[EDR Workflows] Prevent Event Filter list recreation with every new Cloud Workloads Defend integration #221358
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
szwarckonrad
added
release_note:skip
|
Pinging @elastic/security-defend-workflows (Team:Defend Workflows) |
...security/plugins/security_solution/server/fleet_integration/handlers/create_event_filters.ts
Outdated
Show resolved
Hide resolved
...security/plugins/security_solution/server/fleet_integration/handlers/create_event_filters.ts
Show resolved
Hide resolved
paul-tavares
approved these changes
May 30, 2025
gergoabraham
approved these changes
Jun 3, 2025
...security/plugins/security_solution/server/fleet_integration/handlers/create_event_filters.ts
Outdated
Show resolved
Hide resolved
…ent-filter-lists-creation
|
Starting backport for target branches: 8.19, 9.0 |
💛 Build succeeded, but was flaky
Failed CI StepsMetrics [docs]
History
|
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jun 3, 2025
…loud Workloads Defend integration (elastic#221358) This PR fixes a missing check for the existence of the event filter list before attempting to create it in the `packagePolicy` creation callback. This callback is triggered when adding the Cloud Workloads Defend integration. The fix follows the same pattern used in similar list-creation logic: https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/lists/server/handlers/create_exception_list_handler.ts#L39 https://github.com/user-attachments/assets/81495092-e682-4f2d-ba9c-c149d3c8936c (cherry picked from commit 539409d)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jun 3, 2025
…loud Workloads Defend integration (elastic#221358) This PR fixes a missing check for the existence of the event filter list before attempting to create it in the `packagePolicy` creation callback. This callback is triggered when adding the Cloud Workloads Defend integration. The fix follows the same pattern used in similar list-creation logic: https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/lists/server/handlers/create_exception_list_handler.ts#L39 https://github.com/user-attachments/assets/81495092-e682-4f2d-ba9c-c149d3c8936c (cherry picked from commit 539409d)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Jun 3, 2025
… new Cloud Workloads Defend integration (#221358) (#222329) # Backport This will backport the following commits from `main` to `9.0`: - [[EDR Workflows] Prevent Event Filter list recreation with every new Cloud Workloads Defend integration (#221358)](#221358) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Konrad Szwarc","email":"[email protected]"},"sourceCommit":{"committedDate":"2025-06-03T10:35:12Z","message":"[EDR Workflows] Prevent Event Filter list recreation with every new Cloud Workloads Defend integration (#221358)\n\nThis PR fixes a missing check for the existence of the event filter list\nbefore attempting to create it in the `packagePolicy` creation callback.\nThis callback is triggered when adding the Cloud Workloads Defend\nintegration.\n\nThe fix follows the same pattern used in similar list-creation logic:\n\nhttps://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/lists/server/handlers/create_exception_list_handler.ts#L39\n\n\n\nhttps://github.com/user-attachments/assets/81495092-e682-4f2d-ba9c-c149d3c8936c","sha":"539409d082f5c1416e650c452ac1474ba4d26fb8","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Defend Workflows","backport:version","v9.1.0","v8.19.0"],"title":"[EDR Workflows] Prevent Event Filter list recreation with every new Cloud Workloads Defend integration","number":221358,"url":"https://github.com/elastic/kibana/pull/221358","mergeCommit":{"message":"[EDR Workflows] Prevent Event Filter list recreation with every new Cloud Workloads Defend integration (#221358)\n\nThis PR fixes a missing check for the existence of the event filter list\nbefore attempting to create it in the `packagePolicy` creation callback.\nThis callback is triggered when adding the Cloud Workloads Defend\nintegration.\n\nThe fix follows the same pattern used in similar list-creation logic:\n\nhttps://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/lists/server/handlers/create_exception_list_handler.ts#L39\n\n\n\nhttps://github.com/user-attachments/assets/81495092-e682-4f2d-ba9c-c149d3c8936c","sha":"539409d082f5c1416e650c452ac1474ba4d26fb8"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.19"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/221358","number":221358,"mergeCommit":{"message":"[EDR Workflows] Prevent Event Filter list recreation with every new Cloud Workloads Defend integration (#221358)\n\nThis PR fixes a missing check for the existence of the event filter list\nbefore attempting to create it in the `packagePolicy` creation callback.\nThis callback is triggered when adding the Cloud Workloads Defend\nintegration.\n\nThe fix follows the same pattern used in similar list-creation logic:\n\nhttps://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/lists/server/handlers/create_exception_list_handler.ts#L39\n\n\n\nhttps://github.com/user-attachments/assets/81495092-e682-4f2d-ba9c-c149d3c8936c","sha":"539409d082f5c1416e650c452ac1474ba4d26fb8"}},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Konrad Szwarc <[email protected]>
