[Cloud Security] Temporarily disabled rule creation for 3P findings (#…

…196185)
elastic · Oct 15, 2024 · 3034dc8 · 3034dc8
1 parent b93d3c2
commit 3034dc8
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 10 deletions.
diff --git a/x-pack/plugins/cloud_security_posture/public/components/detection_rule_counter.tsx b/x-pack/plugins/cloud_security_posture/public/components/detection_rule_counter.tsx
@@ -17,6 +17,7 @@ import { METRIC_TYPE } from '@kbn/analytics';
 import { useHistory } from 'react-router-dom';
 import useSessionStorage from 'react-use/lib/useSessionStorage';
 import { useQueryClient } from '@tanstack/react-query';
+import { i18n as kbnI18n } from '@kbn/i18n';
 import { useFetchDetectionRulesAlertsStatus } from '../common/api/use_fetch_detection_rules_alerts_status';
 import { useFetchDetectionRulesByTags } from '../common/api/use_fetch_detection_rules_by_tags';
 import { RuleResponse } from '../common/types';
@@ -67,15 +68,30 @@ export const DetectionRuleCounter = ({ tags, createRuleFn }: DetectionRuleCounte
   }, [history]);
 
   const createDetectionRuleOnClick = useCallback(async () => {
-    uiMetricService.trackUiMetric(METRIC_TYPE.CLICK, CREATE_DETECTION_RULE_FROM_FLYOUT);
     const startServices = { analytics, notifications, i18n, theme };
-    setIsCreateRuleLoading(true);
-    const ruleResponse = await createRuleFn(http);
-    setIsCreateRuleLoading(false);
-    showCreateDetectionRuleSuccessToast(startServices, http, ruleResponse);
-    // Triggering a refetch of rules and alerts to update the UI
-    queryClient.invalidateQueries([DETECTION_ENGINE_RULES_KEY]);
-    queryClient.invalidateQueries([DETECTION_ENGINE_ALERTS_KEY]);
+
+    try {
+      setIsCreateRuleLoading(true);
+      uiMetricService.trackUiMetric(METRIC_TYPE.CLICK, CREATE_DETECTION_RULE_FROM_FLYOUT);
+
+      const ruleResponse = await createRuleFn(http);
+
+      setIsCreateRuleLoading(false);
+      showCreateDetectionRuleSuccessToast(startServices, http, ruleResponse);
+
+      // Triggering a refetch of rules and alerts to update the UI
+      queryClient.invalidateQueries([DETECTION_ENGINE_RULES_KEY]);
+      queryClient.invalidateQueries([DETECTION_ENGINE_ALERTS_KEY]);
+    } catch (e) {
+      setIsCreateRuleLoading(false);
+
+      notifications.toasts.addWarning({
+        title: kbnI18n.translate('xpack.csp.detectionRuleCounter.alerts.createRuleErrorTitle', {
+          defaultMessage: 'Coming Soon',
+        }),
+        text: e.message,
+      });
+    }
   }, [createRuleFn, http, analytics, notifications, i18n, theme, queryClient]);
 
   if (alertsIsError) return <>{'-'}</>;

diff --git a/...ecurity_posture/public/pages/configurations/utils/create_detection_rule_from_benchmark.ts b/...ecurity_posture/public/pages/configurations/utils/create_detection_rule_from_benchmark.ts
@@ -8,8 +8,8 @@
 import { HttpSetup } from '@kbn/core/public';
 import { LATEST_FINDINGS_RETENTION_POLICY } from '@kbn/cloud-security-posture-common';
 import type { CspBenchmarkRule } from '@kbn/cloud-security-posture-common/schema/rules/latest';
+import { i18n } from '@kbn/i18n';
 import { FINDINGS_INDEX_PATTERN } from '../../../../common/constants';
-
 import { createDetectionRule } from '../../../common/api/create_detection_rule';
 import { generateBenchmarkRuleTags } from '../../../../common/utils/detection_rules';
 
@@ -63,6 +63,14 @@ export const createDetectionRuleFromBenchmarkRule = async (
   http: HttpSetup,
   benchmarkRule: CspBenchmarkRule['metadata']
 ) => {
+  if (!benchmarkRule.benchmark?.posture_type) {
+    throw new Error(
+      i18n.translate('xpack.csp.createDetectionRuleFromBenchmarkRule.createRuleErrorMessage', {
+        defaultMessage: 'Rule creation is currently only available for Elastic findings',
+      })
+    );
+  }
+
   return await createDetectionRule({
     http,
     rule: {

diff --git a/...sture/public/pages/vulnerabilities/utils/create_detection_rule_from_vulnerability.test.ts b/...sture/public/pages/vulnerabilities/utils/create_detection_rule_from_vulnerability.test.ts
@@ -18,7 +18,7 @@ jest.mock('../../../common/utils/is_native_csp_finding', () => ({
   isNativeCspFinding: jest.fn(),
 }));
 
-describe('CreateDetectionRuleFromVulnerability', () => {
+describe.skip('CreateDetectionRuleFromVulnerability', () => {
   describe('getVulnerabilityTags', () => {
     it('should return tags with CSP_RULE_TAG and vulnerability id', () => {
       const mockVulnerability = {

diff --git a/...ty_posture/public/pages/vulnerabilities/utils/create_detection_rule_from_vulnerability.ts b/...ty_posture/public/pages/vulnerabilities/utils/create_detection_rule_from_vulnerability.ts
@@ -13,6 +13,7 @@ import {
   VULNERABILITIES_SEVERITY,
 } from '@kbn/cloud-security-posture-common';
 import type { Vulnerability } from '@kbn/cloud-security-posture-common/schema/vulnerabilities/latest';
+import { CSP_VULN_DATASET } from '../../../common/utils/get_vendor_name';
 import { isNativeCspFinding } from '../../../common/utils/is_native_csp_finding';
 import { VULNERABILITIES_INDEX_PATTERN } from '../../../../common/constants';
 import { createDetectionRule } from '../../../common/api/create_detection_rule';
@@ -87,6 +88,15 @@ export const createDetectionRuleFromVulnerabilityFinding = async (
   http: HttpSetup,
   vulnerabilityFinding: CspVulnerabilityFinding
 ) => {
+  if (vulnerabilityFinding.data_stream?.dataset !== CSP_VULN_DATASET) {
+    throw new Error(
+      i18n.translate(
+        'xpack.csp.createDetectionRuleFromVulnerabilityFinding.createRuleErrorMessage',
+        { defaultMessage: 'Rule creation is currently only available for Elastic findings' }
+      )
+    );
+  }
+
   const tags = getVulnerabilityTags(vulnerabilityFinding);
   const vulnerability = vulnerabilityFinding.vulnerability;