[Security Solution] With maximum allowed value `9007199254740991` under `History Window Size` for New Term Rule creation, it is showing error as `params invalid: Failed to parse 'historyWindowStart' (400)`

arvindersingh-qasource commented 1 month ago

Describe the bug With maximum allowed value 9007199254740991 under History Window Size for New Term Rule creation, it is showing error as params invalid: Failed to parse 'historyWindowStart' (400)

Kibana/Elasticsearch Stack version

VERSION: 8.16.0
BUILD: 78938
COMMIT: 7b832691e8b07c67b411da95b0398a04711da864

Pre Conditions

Kibana v8.16.0 snapshot build be must be available

Steps

Navigate to Security -> Rules -> Detection rules (SIEM).
Click on Create New Rule option.
Select Rule type as New Terms
Add any Custom query.
Under Fields , select any field from dropdown.
Under History Window Size enter maximum allowed value as 9007199254740991
Click on Continue button.
Enter Rule Name and Description.
Click on either Create rule without enabling it or Create & Enable rule.
Observe there will be an error as params invalid: Failed to parse 'historyWindowStart' (400)

Expected Result

User should be able to create rule for all the allowed values under History Window Size field OR User should be restricted to enter large values which are not validated by application.

Screen Recording

https://github.com/user-attachments/assets/09afd7d1-27e8-4c4e-9578-f53b2254aab5

elasticmachine commented 1 month ago

Pinging @elastic/security-solution (Team: SecuritySolution)

arvindersingh-qasource commented 1 month ago

@muskangulati-qasource Please review this ticket.

Thanks.

elasticmachine commented 1 month ago

Pinging @elastic/security-detection-engine (Team:Detection Engine)

elasticmachine commented 1 month ago

Pinging @elastic/security-detections-response (Team:Detections and Resp)

yctercero commented 1 month ago

@arvindersingh-qasource thanks for filing! Just to clarify:

Value of 0 is correctly invalid and error shows
Value between 0 and max works
Only with max, this error is displayed?

arvindersingh-qasource commented 3 weeks ago

Hi @yctercero

We have validated this issue on Kibana v8.16.0 and the issue that with max value, the error params invalid: Failed to parse 'historyWindowStart' (400) is displayed

Please find below observations

Build Details

VERSION: 8.16.0
BUILD: 79314
COMMIT: 5575428dd3aef69366cddb4ccf07a2a26d30ce48

Observations

Value of 0 is correctly invalid and error shows 🟢
Value between 0 and max works 🟢
Only with max, this error is displayed? 🔴

Please let us know if anything else is required from our end.

Thanks.

elastic / kibana