Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] With maximum allowed value 9007199254740991 under History Window Size for New Term Rule creation, it is showing error as params invalid: Failed to parse 'historyWindowStart' (400) #195571

Open
arvindersingh-qasource opened this issue Oct 9, 2024 · 6 comments
Open

[Security Solution] With maximum allowed value 9007199254740991 under History Window Size for New Term Rule creation, it is showing error as params invalid: Failed to parse 'historyWindowStart' (400) #195571

arvindersingh-qasource opened this issue Oct 9, 2024 · 6 comments
Labels
bug Fixes for quality problems that affect the customer experience Team:Detection Engine Security Solution Detection Engine Area Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.16.0

Comments

@arvindersingh-qasource
Copy link

Describe the bug
With maximum allowed value 9007199254740991 under History Window Size for New Term Rule creation, it is showing error as params invalid: Failed to parse 'historyWindowStart' (400)

Kibana/Elasticsearch Stack version

VERSION: 8.16.0
BUILD: 78938
COMMIT: 7b832691e8b07c67b411da95b0398a04711da864

Pre Conditions

  1. Kibana v8.16.0 snapshot build be must be available

Steps

  1. Navigate to Security -> Rules -> Detection rules (SIEM).
  2. Click on Create New Rule option.
  3. Select Rule type as New Terms
  4. Add any Custom query.
  5. Under Fields , select any field from dropdown.
  6. Under History Window Size enter maximum allowed value as 9007199254740991
  7. Click on Continue button.
  8. Enter Rule Name and Description.
  9. Click on either Create rule without enabling it or Create & Enable rule.
  10. Observe there will be an error as params invalid: Failed to parse 'historyWindowStart' (400)

Expected Result

  • User should be able to create rule for all the allowed values under History Window Size field OR User should be restricted to enter large values which are not validated by application.

Screen Recording

Detection.rules.SIEM.-.Kibana.-.Google.Chrome.2024-10-09.16-25-58.mp4
@arvindersingh-qasource arvindersingh-qasource added bug Fixes for quality problems that affect the customer experience impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.16.0 labels Oct 9, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@arvindersingh-qasource
Copy link
Author

@muskangulati-qasource Please review this ticket.

Thanks.

@MadameSheema MadameSheema added Team:Detections and Resp Security Detection Response Team Team:Detection Engine Security Solution Detection Engine Area labels Oct 9, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-engine (Team:Detection Engine)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@yctercero
Copy link
Contributor

@arvindersingh-qasource thanks for filing! Just to clarify:

  • Value of 0 is correctly invalid and error shows
  • Value between 0 and max works
  • Only with max, this error is displayed?

@arvindersingh-qasource
Copy link
Author

Hi @yctercero

We have validated this issue on Kibana v8.16.0 and the issue that with max value, the error params invalid: Failed to parse 'historyWindowStart' (400) is displayed

Please find below observations

Build Details

VERSION: 8.16.0
BUILD: 79314
COMMIT: 5575428dd3aef69366cddb4ccf07a2a26d30ce48

Observations

  • Value of 0 is correctly invalid and error shows 🟢
    Image

  • Value between 0 and max works 🟢
    Image

  • Only with max, this error is displayed? 🔴
    Image

Please let us know if anything else is required from our end.

Thanks.

@yctercero yctercero removed the impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. label Feb 18, 2025
@yctercero yctercero removed their assignment Feb 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Fixes for quality problems that affect the customer experience Team:Detection Engine Security Solution Detection Engine Area Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.16.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@yctercero @elasticmachine @MadameSheema @muskangulati-qasource @arvindersingh-qasource