Skip to content

[8.18] [ResponseOps][Rules] Cases action title length too long (#219226)#219908

Merged
kibanamachine merged 1 commit intoelastic:8.18from
kibanamachine:backport/8.18/pr-219226
May 2, 2025
Merged

[8.18] [ResponseOps][Rules] Cases action title length too long (#219226)#219908
kibanamachine merged 1 commit intoelastic:8.18from
kibanamachine:backport/8.18/pr-219226

Conversation

@kibanamachine
Copy link
Copy Markdown
Contributor

@kibanamachine kibanamachine commented May 2, 2025

Backport

This will backport the following commits from main to 8.18:

Questions ?

Please refer to the Backport tool documentation

@georgianaonoleata1904
[ResponseOps][Rules] Cases action title length too long (elastic#219226)
f96a6f7 
Closes elastic#217007

## Summary

This PR updates the logic in the getCasesTitle function to better
control and format the generated case title, ensuring it compiles with
the length limits.

The case title is formed by concatenating:  `Rule name` + `suffix`
The `suffix` is structured as: ` - Grouping by` + `grouping description`
+ `(counter)` + `(Auto-created)`
The problem occurs when a rule with a very long name is created, a cases
action is added to that rule and the group by alert field is
**rule.name**. In this scenario, the rule name and the grouping
description become very long and if the case title exceeds the
160-character limit, the case won't be created.

What changed:
- `Rule name truncation`:
- the **rule name** is now trimmed to a maximum of **100**
**characters** (including `...` if needed)
- `Suffix restructuring`:
    - the total **suffix** length is limited to **60 characters**
- the **grouping description** is dynamically trimmed (with `...`) to
ensure the suffix doesn't exceed the limit

(cherry picked from commit 6d95b2a)
@kibanamachine kibanamachine added the backport This PR is a backport of another PR label May 2, 2025
@kibanamachine kibanamachine enabled auto-merge (squash) May 2, 2025 09:51
@kibanamachine kibanamachine mentioned this pull request May 2, 2025
Merged
@prodsecmachine
Copy link
Copy Markdown
Collaborator

prodsecmachine commented May 2, 2025
edited
Loading

🎉 Snyk checks have passed. No issues have been found so far.

security/snyk check is complete. No issues have been found. (View Details)

license/snyk check is complete. No issues have been found. (View Details)

@kibanamachine kibanamachine merged commit 238e353 into elastic:8.18 May 2, 2025
11 checks passed
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented May 2, 2025

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #9 / Security Solution - Telemetry Security Telemetry - Indices metadata task telemetry @ess indices metadata should publish ilm policy events

Metrics [docs]

✅ unchanged

cc @georgianaonoleata1904

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

@georgianaonoleata1904 georgianaonoleata1904

Labels

backport This PR is a backport of another PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@kibanamachine @prodsecmachine @elasticmachine @georgianaonoleata1904