Skip to content

[Security Solution] Conflict modal is shown under Platinum license / Essentials tier #214302

Closed
Bug
Closed
[Security Solution] Conflict modal is shown under Platinum license / Essentials tier#214302
Bug
Assignees
maximpn
Labels
8.18 candidateFeature:Prebuilt Detection RulesSecurity Solution Prebuilt Detection Rules areaTeam: SecuritySolutionSecurity Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.Team:Detection Rule ManagementSecurity Detection Rule Management TeamTeam:Detections and RespSecurity Detection Response TeambugFixes for quality problems that affect the customer experiencefixedimpact:highAddressing this issue will have a high level of impact on the quality/strength of our product.v8.18.0
@pborgonovi

Description

@pborgonovi
pborgonovi
opened on Mar 12, 2025

Description:

When bulk updating rules in the Rule Updates table, if some of the rules have conflicts, the system displays a confirmation message indicating that users can proceed with updating auto-resolved conflict rules or opt to update only conflict-free rules. However, under a Platinum License/Essentials Tier, rule modifications and conflict reviews are not allowed.
The issue is just observed by using "Update All" button while bulk updating N rules don't result in same.
For lower licenses, bulk updates should directly update all rules.

Screenshot:

Active license:

Image

When a mix of unresolved and auto-resolved conflicts is available:

Image

When only unresolved conflicts are available:

Image

When only auto-resoled conflicts are available:

Image

Kibana/Elasticsearch Stack version:

VERSION: 8.18.0
BUILD: 82701
COMMIT: 9df464f0ca6c78d2119bbef0b32953d6ba5ff4fe

Functional Area (e.g. Endpoint management, timelines, resolver, etc.):

Prebuilt Rules

Pre requisites:

  1. Prebuilt rules are available
  2. Rule updates are available and there is a mix of unresolved and auto-resolved conflicts
  3. User is on Platinum License or Essentials Tier

Steps to reproduce:

  1. Navigate to Security > Rules > Rule Updates.
  2. Select multiple rules for bulk update, including:
  • Rules without conflicts.
  • Rules with auto-resolved conflicts.
  • Rules with unresolved conflicts.
  1. Click Update All.

Current behavior:

  • A confirmation message appears, incorrectly prompting the user about conflict rules.
  • The message implies that reviewing auto-resolved conflicts is necessary, even though rule modifications are not allowed under the current license.

Expected behavior:

  • No confirmation message should be displayed when bulk updating rules under Platinum License/Essentials Tier. Rules should be directly updated.

Metadata

Metadata

Assignees

Labels

8.18 candidateFeature:Prebuilt Detection RulesSecurity Solution Prebuilt Detection Rules areaTeam: SecuritySolutionSecurity Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.Team:Detection Rule ManagementSecurity Detection Rule Management TeamTeam:Detections and RespSecurity Detection Response TeambugFixes for quality problems that affect the customer experiencefixedimpact:highAddressing this issue will have a high level of impact on the quality/strength of our product.v8.18.0

Type

Bug

Fields

No fields configured for Bug.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions