Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[EDR Workflows] The host isolation exception tab is available inconsistently on the basic license #191945

Closed
1 task
muskangulati-qasource opened this issue Sep 3, 2024 · 6 comments · Fixed by #192562
Closed
1 task

[EDR Workflows] The host isolation exception tab is available inconsistently on the basic license #191945

muskangulati-qasource opened this issue Sep 3, 2024 · 6 comments · Fixed by #192562
Assignees
@szwarckonrad
Labels
8.15 candidate bug Fixes for quality problems that affect the customer experience impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. OLM Sprint Team:Defend Workflows “EDR Workflows” sub-team of Security Solution

Comments

@muskangulati-qasource
Copy link

muskangulati-qasource commented Sep 3, 2024
edited by dasansol92
Loading

Description:
The host isolation exception tab is available inconsistently on the basic license

Build Details:

VERSION: 8.15.1
BUILD: 76516
COMMIT: 1796ec02f5523bff4e449c368a3fea574d44455a

Preconditions:

  1. Kibana user should be logged in
  2. Downgrade the license to Basic

Steps to Reproduce:

  1. Deploy one agent with Defend integration
  2. Navigate to the Endpoints tab
  3. Observe the host isolation exception is available inside the policy navigation but not available on the main explore navigation

Actual Result:
The host isolation exception tab is available inconsistently on the basic license

Expected Result:
The host isolation exception tab should be removed from the policy navigation when on basic license

Screenshot
Image

Login credentials
https://p.elstc.co/paste/lgCOM6+O#5ytxelNtUrTWIMheFNPPmReoyr5baV0-LU0oDa9PuOg

Logs
N/A

AC

  •  Gate HIE tab for license lower than Platinum when no HIE records are present.
@muskangulati-qasource muskangulati-qasource added 8.15 candidate bug Fixes for quality problems that affect the customer experience impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team:Defend Workflows “EDR Workflows” sub-team of Security Solution labels Sep 3, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

@muskangulati-qasource
Copy link
Author

@sukhwindersingh-qasource please review !

@sukhwindersingh-qasource
Copy link

Secondary review for this ticket is done!

@dasansol92
Copy link
Contributor

Hi @muskangulati-qasource , were already any entries present on the system before doing the downgrade?

@muskangulati-qasource
Copy link
Author

Hi @dasansol92,

were already any entries present on the system before doing the downgrade?

No David, there were no entries created for host isolation exception.

Just to add, if we add any entry before downgrading, the expected results are correctly shown on UI. 🟢
The entry is shown and the actions are shown to delete the existing entry.

Thank you

@szwarckonrad
Copy link
Contributor

We are able to recreate it locally.
Observations:

  1. Left navbar correctly filters out Host Isolation Exceptions on Gold license.
  2. http://localhost:5601/app/security/manage doesn't include HIE card
    Image
  3. We do show HIE tab in policy detail view.
    Image
  4. route http://localhost:5601/app/security/manage is properly gated
    Image

Proposed A.C:

  1. Gate HIE tab for license lower than Platinum when no HIE records are present.

Notes:
Same behaviour on ESS and Serverless (Serverless with these changes - #191954, without them HIE is not available on Essentials with neither existing HIE and empty HIE list.)

We can probably use/copy this check https://github.com/elastic/kibana/blob/main/x-pack/plugins/security_solution/public/management/links.ts#L246 and extend this check https://github.com/elastic/kibana/blob/main/x-pack/plugins/security_solution/public/management/pages/policy/view/tabs/policy_tabs.tsx#L301

@szwarckonrad szwarckonrad mentioned this issue Sep 9, 2024
Merged
@szwarckonrad szwarckonrad linked a pull request Sep 11, 2024 that will close this issue
[EDR Workflows] The host isolation exception tab is hidden on the basic license if no artifacts #192562
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@szwarckonrad szwarckonrad

Labels
8.15 candidate bug Fixes for quality problems that affect the customer experience impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. OLM Sprint Team:Defend Workflows “EDR Workflows” sub-team of Security Solution
Projects
None yet
Milestone
No milestone
5 participants
@dasansol92 @elasticmachine @szwarckonrad @muskangulati-qasource @sukhwindersingh-qasource