elastic/kibana

[Security Solution] Empty Alert Table Lines Displayed in Rule Preview When No Alerts Are Found

Open

#211820 opened on Feb 19, 2025

View on GitHub
 (3 comments) (0 reactions) (0 assignees)TypeScript (19,065 stars) (8,021 forks)batch import
Feature:Detection Rule PreviewTeam: SecuritySolutionTeam:Detection EngineTeam:Detections and Respbugeffort:lowgood first issueimpact:lowvalue:low

Description

Description:

When a user enters a query that would not result any result and clicks Rule Preview, an empty alert table with blank rows is displayed if the query does not return any matching alerts.

Kibana/Elasticsearch Stack version:

8.18 BC4

Functional Area (e.g. Endpoint management, timelines, resolver, etc.):

Detection Rules Preview

Steps to reproduce:

  1. Navigate to the Rule Creation/Edit page.
  2. Enter a query in the rule configuration that is expected to return zero alerts.
  3. Click on Rule Preview to see a preview of the rule’s potential results.
  4. Observe the Rule Preview section.

Current behavior:

The alert table is displayed with empty rows, even though no alerts exist.

Expected behavior:

The empty rows should not appear in the preview.

Screenshots :

https://github.com/user-attachments/assets/ff7d7593-9edd-4ed3-ad63-dbf96b951037

Contributor guide

Tech stack
typescriptreact
Domain
frontendsecurity
Issue type
bug
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
2
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-3 hours
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
fresh
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
ReactTypeScriptKibana development setup
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
65
Research direction
Start by examining the Rule Preview component in the Kibana Security Solution plugin. Look for the React component that renders the alert table. The issue is likely a missing conditional check for an empty alerts array. Check recent comments for any additional hints or reproduction details. If the component uses a data table library, ensure empty state is handled properly.