elasticmachine
commented
2 days ago Pinging @elastic/security-solution (Team: SecuritySolution)
Open pborgonovi opened 2 days ago
elasticmachine
commented
2 days ago Pinging @elastic/security-solution (Team: SecuritySolution)
elasticmachine
commented
2 days ago Pinging @elastic/security-detections-response (Team:Detections and Resp)
elasticmachine
commented
2 days ago Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)
Describe the bug: In the rule editing UI, the fields “Author” and “License” for prebuilt rules are currently enabled, allowing users to make edits. However, when the user attempts to save the changes, errors occur:
For the Author field: “Cannot update ‘author’ field for prebuilt rules (400)” For the License field: “Cannot update ‘license’ field for prebuilt rules (400)”
The backend validation correctly blocks these changes, as these fields are not meant to be edited for prebuilt rules. However, the UI behavior is misleading, as it suggests that these fields can be modified.
Kibana/Elasticsearch Stack version: 8.x
Server OS version:
Browser and Browser OS versions:
Elastic Endpoint version:
Original install method (e.g. download page, yum, from source, etc.):
Functional Area (e.g. Endpoint management, timelines, resolver, etc.):
Steps to reproduce:
Current behavior: The “Author” and “License” fields are enabled and editable in the UI.
Expected behavior: The “Author” and “License” fields should be disabled (read-only) in the UI for prebuilt rules, preventing users from attempting to edit them.
Screenshots (if relevant):
https://github.com/user-attachments/assets/334ad2f4-4459-4749-ad68-a0de1a8f0a83
Errors in browser console (if relevant):
Provide logs and/or server output (if relevant):
Any additional context (logs, chat logs, magical formulas, etc.):