Epics: https://github.com/elastic/security-team/issues/1974 (internal), #174168
Kibana version: Latest and all previous
PR: #203993
Summary
Describe the bug:
When creating or editing a Custom Query rule, if the query is long enough so that it exceeds the maximum height of query field, the content is truncated and the field cannot be scrolled downwards. This prevents the user from seeing or modifying the hidden part of the query, at the end.
Steps to reproduce:
- Navigate to Rule Creation and select Custom Query rule.
- Type in the custom query example pasted in the detail below.
- Notice that the end is not visible and cannot be scrolled to.
Long Custom query example: Details
host.os.type:linux and event.category:file and event.action:("creation" or "file_create_event") and file.path:(
/etc/systemd/system/* or
/usr/local/lib/systemd/system/* or
/lib/systemd/system/* or
/usr/lib/systemd/system/* or
/home/*/.config/systemd/user/*
) and
not (
process.name:(
"dpkg" or "dockerd" or "rpm" or "snapd" or "yum" or "exe" or "dnf" or "dnf-automatic" or python* or "puppetd" or
"elastic-agent" or "cinc-client" or "chef-client" or "pacman" or "puppet" or "cloudflared" or "packagekitd" or
"podman"
) or
file.extension:("swp" or "swpx")
) and
not (
process.name:(
"dpkg" or "dockerd" or "rpm" or "snapd" or "yum" or "exe" or "dnf" or "dnf-automatic" or python* or "puppetd" or
"elastic-agent" or "cinc-client" or "chef-client" or "pacman" or "puppet" or "cloudflared" or "packagekitd" or
"podman"
) or
file.extension:("swp" or "swpx")
) and
not (
process.name:(
"dpkg" or "dockerd" or "rpm" or "snapd" or "yum" or "exe" or "dnf" or "dnf-automatic" or python* or "puppetd" or
"elastic-agent" or "cinc-client" or "chef-client" or "pacman" or "puppet" or "cloudflared" or "packagekitd" or
"podman"
) or
file.extension:("swp" or "swpx")
) and
not (
process.name:(
"dpkg" or "dockerd" or "rpm" or "snapd" or "yum" or "exe" or "dnf" or "dnf-automatic" or python* or "puppetd" or
"elastic-agent" or "cinc-client" or "chef-client" or "pacman" or "puppet" or "cloudflared" or "packagekitd" or
"podman"
) or
file.extension:("swp" or "swpx")
)
Expected behavior:
If the query is long enough, users should be able to scroll down through the field containing the field.
Screenshots (if relevant):
Any additional context:
This bug becomes especially critical in the context of the Prebuilt Rule Customization epic, since we will allow users to customize their Custom Query prebuilt rules. It is almost a certainty that users will install Custom Query rules with very long queries, and they should be able to customize them with a good UX/UI.
Epics: https://github.com/elastic/security-team/issues/1974 (internal), #174168
Kibana version: Latest and all previous
PR: #203993
Summary
Describe the bug:
When creating or editing a Custom Query rule, if the query is long enough so that it exceeds the maximum height of query field, the content is truncated and the field cannot be scrolled downwards. This prevents the user from seeing or modifying the hidden part of the query, at the end.
Steps to reproduce:
Details
host.os.type:linux and event.category:file and event.action:("creation" or "file_create_event") and file.path:( /etc/systemd/system/* or /usr/local/lib/systemd/system/* or /lib/systemd/system/* or /usr/lib/systemd/system/* or /home/*/.config/systemd/user/* ) and not ( process.name:( "dpkg" or "dockerd" or "rpm" or "snapd" or "yum" or "exe" or "dnf" or "dnf-automatic" or python* or "puppetd" or "elastic-agent" or "cinc-client" or "chef-client" or "pacman" or "puppet" or "cloudflared" or "packagekitd" or "podman" ) or file.extension:("swp" or "swpx") ) and not ( process.name:( "dpkg" or "dockerd" or "rpm" or "snapd" or "yum" or "exe" or "dnf" or "dnf-automatic" or python* or "puppetd" or "elastic-agent" or "cinc-client" or "chef-client" or "pacman" or "puppet" or "cloudflared" or "packagekitd" or "podman" ) or file.extension:("swp" or "swpx") ) and not ( process.name:( "dpkg" or "dockerd" or "rpm" or "snapd" or "yum" or "exe" or "dnf" or "dnf-automatic" or python* or "puppetd" or "elastic-agent" or "cinc-client" or "chef-client" or "pacman" or "puppet" or "cloudflared" or "packagekitd" or "podman" ) or file.extension:("swp" or "swpx") ) and not ( process.name:( "dpkg" or "dockerd" or "rpm" or "snapd" or "yum" or "exe" or "dnf" or "dnf-automatic" or python* or "puppetd" or "elastic-agent" or "cinc-client" or "chef-client" or "pacman" or "puppet" or "cloudflared" or "packagekitd" or "podman" ) or file.extension:("swp" or "swpx") )Expected behavior:
If the query is long enough, users should be able to scroll down through the field containing the field.
Screenshots (if relevant):
Any additional context:
This bug becomes especially critical in the context of the Prebuilt Rule Customization epic, since we will allow users to customize their Custom Query prebuilt rules. It is almost a certainty that users will install Custom Query rules with very long queries, and they should be able to customize them with a good UX/UI.