elastic/kibana

[Security Solution] Redundant Warning Messages in Rule Preview When Exceeding Alert Limit

Open

#211821 opened on Feb 19, 2025

View on GitHub
 (3 comments) (0 reactions) (0 assignees)TypeScript (19,065 stars) (8,021 forks)batch import
Feature:Detection Rule PreviewTeam: SecuritySolutionTeam:Detection EngineTeam:Detections and Respbugeffort:lowgood first issueimpact:lowvalue:low

Description

Description:

When a user enters a query in Rule Preview that generates more alerts than the maximum allowed, a general warning message is correctly displayed stating that some alerts were not created. However, instead of a single warning, multiple redundant warning messages appear, each displaying the same information.

Kibana/Elasticsearch Stack version:

8.18 BC4

Functional Area (e.g. Endpoint management, timelines, resolver, etc.):

Detection Rules Preview

Steps to reproduce:

  1. Navigate to Detection Rules and create/edit a rule.
  2. Enter a query that is expected to generate a high number of alerts exceeding the maximum alert limit.
  3. Click Rule Preview to preview the alerts.
  4. Observe that multiple identical warning messages appear, instead of a single consolidated message.

Current behavior:

The UI shows multiple redundant warning messages, all conveying the same information.

Expected behavior:

A single warning message should be displayed to inform the user that the maximum alert limit has been reached, preventing unnecessary redundancy.

Screenshots:

https://github.com/user-attachments/assets/331e0c58-ae14-483d-a0a7-7840adacd7e4

Contributor guide

Tech stack
typescriptreact
Domain
frontendsecurity
Issue type
bug
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
2
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-3 hours
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
fresh
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
ReactKibana UI components
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
80
Research direction
Examine the Security Solution's Rule Preview component to identify where warning messages are rendered. Look for any loop or repeated rendering causing multiple warnings. Check if a state variable is not being reset properly. Consider using a flag to ensure only one warning is shown at a time. The likely location is in the rule preview container or a related hook.