Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] The wrong endpoint package version is installed when prebuiltRulesPackageVersion config option is present #203471

Closed
Tracked by #201502
xcrzx opened this issue Dec 9, 2024 · 3 comments · Fixed by #205060
Closed
Tracked by #201502

[Security Solution] The wrong endpoint package version is installed when prebuiltRulesPackageVersion config option is present #203471

xcrzx opened this issue Dec 9, 2024 · 3 comments · Fixed by #205060
Assignees
@banderror
Labels
8.18 candidate bug Fixes for quality problems that affect the customer experience Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.18.0

Comments

@xcrzx
Copy link
Contributor

xcrzx commented Dec 9, 2024

Summary

The xpack.securitySolution.prebuiltRulesPackageVersion configuration option affects the installed endpoint package version.

Steps to Reproduce

  1. Specify the prebuilt rules package version in the Kibana configuration, e.g., xpack.securitySolution.prebuiltRulesPackageVersion: 8.16.2-beta.1.
  2. Call the POST internal/detection_engine/prebuilt_rules/_bootstrap endpoint.

Expected Result

The latest version of the endpoint package should be installed, regardless of the prebuiltRulesPackageVersion configuration value.

Actual Result

The endpoint package version specified in the prebuiltRulesPackageVersion configuration is attempted to be installed. If this version does not exist, the installation fails with the following error:

{
    "message": "Error installing endpoint 8.16.2-beta.1: [email protected] not found",
    "status_code": 500
}
@xcrzx xcrzx added bug Fixes for quality problems that affect the customer experience Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team triage_needed labels Dec 9, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@banderror banderror added impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. 8.18 candidate v8.18.0 and removed triage_needed labels Dec 13, 2024
@banderror banderror mentioned this issue Dec 13, 2024
Open
74 tasks
@banderror banderror self-assigned this Dec 20, 2024
@banderror banderror mentioned this issue Dec 20, 2024
Merged
2 tasks
kibanamachine pushed a commit to kibanamachine/kibana that referenced this issue Dec 23, 2024
@banderror
[Security Solution] Fix prebuilt rules bootstrap endpoint (elastic#20…
8acbb58 
…5060)

**Fixes: elastic#203471

## Summary

The `xpack.securitySolution.prebuiltRulesPackageVersion` config setting
now only affects the version of the prebuilt rules package. The
bootstrap endpoint always installs the latest version of the `endpoint`
package.

```yaml
xpack.securitySolution.prebuiltRulesPackageVersion: 8.16.2-beta.1
```

<img width="2557" alt="Screenshot_2024-12-20_at_20_58_53"
src="https://github.com/user-attachments/assets/a2a1eaad-e842-47d3-9b94-692aabfb97cc"
/>

### Checklist

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed

(cherry picked from commit de1064e)
kibanamachine pushed a commit to kibanamachine/kibana that referenced this issue Dec 23, 2024
@banderror
[Security Solution] Fix prebuilt rules bootstrap endpoint (elastic#20…
14f10f1 
…5060)

**Fixes: elastic#203471

## Summary

The `xpack.securitySolution.prebuiltRulesPackageVersion` config setting
now only affects the version of the prebuilt rules package. The
bootstrap endpoint always installs the latest version of the `endpoint`
package.

```yaml
xpack.securitySolution.prebuiltRulesPackageVersion: 8.16.2-beta.1
```

<img width="2557" alt="Screenshot_2024-12-20_at_20_58_53"
src="https://github.com/user-attachments/assets/a2a1eaad-e842-47d3-9b94-692aabfb97cc"
/>

### Checklist

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed

(cherry picked from commit de1064e)
kibanamachine pushed a commit to kibanamachine/kibana that referenced this issue Dec 23, 2024
@banderror
[Security Solution] Fix prebuilt rules bootstrap endpoint (elastic#20…
38c329a 
…5060)

