[SIEM][Detection Engine] Fixes tags to accept characters such as AND, OR, (, ), ", *#74003
Merged
FrankHassanabad merged 5 commits intoelastic:masterfrom Aug 1, 2020
Merged
Conversation
…ND, (, by adding the double quotes around the KQL
Contributor
|
Pinging @elastic/siem (Team:SIEM) |
FrankHassanabad
added
release_note:fix
bug
…escription searches stay the same to allow for glob support
FrankHassanabad
changed the title
FrankHassanabad
changed the title
FrankHassanabad
changed the title
dhurley14
approved these changes
Jul 31, 2020
Contributor
dhurley14
left a comment
dhurley14
left a comment
There was a problem hiding this comment.
Tested filtering on all rules page with the tags in the below screenshot. LGTM!
Contributor
💚 Build SucceededBuild metricsasync chunks size
History
To update your PR or re-run it, just comment with: |
FrankHassanabad
added a commit
to FrankHassanabad/kibana
that referenced
this pull request
Aug 1, 2020
… OR, (, ), ", * (elastic#74003) ## Summary If you create a rule with tags that have an AND, OR, (, ), etc... then you would blow up with an error when you try to filter based off of that like the screen shot below: <img width="703" alt="Screen Shot 2020-07-31 at 1 55 31 PM" src="https://user-images.githubusercontent.com/1151048/89075547-b3206f80-d33b-11ea-9e7a-30d4a49ac1de.png"> Now you don't blow up: <img width="1708" alt="Screen Shot 2020-07-31 at 2 37 11 PM" src="https://user-images.githubusercontent.com/1151048/89075553-b582c980-d33b-11ea-807a-7d6a1d1921e8.png"> This fixes it by adding double quotes around the filters and also red/green/TDD unit tests where I first exercised the error conditions then fixed them. ### Checklist - [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
FrankHassanabad
added a commit
to FrankHassanabad/kibana
that referenced
this pull request
Aug 1, 2020
… OR, (, ), ", * (elastic#74003) ## Summary If you create a rule with tags that have an AND, OR, (, ), etc... then you would blow up with an error when you try to filter based off of that like the screen shot below: <img width="703" alt="Screen Shot 2020-07-31 at 1 55 31 PM" src="https://user-images.githubusercontent.com/1151048/89075547-b3206f80-d33b-11ea-9e7a-30d4a49ac1de.png"> Now you don't blow up: <img width="1708" alt="Screen Shot 2020-07-31 at 2 37 11 PM" src="https://user-images.githubusercontent.com/1151048/89075553-b582c980-d33b-11ea-807a-7d6a1d1921e8.png"> This fixes it by adding double quotes around the filters and also red/green/TDD unit tests where I first exercised the error conditions then fixed them. ### Checklist - [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
FrankHassanabad
added a commit
that referenced
this pull request
Aug 1, 2020
… OR, (, ), ", * (#74003) (#74033) ## Summary If you create a rule with tags that have an AND, OR, (, ), etc... then you would blow up with an error when you try to filter based off of that like the screen shot below: <img width="703" alt="Screen Shot 2020-07-31 at 1 55 31 PM" src="https://user-images.githubusercontent.com/1151048/89075547-b3206f80-d33b-11ea-9e7a-30d4a49ac1de.png"> Now you don't blow up: <img width="1708" alt="Screen Shot 2020-07-31 at 2 37 11 PM" src="https://user-images.githubusercontent.com/1151048/89075553-b582c980-d33b-11ea-807a-7d6a1d1921e8.png"> This fixes it by adding double quotes around the filters and also red/green/TDD unit tests where I first exercised the error conditions then fixed them. ### Checklist - [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
FrankHassanabad
added a commit
that referenced
this pull request
Aug 1, 2020
… OR, (, ), ", * (#74003) (#74032) ## Summary If you create a rule with tags that have an AND, OR, (, ), etc... then you would blow up with an error when you try to filter based off of that like the screen shot below: <img width="703" alt="Screen Shot 2020-07-31 at 1 55 31 PM" src="https://user-images.githubusercontent.com/1151048/89075547-b3206f80-d33b-11ea-9e7a-30d4a49ac1de.png"> Now you don't blow up: <img width="1708" alt="Screen Shot 2020-07-31 at 2 37 11 PM" src="https://user-images.githubusercontent.com/1151048/89075553-b582c980-d33b-11ea-807a-7d6a1d1921e8.png"> This fixes it by adding double quotes around the filters and also red/green/TDD unit tests where I first exercised the error conditions then fixed them. ### Checklist - [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Aug 2, 2020
* master: (39 commits) [Canvas][tech-debt] Rename __examples__ to __stories__ (elastic#73853) [Canvas] Storybook Redux Addon (elastic#73227) Use "Apply_filter_trigger" in "explore underlying data" action (elastic#71445) [maps] convert top nav config to TS (elastic#73851) [maps] fix fit to bounds for ES document layers with joins (elastic#73985) [Canvas][tech-debt] Refactor Toolbar (completes Kill Recompose.pure) (elastic#73309) [CI] In-progress Slack notifications (elastic#74012) [SIEM][Detection Engine] Fixes tags to accept characters such as AND, OR, (, ), ", * (elastic#74003) [SECURITY_SOLUTION][ENDPOINT] Fix host list Configuration Status cell link loosing list page/size state (elastic#73989) Tweak injected metadata (elastic#73990) Closes elastic#73998 by using `canAccessML` in the ML capabilities API to (elastic#73999) [SIEM] Fixes toaster errors when siemDefault index is an empty or empty spaces (elastic#73991) [Security Solution] Fix timeline pin event callback (elastic#73981) [Security Solution] Fix unexpected redirect (elastic#73969) [Metrics UI] Fix Metrics Explorer TSVB link to use workaround pattern (elastic#73986) [APM] docs: Update machine learning integration (elastic#73597) [Ingest Manager] Fix limited concurrency helper (elastic#73976) [build/sysv] fix missing env variable rename (elastic#73977) Fix a typo. (elastic#73948) [Ingest Manager] Revert fleet config concurrency rollout to rate limit (elastic#73940) ...
MindyRS
added
the
Team: SecuritySolution
Contributor
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
If you create a rule with tags that have an AND, OR, (, ), etc... then you would blow up with an error when you try to filter based off of that like the screen shot below:
Now you don't blow up:
This fixes it by adding double quotes around the filters and also red/green/TDD unit tests where I first exercised the error conditions then fixed them.
Checklist