search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.82k stars 8.2k forks source link

[Security Solution][Detection Engine] Alert Suppression Max Group By fields Validation Disappears When Switching Rule Type #177915

Open WafaaNasr opened 7 months ago

WafaaNasr commented 7 months ago

Kibana version:

Current version

Describe the bug:

When users switch between different rule types when adding a new rule, the validation for the Alert Suppression Max Group By fields disappear.

Steps to reproduce:

  1. Navigate to the create rule page.
  2. Choose a specific rule type (e.g., Query Rule) and configure the Alert Suppression "Group By" field with more than 3 fields.
  3. Observe that the validation for "Alert Suppression Max Group By Number" appears successfully.
  4. Switch the rule type to a different one (e.g., Indicator Match rule).
  5. Observe that the validation for "Alert Suppression Max Group By Number" disappears

Expected behavior:

The "Alert Suppression Max Group By Number" field should maintain its validation status when switching between rule types.

Any additional context:

The validation for the maximum group-by fields reappears upon the user clicking "Continue" in the Define Rule step

elasticmachine commented 7 months ago

Pinging @elastic/security-solution (Team: SecuritySolution)

elasticmachine commented 7 months ago

Pinging @elastic/security-detection-engine (Team:Detection Engine)