[Security Solution] Implement rule upgrade concurrency control #200134
Description
Metadata
Metadata
Assignees
Labels
Security Solution Prebuilt Detection Rules areaSecurity Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.Security Detection Rule Management TeamSecurity Detection Response TeamFixes for quality problems that affect the customer experienceAddressing this issue will have a high level of impact on the quality/strength of our product.
Type
Fields
Give feedbackNo fields configured for Bug.
Summary
The
UpgradePrebuiltRulesTableContextcurrently doesn’t consider rule revisions and target versions. It's possible for users to start resolving rule upgrades in the UI while a new package version is installed in the background. In such cases, all user-resolved values should be invalidated to prevent potential issues. Without this, users may unknowingly apply updates to an outdated version, resulting in unpredictable outcomes and difficult-to-debug situations.User-resolved values should be invalidated in the following situations:
revisionhas been fetched. In this case, another user concurrently edited the ruletargetrule with a higherversionhas been fetched. In this case, a newer rule package version was installed asynchronously