[Security Solution] Redundant Warning Messages in Rule Preview When Exceeding Alert Limit · elastic/kibana#211821

(3 评论) (0 反应) (0 负责人)TypeScript (19,065 star) (8,021 fork)batch import

Feature:Detection Rule PreviewTeam: SecuritySolutionTeam:Detection EngineTeam:Detections and Respbugeffort:lowgood first issueimpact:lowvalue:low

描述

Description:

When a user enters a query in Rule Preview that generates more alerts than the maximum allowed, a general warning message is correctly displayed stating that some alerts were not created. However, instead of a single warning, multiple redundant warning messages appear, each displaying the same information.

Kibana/Elasticsearch Stack version:

8.18 BC4

Functional Area (e.g. Endpoint management, timelines, resolver, etc.):

Detection Rules Preview

Steps to reproduce:

Navigate to Detection Rules and create/edit a rule.
Enter a query that is expected to generate a high number of alerts exceeding the maximum alert limit.
Click Rule Preview to preview the alerts.
Observe that multiple identical warning messages appear, instead of a single consolidated message.

Current behavior:

The UI shows multiple redundant warning messages, all conveying the same information.

Expected behavior:

A single warning message should be displayed to inform the user that the maximum alert limit has been reached, preventing unnecessary redundancy.

Screenshots:

https://github.com/user-attachments/assets/331e0c58-ae14-483d-a0a7-7840adacd7e4

贡献者指南

技术栈: typescriptreact
领域: frontendsecurity
议题类型: bug
难度: 2
预计时间: 1-3 hours
活动状态: fresh
清晰度: clear
前置要求: ReactKibana UI components
新手友好度: 80
研究方向: Examine the Security Solution's Rule Preview component to identify where warning messages are rendered. Look for any loop or repeated rendering causing multiple warnings. Check if a state variable is not being reset properly. Consider using a flag to ensure only one warning is shown at a time. The likely location is in the rule preview container or a related hook.