[Security Solution] Incorrect filtering behavior when combining ‘Modifications’ and ‘Tags’ filters in Rule Updates table #206132
Description
Description:
When applying both ‘Modifications’ and ‘Tags’ filters in the Rule Updates table, the system does not properly respect the ‘Modifications’ filter if the ‘Tags’ filter is also selected. Instead, it only applies the ‘Tags’ filter, resulting in the display of rules that do not meet the ‘Modifications’ criteria.
Kibana/Elasticsearch Stack version:
8.18 Snapshot
Functional Area (e.g. Endpoint management, timelines, resolver, etc.):
Prebuilt Rules
Pre requisites:
prebuiltRulesCustomizationEnabledflag is enabled- Prebuilt rules are available
- At least one prebuilt rule is customized
- Customized rule has update available
Steps to reproduce:
- Navigate to the Rule Updates table.
- Select the Modifications filter and set it to Unmodified.
- Search for a modified rule using the search bar (the rule is correctly not displayed because it does not satisfy the ‘Unmodified’ condition).
- Select the Tags filter and add a tag that is part of the rule’s tags.
- Observe that the previously modified rule is now displayed, even though it does not satisfy the Unmodified condition in the Modifications filter.
Alternative scenario:
- Apply the Tags filter first by selecting a tag associated with a modified rule.
- Then, select the Modifications filter and set it to Unmodified.
- Observe that the modified rule remains displayed, indicating that only the Tags filter is being applied, ignoring the Modifications filter.
Current behavior:
When both Modifications and Tags filters are applied, the system displays rules that match the Tags filter, ignoring the Modifications filter.
Expected behavior:
The system should respect both filters simultaneously. Rules should only be displayed if they satisfy both the Modifications and Tags filter conditions.
Screenshots: