[Security Solution] Rule incorrectly retains customized status after reverting MITRE ATT&CK changes #208251
Assignees
Labels
bug
Fixes for quality problems that affect the customer experience
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules area
impact:high
Addressing this issue will have a high level of impact on the quality/strength of our product.
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
triage_needed
Comments
pborgonovi
added
bug
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description:
A prebuilt rule remains marked as “Customized” even after reverting a change to its MITRE ATT&CK technique, returning it to its original state.
Kibana/Elasticsearch Stack version:
VERSION: 9.0.0
BUILD: 82999
COMMIT: 00c67c3
Functional Area (e.g. Endpoint management, timelines, resolver, etc.):
Prebuilt Rules
Pre requisites:
prebuiltRulesCustomizationEnabledfeature flag is enabledSteps to reproduce:
Current behavior:
The rule remains marked as Customized, even though its configuration matches the original prebuilt version.
Expected behavior:
Once the rule’s configuration matches the original prebuilt version (with no modifications), the rule should revert to its initial status as not customized.
Screenshots:
Screen.Recording.2025-01-24.at.9.28.30.AM.mov
The text was updated successfully, but these errors were encountered: