elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.99k stars 8.24k forks source link

[Security Solution] KQL/Lucene Query bar filters generate diff when saved without changes in Prebuilt Rule Customization workflow #202966

Open maximpn opened 15 hours ago

maximpn commented 15 hours ago

Summary

Query bar for editing KQL/Lucene query allows to manage query filters. Some prebuilt rules have such filters. Saving query bar with filters leads to extra fields like alias: null appearing.

Steps to reproduce:

  1. Setup the environment as described below
  2. Open Threat Intel Hash Indicator Match rule in rule update preview flyout
  3. Edit the KQL query and save

Expected behavior: There is NO diff in query filters

Actual behavior: There is diff in query filters

Screenshots (if relevant):

Image

Setup the environment

elasticmachine commented 15 hours ago

Pinging @elastic/security-solution (Team: SecuritySolution)

elasticmachine commented 15 hours ago

Pinging @elastic/security-detections-response (Team:Detections and Resp)

elasticmachine commented 15 hours ago

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)