[Defend workflows] Osquery license check + display errors #156738
Conversation
|
Pinging @elastic/security-defend-workflows (Team:Defend Workflows) |
| const platinumLicenseRequired = 'At least Platinum license is required to use Response Actions.'; | ||
| const parametersNotFound = | ||
| "This query hasn't been called due to parameter used and its value not found in the alert."; |
There was a problem hiding this comment.
Is it possible for these to be placed in a area where both the server-side and UI side can use?
Keeping your version of these messages here feels fragile and prone to bugs if the server side errors are ever changed (by us, or a "future" us 😄 ).
There was a problem hiding this comment.
Touche, I was under the impression that we cannot use i18n on the server, but actually we can! I'll just move the logic in there.
| const parametersNotFound = | ||
| "This query hasn't been called due to parameter used and its value not found in the alert."; | ||
|
|
||
| export const getSkippedQueryError = (error: string) => { |
There was a problem hiding this comment.
can you add a return type? based on what I see in the code below, I think it should be string | null
There was a problem hiding this comment.
After applying the comment from above, this function got redundant :)
| @@ -68,12 +68,19 @@ interface CreateActionMetadata { | |||
| enableActionsWithErrors?: boolean; | |||
| } | |||
|
|
|||
| export interface ActionCreateService { | |||
💚 Build Succeeded
Metrics [docs]Public APIs missing comments
Async chunks
Unknown metric groupsAPI count
ESLint disabled line counts
References to deprecated APIs
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: cc @tomsonpl |
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…6738) (cherry picked from commit 952489f) # Conflicts: # x-pack/plugins/security_solution/common/endpoint/constants.ts # x-pack/plugins/security_solution/server/endpoint/routes/actions/list.ts # x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.test.ts # x-pack/plugins/security_solution/server/endpoint/services/actions/create/index.ts # x-pack/plugins/security_solution/server/plugin.ts
|
I have created a backport, that backports just one file - e2e utils change. To unblock 8.8 backport merges because pipelines e2e job tends to fail. |
Whenever using osquery response actions after downgrading the license, we save actions in index, but never send them to fleet. Now, next to the error of 'paramater not found' (when we use invalid parameter in {{ }} syntax ) we also provide a 'at least platinum license' error.