**Fixes: elastic#203471

## Summary

The `xpack.securitySolution.prebuiltRulesPackageVersion` config setting
now only affects the version of the prebuilt rules package. The
bootstrap endpoint always installs the latest version of the `endpoint`
package.

```yaml
xpack.securitySolution.prebuiltRulesPackageVersion: 8.16.2-beta.1
```

<img width="2557" alt="Screenshot_2024-12-20_at_20_58_53"
src="https://github.com/user-attachments/assets/a2a1eaad-e842-47d3-9b94-692aabfb97cc"
/>

### Checklist

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed

(cherry picked from commit de1064e)
stratoula pushed a commit to stratoula/kibana that referenced this issue Jan 2, 2025
@banderror @stratoula
[Security Solution] Fix prebuilt rules bootstrap endpoint (elastic#20…
e3e4aa6 
…5060)

**Fixes: elastic#203471

## Summary

The `xpack.securitySolution.prebuiltRulesPackageVersion` config setting
now only affects the version of the prebuilt rules package. The
bootstrap endpoint always installs the latest version of the `endpoint`
package.

```yaml
xpack.securitySolution.prebuiltRulesPackageVersion: 8.16.2-beta.1
```

<img width="2557" alt="Screenshot_2024-12-20_at_20_58_53"
src="https://github.com/user-attachments/assets/a2a1eaad-e842-47d3-9b94-692aabfb97cc"
/>


### Checklist

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
benakansara pushed a commit to benakansara/kibana that referenced this issue Jan 2, 2025
@banderror @benakansara
[Security Solution] Fix prebuilt rules bootstrap endpoint (elastic#20…
d99a14c 
…5060)

**Fixes: elastic#203471

## Summary

The `xpack.securitySolution.prebuiltRulesPackageVersion` config setting
now only affects the version of the prebuilt rules package. The
bootstrap endpoint always installs the latest version of the `endpoint`
package.

```yaml
xpack.securitySolution.prebuiltRulesPackageVersion: 8.16.2-beta.1
```

<img width="2557" alt="Screenshot_2024-12-20_at_20_58_53"
src="https://github.com/user-attachments/assets/a2a1eaad-e842-47d3-9b94-692aabfb97cc"
/>


### Checklist

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
CAWilson94 pushed a commit to CAWilson94/kibana that referenced this issue Jan 13, 2025
@banderror @CAWilson94
[Security Solution] Fix prebuilt rules bootstrap endpoint (elastic#20…
99bd93b 
…5060)

**Fixes: elastic#203471

## Summary

The `xpack.securitySolution.prebuiltRulesPackageVersion` config setting
now only affects the version of the prebuilt rules package. The
bootstrap endpoint always installs the latest version of the `endpoint`
package.

```yaml
xpack.securitySolution.prebuiltRulesPackageVersion: 8.16.2-beta.1
```

<img width="2557" alt="Screenshot_2024-12-20_at_20_58_53"
src="https://github.com/user-attachments/assets/a2a1eaad-e842-47d3-9b94-692aabfb97cc"
/>


### Checklist

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
viduni94 pushed a commit to viduni94/kibana that referenced this issue Jan 23, 2025
@banderror @viduni94
[Security Solution] Fix prebuilt rules bootstrap endpoint (elastic#20…
218dd5d 
…5060)

**Fixes: elastic#203471

## Summary

The `xpack.securitySolution.prebuiltRulesPackageVersion` config setting
now only affects the version of the prebuilt rules package. The
bootstrap endpoint always installs the latest version of the `endpoint`
package.

```yaml
xpack.securitySolution.prebuiltRulesPackageVersion: 8.16.2-beta.1
```

<img width="2557" alt="Screenshot_2024-12-20_at_20_58_53"
src="https://github.com/user-attachments/assets/a2a1eaad-e842-47d3-9b94-692aabfb97cc"
/>


### Checklist

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@banderror banderror

Labels
8.18 candidate bug Fixes for quality problems that affect the customer experience Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.18.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Security Solution] Fix prebuilt rules bootstrap endpoint banderror/kibana
3 participants
@xcrzx @banderror @elasticmachine