kibanamachine
added a commit
that referenced
this pull request
Jun 3, 2025
…y new Cloud Workloads Defend integration (#221358) (#222328) # Backport This will backport the following commits from `main` to `8.19`: - [[EDR Workflows] Prevent Event Filter list recreation with every new Cloud Workloads Defend integration (#221358)](#221358) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Konrad Szwarc","email":"[email protected]"},"sourceCommit":{"committedDate":"2025-06-03T10:35:12Z","message":"[EDR Workflows] Prevent Event Filter list recreation with every new Cloud Workloads Defend integration (#221358)\n\nThis PR fixes a missing check for the existence of the event filter list\nbefore attempting to create it in the `packagePolicy` creation callback.\nThis callback is triggered when adding the Cloud Workloads Defend\nintegration.\n\nThe fix follows the same pattern used in similar list-creation logic:\n\nhttps://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/lists/server/handlers/create_exception_list_handler.ts#L39\n\n\n\nhttps://github.com/user-attachments/assets/81495092-e682-4f2d-ba9c-c149d3c8936c","sha":"539409d082f5c1416e650c452ac1474ba4d26fb8","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Defend Workflows","backport:version","v9.1.0","v8.19.0"],"title":"[EDR Workflows] Prevent Event Filter list recreation with every new Cloud Workloads Defend integration","number":221358,"url":"https://github.com/elastic/kibana/pull/221358","mergeCommit":{"message":"[EDR Workflows] Prevent Event Filter list recreation with every new Cloud Workloads Defend integration (#221358)\n\nThis PR fixes a missing check for the existence of the event filter list\nbefore attempting to create it in the `packagePolicy` creation callback.\nThis callback is triggered when adding the Cloud Workloads Defend\nintegration.\n\nThe fix follows the same pattern used in similar list-creation logic:\n\nhttps://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/lists/server/handlers/create_exception_list_handler.ts#L39\n\n\n\nhttps://github.com/user-attachments/assets/81495092-e682-4f2d-ba9c-c149d3c8936c","sha":"539409d082f5c1416e650c452ac1474ba4d26fb8"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.19"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/221358","number":221358,"mergeCommit":{"message":"[EDR Workflows] Prevent Event Filter list recreation with every new Cloud Workloads Defend integration (#221358)\n\nThis PR fixes a missing check for the existence of the event filter list\nbefore attempting to create it in the `packagePolicy` creation callback.\nThis callback is triggered when adding the Cloud Workloads Defend\nintegration.\n\nThe fix follows the same pattern used in similar list-creation logic:\n\nhttps://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/lists/server/handlers/create_exception_list_handler.ts#L39\n\n\n\nhttps://github.com/user-attachments/assets/81495092-e682-4f2d-ba9c-c149d3c8936c","sha":"539409d082f5c1416e650c452ac1474ba4d26fb8"}},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Konrad Szwarc <[email protected]>
|
This PR didn't make it into the latest 9.0.2 BC. Updating the labels. |
zacharyparikh
pushed a commit
to zacharyparikh/kibana
that referenced
this pull request
Jun 4, 2025
…loud Workloads Defend integration (elastic#221358) This PR fixes a missing check for the existence of the event filter list before attempting to create it in the `packagePolicy` creation callback. This callback is triggered when adding the Cloud Workloads Defend integration. The fix follows the same pattern used in similar list-creation logic: https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/lists/server/handlers/create_exception_list_handler.ts#L39 https://github.com/user-attachments/assets/81495092-e682-4f2d-ba9c-c149d3c8936c
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR fixes a missing check for the existence of the event filter list before attempting to create it in the
packagePolicycreation callback. This callback is triggered when adding the Cloud Workloads Defend integration.The fix follows the same pattern used in similar list-creation logic:
https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/lists/server/handlers/create_exception_list_handler.ts#L39
Screen.Recording.2025-05-23.at.13.42.55.mov