Skip to content

[SIEM][Detections Engine] - Fix initial 400 error on signals search #70618

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 2, 2020
Merged

[SIEM][Detections Engine] - Fix initial 400 error on signals search #70618

merged 2 commits into from
Jul 2, 2020

Conversation

@yctercero
Copy link
Contributor

@yctercero yctercero commented Jul 2, 2020

Summary

On initial render of the SIEM pages, a 400 error was showing for POST http://localhost:5601/api/detection_engine/signals/search. The error being received was the following:

error: "Bad Request"
message: "[request body]: Invalid value "0" supplied to "size""
statusCode: 400

This PR is a temporary fix for this bug. This initial call is being used to populate the Last alert text that shows at the top of a number of the pages. The reason the size was 0 is because we weren't interested in the signals themselves, just the timestamp of the last alert. Teamed up with @XavierM and it seems to us that the issue is the server side validation. It may be Hapi misreading the 0 as false or our updated validation not accepting size 0.

Created a ticket to follow up on #70613

Bug

bug

Fix

fix

Checklist

@yctercero yctercero requested review from a team as code owners July 2, 2020 16:01
@yctercero yctercero self-assigned this Jul 2, 2020
@elasticmachine
Copy link
Contributor

elasticmachine commented Jul 2, 2020

Pinging @elastic/siem (Team:SIEM)

@yctercero
Copy link
Contributor Author

yctercero commented Jul 2, 2020

@elasticmachine merge upstream

@kibanamachine
Copy link
Contributor

kibanamachine commented Jul 2, 2020

💚 Build Succeeded

Build metrics

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@yctercero yctercero merged commit 6a33a78 into elastic:master Jul 2, 2020
yctercero added a commit to yctercero/kibana that referenced this pull request Jul 2, 2020
@yctercero
fix 400 error on initial signals search (elastic#70618)
18aad76 
### Summary

On initial render of the SIEM pages, a 400 error was showing for POST http://localhost:5601/api/detection_engine/signals/search. This PR is a temporary fix for this bug. This initial call is being used to populate the Last alert text that shows at the top of a number of the pages. The reason the size was 0 is because we weren't interested in the signals themselves, just the timestamp of the last alert. Teamed up with @XavierM and it seems to us that the issue is the server side validation. It may be Hapi misreading the 0 as false or our updated validation not accepting size 0.
This was referenced Jul 2, 2020
Merged
Merged
yctercero added a commit to yctercero/kibana that referenced this pull request Jul 2, 2020
@yctercero
fix 400 error on initial signals search (elastic#70618)
41fa155 
### Summary

On initial render of the SIEM pages, a 400 error was showing for POST http://localhost:5601/api/detection_engine/signals/search. This PR is a temporary fix for this bug. This initial call is being used to populate the Last alert text that shows at the top of a number of the pages. The reason the size was 0 is because we weren't interested in the signals themselves, just the timestamp of the last alert. Teamed up with @XavierM and it seems to us that the issue is the server side validation. It may be Hapi misreading the 0 as false or our updated validation not accepting size 0.
# Conflicts:
#	x-pack/plugins/security_solution/public/alerts/components/alerts_info/query.dsl.ts
yctercero added a commit that referenced this pull request Jul 3, 2020
@yctercero
fix 400 error on initial signals search (#70618) (#70662)
3385545 
### Summary

On initial render of the SIEM pages, a 400 error was showing for POST http://localhost:5601/api/detection_engine/signals/search. This PR is a temporary fix for this bug. This initial call is being used to populate the Last alert text that shows at the top of a number of the pages. The reason the size was 0 is because we weren't interested in the signals themselves, just the timestamp of the last alert. Teamed up with @XavierM and it seems to us that the issue is the server side validation. It may be Hapi misreading the 0 as false or our updated validation not accepting size 0.
yctercero added a commit that referenced this pull request Jul 3, 2020
@yctercero
[7.8] fix 400 error on initial signals search (#70618) (#70663)
7e5dead 
* fix 400 error on initial signals search (#70618)

### Summary

On initial render of the SIEM pages, a 400 error was showing for POST http://localhost:5601/api/detection_engine/signals/search. This PR is a temporary fix for this bug. This initial call is being used to populate the Last alert text that shows at the top of a number of the pages. The reason the size was 0 is because we weren't interested in the signals themselves, just the timestamp of the last alert. Teamed up with @XavierM and it seems to us that the issue is the server side validation. It may be Hapi misreading the 0 as false or our updated validation not accepting size 0.
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jul 3, 2020
@gmmorris
Merge branch 'master' into alerting/consumer-based-rbac
e4a16c7 
* master: (32 commits)
  [Ingest Pipelines] Load from json (elastic#70297)
  [Rum Dashbaord] Rum selected service view (elastic#70579)
  [Uptime] Prevent duplicate requests on load for index status (elastic#70585)
  [ML] Changing shared module setup function parameters (elastic#70589)
  [Ingest Manager] Add ability to sort to agent configs and package configs (elastic#70676)
  [Alerting] document requirements for developing new action types (elastic#69164)
  Fixed adding an extra space character on selecting alert variable in action text fields (elastic#70028)
  [Maps] show vector tile labels on top (elastic#69444)
  chore(NA): upgrade to lodash@4 (elastic#69868)
  Add Snapshot Restore README with quick-testing steps. (elastic#70494)
  [EPM] Use higher priority than default templates (elastic#70640)
  [Maps] Fix cannot select Solid fill-color when removing fields (elastic#70621)
  [kbn/optimizer] only build specified themes (elastic#70389)
  Fix saved query modal overlay (elastic#68826)
  Update component templates list to render empty prompt inside of content container. Show detail panel when deep-linked, even if there are no component templates. (elastic#70633)
  [Security Solution] Renames the `Investigate in Resolver` Timeline action (elastic#70634)
  fix 400 error on initial signals search (elastic#70618)
  [Maps] fix unable to edit heatmap metric (elastic#70606)
  Update network idle timeout (elastic#70629)
  [APM] Disable flaky useFetcher test (elastic#70638)
  ...
@spong spong mentioned this pull request Jul 9, 2020
Closed
@yctercero yctercero deleted the search_bug branch October 14, 2020 12:00
@MindyRS MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Sep 23, 2021
@elasticmachine
Copy link
Contributor

elasticmachine commented Sep 23, 2021

Pinging @elastic/security-solution (Team: SecuritySolution)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@XavierM XavierM XavierM approved these changes

Assignees

@yctercero yctercero

Labels

release_note:fix Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM v7.8.0 v7.9.0 v8.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@yctercero @elasticmachine @kibanamachine @XavierM @MindyRS