Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Detections] Threshold rules can be created with fields that can't be aggregated on #79948

Closed
spong opened this issue Oct 7, 2020 · 2 comments
Closed

[Security Solution][Detections] Threshold rules can be created with fields that can't be aggregated on #79948

spong opened this issue Oct 7, 2020 · 2 comments
Assignees
@madirey
Labels
bug Fixes for quality problems that affect the customer experience Feature:Detection Rules Security Solution rules and Detection Engine Feature:Threshold Rule Security Solution Threshold rule type fixed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM

Comments

@spong
Copy link
Member

spong commented Oct 7, 2020
edited
Loading

Currently (v7.10) we're including fields that can't be aggregated on within the Threshold Rule grouping field autosuggestions. Since these fields will result in rule run failures, we should filter out all fields that can't be aggregated on.

Field selection:

Error during rule run:
@spong spong added bug Fixes for quality problems that affect the customer experience Team:SIEM Feature:Detection Rules Security Solution rules and Detection Engine Team:Detections and Resp Security Detection Response Team labels Oct 7, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/siem (Team:SIEM)

@spong spong changed the title [Security Solution][Detections] Threshold rules can be created with disallowed fields [Security Solution][Detections] Threshold rules can be created with fields that can't be aggregated on Oct 7, 2020
@MindyRS MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Oct 15, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security Solution)

@peluja1012 peluja1012 added the impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. label Oct 28, 2020
@MindyRS MindyRS added the Feature:Threshold Rule Security Solution Threshold rule type label Nov 17, 2020
@madirey madirey mentioned this issue Dec 3, 2020
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@madirey madirey

Labels
bug Fixes for quality problems that affect the customer experience Feature:Detection Rules Security Solution rules and Detection Engine Feature:Threshold Rule Security Solution Threshold rule type fixed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@madirey @peluja1012 @MindyRS @spong @elasticmachine @MadameSheema