Skip to content

[Security Solution] Detection rule fails to install but does not show reason and the toast in the UI shows up as success #190753

Closed
Bug
#224676
Closed
[Security Solution] Detection rule fails to install but does not show reason and the toast in the UI shows up as success#190753
Bug
#224676
Assignees
nikitaindik
Labels
9.1 candidateFeature:Prebuilt Detection RulesSecurity Solution Prebuilt Detection Rules areaQA:ValidatedIssue has been validated by QATeam: SecuritySolutionSecurity Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.Team:Detection Rule ManagementSecurity Detection Rule Management TeamTeam:Detections and RespSecurity Detection Response TeambugFixes for quality problems that affect the customer experiencefixedimpact:mediumAddressing this issue will have a medium level of impact on the quality/strength of our product.
@leandrojmp

Description

@leandrojmp
leandrojmp
opened on Aug 20, 2024

Related to: #197246

Describe the bug:

Some detection rules uses Machine Learning, which is a licensed feature, when trying to install those rules in a cluster with the basic license it will fail, but the reason will not be given to the user and also the toast on the bottom of the screen is the success one, with the green bar, when it should be the error one, with the red bar.

Kibana/Elasticsearch Stack version:
8.15.0

Functional Area (e.g. Endpoint management, timelines, resolver, etc.):
Detection Rules

Steps to reproduce:

  1. Spin-up a cluster with basic license.
  2. Add the pre-built rules
  3. Try to install a rule that uses ML

Current behavior:

The detection rule fails to install without given the reason and the toast in the bottom of the screen is the success one with the green bar.

According to the Elastic UI, this error is using the color success and the iconType check

Expected behavior:

The detection rule fails to install, the reason is show to the user and the toast in the bottom of the screen should be the error one, with the red bar.

According to the Elastic UI it should use the color danger and the iconType error

Screenshots (if relevant):

image

Response in the developer console:

{
    "summary": {
        "total": 1,
        "succeeded": 0,
        "skipped": 0,
        "failed": 1
    },
    "results": {
        "created": [],
        "skipped": []
    },
    "errors": [
        {
            "message": "Your license does not support machine learning. Please upgrade your license.",
            "status_code": 403,
            "rules": [
                {
                    "rule_id": "0678bc9c-b71a-433b-87e6-2f664b6b3131",
                    "name": "Unusual Remote File Size"
                }
            ]
        }
    ]
}

Metadata

Metadata

Assignees

Labels

9.1 candidateFeature:Prebuilt Detection RulesSecurity Solution Prebuilt Detection Rules areaQA:ValidatedIssue has been validated by QATeam: SecuritySolutionSecurity Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.Team:Detection Rule ManagementSecurity Detection Rule Management TeamTeam:Detections and RespSecurity Detection Response TeambugFixes for quality problems that affect the customer experiencefixedimpact:mediumAddressing this issue will have a medium level of impact on the quality/strength of our product.

Type

Bug

Fields

No fields configured for Bug.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions