You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If a user adds a new value to a previously empty field, saves the rule, and then removes the value to return it to its original state, the rule correctly reverts to is_customized: false. However, if a user modifies an existing value and then reverts the change, the rule remains marked as “Customized.”
Kibana/Elasticsearch Stack version:
8.x
Functional Area (e.g. Endpoint management, timelines, resolver, etc.):
Prebuilt Rules
Pre requisites:
prebuiltRulesCustomizationEnabled Feature Flag is enabled
Prebuilt rules are available
Steps to reproduce:
Navigate to the Rules Management page and locate a prebuilt rule.
Edit the rule and modify an existing value (e.g., query).
Save the changes.
Observe that the rule is marked as Customized.
Edit the rule again and undo the change, returning the field to its original value.
Repeat the process, but this time:
Add a new value to a previously empty field (e.g., add a new tag, new integration).
Save the rule (it should be marked as Customized).
Remove the value, returning the rule to its original state.
Save the rule again.
Current behavior:
Scenario 1: When modifying and reverting an existing value:
The rule remains marked as Customized, even though the change is undone, and the rule matches its original state.
Scenario 2: When adding and removing a new value:
The rule is correctly reverted to not Customized (is_customized: false) after the value is removed.
Expected behavior:
In both scenarios, when a user undoes all changes to a prebuilt rule, the rule should return to its original state and be marked as not Customized (is_customized: false).
Describe the bug:
If a user adds a new value to a previously empty field, saves the rule, and then removes the value to return it to its original state, the rule correctly reverts to is_customized: false. However, if a user modifies an existing value and then reverts the change, the rule remains marked as “Customized.”
Kibana/Elasticsearch Stack version:
8.x
Functional Area (e.g. Endpoint management, timelines, resolver, etc.):
Prebuilt Rules
Pre requisites:
prebuiltRulesCustomizationEnabledFeature Flag is enabledSteps to reproduce:
Current behavior:
Scenario 1: When modifying and reverting an existing value:
The rule remains marked as Customized, even though the change is undone, and the rule matches its original state.
Scenario 2: When adding and removing a new value:
The rule is correctly reverted to not Customized (is_customized: false) after the value is removed.
Expected behavior:
In both scenarios, when a user undoes all changes to a prebuilt rule, the rule should return to its original state and be marked as not Customized (is_customized: false).
Screenshots (if relevant):
Modifying an existing value:
Screen.Recording.2024-12-05.at.9.05.26.AM.mov
Adding new value:
Screen.Recording.2024-12-05.at.9.07.53.AM.mov