[Security Solution] Error when importing a duplicated Endpoint Security rule with default exceptions #198461
Labels
bug
Fixes for quality problems that affect the customer experience
Feature:Rule Exceptions
Security Solution Rule Exceptions feature
Feature:Rule Import/Export
Security Solution Rule Import & Export
sdh-linked
Team:Detection Engine
Security Solution Detection Engine Area
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
triage_needed
Related to: #143864
Summary
If you try to import a duplicated Endpoint Security rule (so, it means it's a custom one) that has an exception item added to its default exception list (not the endpoint list), then overall the import fails, and:
Steps to reproduce:
Endpoint Security
rule.Endpoint Security
rule. Rename the duplicate fromEndpoint Security [Duplicate]
toEndpoint Security
(not sure if the renaming matters).Endpoint Security
.Endpoint Security
rule.Details
Use this minimal ndjson to reproduce the bug:
When you try to import it, it will call the following import API endpoint which will respond with the following error:
The text was updated successfully, but these errors were encountered: