation happens in `inject_exceptions_list.ts`. So it leads to the warning message appearing.\r\n\r\nThis PR removes redundant `exceptionsList` injection validation.","sha":"cd16d03ca9627b21452eff6b72d771318e85557f"}}]}] BACKPORT--> Co-authored-by: Maxim Palenov <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Epic: https://github.com/elastic/security-team/issues/2905
Summary
When I change the selected options in the Installed rule status filter on the MITRE ATT&CK® Coverage page, I see multiple errors in the console saying that
Exception list is null when it never should be. This indicates potentially that saved object migrations did not run correctly. Returning empty exception list. The number of logged errors seem to correlate with the number of rules shown on the page:The text was updated successfully, but these errors were encountered: