Open benskelker opened 4 years ago
Pinging @elastic/siem (Team:SIEM)
Pinging @elastic/kibana-security (Team:Security Solution)
Please check https://github.com/elastic/kibana/issues/126756 for more information.
Validated the behavior on latest 8.15 BC and it's still valid:
https://github.com/user-attachments/assets/2ad1cc65-d120-4d92-9160-c42cbb76541f
Error logs:
{ "name": "Error", "body": { "statusCode": 500, "error": "Internal Server Error", "message": "Bulk edit failed", "attributes": { "errors": [ { "message": "Failed to load action 9683a243-bfee-4145-b275-782a0cfa4b70 (404): Saved object [action/9683a243-bfee-4145-b275-782a0cfa4b70] not found", "status_code": 400, "rules": [ { "id": "86fd47cd-5055-465c-95f9-bd120c9b2191", "name": "test" } ] } ], "results": { "updated": [], "created": [], "deleted": [], "skipped": [] }, "summary": { "failed": 1, "succeeded": 0, "skipped": 0, "total": 1 } } }, "message": "", "stack": "{\n \"statusCode\": 500,\n \"error\": \"Internal Server Error\",\n \"message\": \"Bulk edit failed\",\n \"attributes\": {\n \"errors\": [\n {\n \"message\": \"Failed to load action 9683a243-bfee-4145-b275-782a0cfa4b70 (404): Saved object [action/9683a243-bfee-4145-b275-782a0cfa4b70] not found\",\n \"status_code\": 400,\n \"rules\": [\n {\n \"id\": \"86fd47cd-5055-465c-95f9-bd120c9b2191\",\n \"name\": \"test\"\n }\n ]\n }\n ],\n \"results\": {\n \"updated\": [],\n \"created\": [],\n \"deleted\": [],\n \"skipped\": []\n },\n \"summary\": {\n \"failed\": 1,\n \"succeeded\": 0,\n \"skipped\": 0,\n \"total\": 1\n }\n }\n}" }
Downgrading the impact from Medium to Low due to the existing workaround.
After discussing with the team it was decided to keep this bug for future fix one since it prevents rule duplication (a seemingly very common use case) and the error text is not helping the user to understand why.
cc @banderror @MadameSheema
[Originally reported by @MadameSheema]
Rules with actions that have been removed cannot be duplicated.
Kibana version: 7.8.0
Steps to Reproduce:
Current Behaviour:
Expected Behaviour:
Workaround
Edit rule settings
for the affected RuleActions
, and click theX
on the connector with the error (see image below)Save changes