Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution]Log for deleted Value list file retains on the Upload Value List table. #100020

Closed
ghost opened this issue May 13, 2021 · 13 comments · Fixed by #111838
Closed

[Security Solution]Log for deleted Value list file retains on the Upload Value List table. #100020

ghost opened this issue May 13, 2021 · 13 comments · Fixed by #111838
Labels
bug Fixes for quality problems that affect the customer experience Feature:Rule Value Lists Security Solution Detection Rule Value Lists fixed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team:Detection Alerts Security Detection Alerts Area Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v7.13.0

Comments

@ghost
Copy link

ghost commented May 13, 2021
edited by ghost
Loading

Description:
Log for deleted Value list file retains on the Upload Value List table.

Build Details:
Version: 7.13.0 BC5
Build: 40845
Commit: ffb66d3
Artifact link: https://staging.elastic.co/7.13.0-40842f6d/summary-7.13.0.html

Browser Details:
All

Preconditions:

  • Kibana Environment should exist.
  • Endpoint security and Elastic Agent should be installed
  • Detection alters should be generated.
  • Uploaded Files should exist in the Value list table

Steps to Reproduce:

  1. Navigate to Detection tab under Security App.
  2. Click on 'Manage Detection Rules' link.
  3. Click 'Upload Value list' button.
  4. Click on 'Remove Value List' icon and Notice that a table loader runs but file log is still present in the Table.
  5. Now, again Click on 'Remove Value List' icon and 'Remove value list' pop-up will be displayed.
  6. Click on 'Remove value list' button and observe that deleted file still appears in the table.

Impacted Test case:
N/A

Actual Result:
Log for recently deleted Value list file retains in the Upload Value List table.

delete

Expected Result:
Log for recently deleted Value list file should immediately be removed from the Upload Value List table and the table list should be refreshed.

What's not working:

  • NA

What's working:

  • This issue is occurring on 'Upload Value List' table only.

Work Around

  • Refresh the browser or click on any other link to refresh the page.
@ghost ghost added bug Fixes for quality problems that affect the customer experience Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels May 13, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@ghost
Copy link
Author

ghost commented May 13, 2021

@manishgupta-qasource Please review!

@manishgupta-qasource
Copy link

Reviewed & assigned to @MadameSheema

@MadameSheema MadameSheema removed their assignment May 13, 2021
@MadameSheema MadameSheema added the Team:Detections and Resp Security Detection Response Team label May 13, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@MadameSheema
Copy link
Member

@mandeepkaur-qasource can you please confirm if after refreshing the browser the list is still present? Thank you :)

@MadameSheema
Copy link
Member

@mandeepkaur-qasource can you please also check if this bug is present on 7.12.1? Thanks :)

@ghost
Copy link
Author

ghost commented May 13, 2021

@mandeepkaur-qasource can you please confirm if after refreshing the browser the list is still present? Thank you :)

Refreshed the Browser and found that the list is not present.

Thanks!!

@ghost
Copy link
Author

ghost commented May 13, 2021

@mandeepkaur-qasource can you please also check if this bug is present on 7.12.1? Thanks :)

Cross checked this on 7.12.1 and found that it's working fine there.

Build Details:
Version: 7.12.1
Build: 39457
Commit: abb04c5

working fine

@manishgupta-qasource manishgupta-qasource added the impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. label May 13, 2021
@spong
Copy link
Member

spong commented May 13, 2021

++ @mandeepkaur-qasource, just debugged this a little and verified this is a race condition with the SO refresh. When it occurs you can see that both the delete request was successful, and the subsequent _find request from refreshing the table that the entity is still returned.

I'm not sure if the SO refresh is configurable here, but some other options to fix would be a short timeout post-successful delete (and just keep the delete loader going for a few hundred ms more), or a heavier polling action post-successful delete. I suggest we keep this issue open and dig a little deeper to see if a configurable refresh is available, and if not implement one of the lighter-weight methods to prevent users from getting in this error state.

@ghost
Copy link
Author

ghost commented May 20, 2021

++ @mandeepkaur-qasource, just debugged this a little and verified this is a race condition with the SO refresh. When it occurs you can see that both the delete request was successful, and the subsequent _find request from refreshing the table that the entity is still returned.

I'm not sure if the SO refresh is configurable here, but some other options to fix would be a short timeout post-successful delete (and just keep the delete loader going for a few hundred ms more), or a heavier polling action post-successful delete. I suggest we keep this issue open and dig a little deeper to see if a configurable refresh is available, and if not implement one of the lighter-weight methods to prevent users from getting in this error state.

Hi @spong

We have validated this ticket on 7.12.1 build & compared the results with 7.13.0 build. Below are the Observations:

7.12.1:

Build Details:
Version: 7.12.1
Build: 39457
Commit: abb04c5
Artifact link: https://staging.elastic.co/7.12.1-4d63d11a/summary-7.12.1.html

Observation:
After deleting the file, The "data:" attribute contains no information regarding deleted file.

7 12 1

** 7.13.0:**

Build Details:
Version: 7.13.0 BC9
Build: 40865
Commit: 9863e88
Artifact link: https://staging.elastic.co/7.13.0-c04b1ebc/summary-7.13.0.html

Observation:
The "data:" attribute still contains the information regarding the table data for deleted file.

7 13 0

Thanks!!

@ghost
Copy link

ghost commented Aug 13, 2021

Hi @MadameSheema ,

We have validated this ticket on 7.15.0-SNAPSHOT build and found that issue is Still Occurring.

Build Details:

Version:7.15.0 SNAPSHOT
Commit:aa12d107c38c5cda96fc32bcd1f8226df172826a
Build:43370

Screenshot:

Delete_value_list.mp4

Thanks.

@peluja1012 peluja1012 added Feature:Rule Value Lists Security Solution Detection Rule Value Lists Team:Detection Alerts Security Detection Alerts Area Team labels Sep 15, 2021
@nkhristinin nkhristinin linked a pull request Sep 15, 2021 that will close this issue
Decode file name on upload value lists and fix bug with removing value list #111838
Merged
2 tasks
@peluja1012
Copy link
Contributor

Fixed by this PR #111838. @mandeepkaur-qasource Could you please retest in the latest master build?

@ghost
Copy link
Author

ghost commented Sep 23, 2021

Hi @peluja1012,

We have validated this issue on the latest 8.0.0 Snapshot build and found that the issue has been Fixed as Log for recently deleted file immediately gets removed from the "Upload Value List" table and the table list gets refreshed. Moreover, we have also validated this defect by deleting files from different pagination links under 'Upload Value List' table and found that after deleting any uploaded file from any pagination link, the user correctly gets navigated to initial/first Value list page.

Please find the below observation:
Screen -Cast:
fix

Build Details:
Version: 8.0.0 Snapshot
Build: 46419
Commit: 525d3a5
Artifact link: https://artifacts-api.elastic.co/v1/search/8.0.0-SNAPSHOT

Hence, we are closing this issue.
Thanks!!

@ghost ghost closed this as completed Sep 23, 2021
@ghost ghost added the QA:Validated Issue has been validated by QA label Sep 23, 2021
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Fixes for quality problems that affect the customer experience Feature:Rule Value Lists Security Solution Detection Rule Value Lists fixed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. QA:Validated Issue has been validated by QA Team:Detection Alerts Security Detection Alerts Area Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v7.13.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Decode file name on upload value lists and fix bug with removing value list nkhristinin/kibana
6 participants
@peluja1012 @spong @elasticmachine @MadameSheema @marshallmain @manishgupta-qasource