Skip to content

[9.2] [Security Solution][Detection Engine] Fix alert count so max alerts warning shows correctly (#259199)#259804

Merged
kibanamachine merged 3 commits intoelastic:9.2from
kibanamachine:backport/9.2/pr-259199
Mar 27, 2026
Merged

[9.2] [Security Solution][Detection Engine] Fix alert count so max alerts warning shows correctly (#259199)#259804
kibanamachine merged 3 commits intoelastic:9.2from
kibanamachine:backport/9.2/pr-259199

Conversation

@kibanamachine
Copy link
Copy Markdown
Contributor

@kibanamachine kibanamachine commented Mar 26, 2026

Backport

This will backport the following commits from main to 9.2:

Questions ?

Please refer to the Backport tool documentation

@marshallmain
[Security Solution][Detection Engine] Fix alert count so max alerts w…
fe3d455 
…arning shows correctly (elastic#259199)

Fixes elastic#259169

`createEventSignal` has a bug where it returns incorrect summary results
for pages of source docs that matched no indicators. The calling code
expects `createEventSignal` to return results pertaining only to the
current page, but if no indicators are matched or an error is
encountered, the function instead returns `currentResults` i.e. the sum
of results from all prior pages. The effect is that each time a page
matches no indicators the alert count we track in `createThreatSignals`
_doubles_ because we add `currentResults` to itself.

(cherry picked from commit 22c93a4)
@kibanamachine kibanamachine added the backport This PR is a backport of another PR label Mar 26, 2026
@kibanamachine kibanamachine enabled auto-merge (squash) March 26, 2026 15:09
@kibanamachine kibanamachine mentioned this pull request Mar 26, 2026
Merged
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Mar 26, 2026
edited
Loading

💔 Build Failed

Failed CI Steps

Metrics [docs]

✅ unchanged

History

cc @marshallmain

@kibanamachine kibanamachine merged commit 9ca3852 into elastic:9.2 Mar 27, 2026
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

@marshallmain marshallmain

Labels

backport This PR is a backport of another PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kibanamachine @elasticmachine @marshallmain