[EDR Workflows] Enable UI for Automated Actions in more rule types (#…

…193390)
elastic · Sep 26, 2024 · 357a82c · 357a82c
1 parent d6c8840
commit 357a82c
Show file tree

Hide file tree

Showing 5 changed files with 6 additions and 27 deletions.
diff --git a/x-pack/plugins/security_solution/common/detection_engine/utils.ts b/x-pack/plugins/security_solution/common/detection_engine/utils.ts
@@ -94,13 +94,8 @@ export const isSuppressionRuleInGA = (ruleType: Type): boolean => {
   return isSuppressibleAlertRule(ruleType) && SUPPRESSIBLE_ALERT_RULES_GA.includes(ruleType);
 };
 
-export const shouldShowResponseActions = (
-  ruleType: Type | undefined,
-  automatedResponseActionsForMoreRulesEnabled: boolean
-) => {
+export const shouldShowResponseActions = (ruleType: Type | undefined) => {
   return (
-    isQueryRule(ruleType) ||
-    (automatedResponseActionsForMoreRulesEnabled &&
-      (isEsqlRule(ruleType) || isEqlRule(ruleType) || isNewTermsRule(ruleType)))
+    isQueryRule(ruleType) || isEsqlRule(ruleType) || isEqlRule(ruleType) || isNewTermsRule(ruleType)
   );
 };
diff --git a/x-pack/plugins/security_solution/common/experimental_features.ts b/x-pack/plugins/security_solution/common/experimental_features.ts
@@ -52,11 +52,6 @@ export const allowedExperimentalValues = Object.freeze({
    */
   automatedProcessActionsEnabled: true,
 
-  /**
-   * Temporary feature flag to enable the Response Actions in Rules UI - intermediate release
-   */
-  automatedResponseActionsForMoreRulesEnabled: false,
-
   /**
    * Enables the ability to send Response actions to SentinelOne and persist the results
    * in ES. Adds API changes to support `agentType` and supports `isolate` and `release`

diff --git a/...ity_solution/public/detection_engine/rule_creation/components/step_rule_actions/index.tsx b/...ity_solution/public/detection_engine/rule_creation/components/step_rule_actions/index.tsx
@@ -16,7 +16,6 @@ import type {
 } from '@kbn/triggers-actions-ui-plugin/public';
 import { UseArray } from '@kbn/es-ui-shared-plugin/static/forms/hook_form_lib';
 import type { Type } from '@kbn/securitysolution-io-ts-alerting-types';
-import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
 import { shouldShowResponseActions } from '../../../../../common/detection_engine/utils';
 import type { RuleObjectId } from '../../../../../common/api/detection_engine/model/rule_schema';
 import { ResponseActionsForm } from '../../../rule_response_actions/response_actions_form';
@@ -85,9 +84,7 @@ const StepRuleActionsComponent: FC<StepRuleActionsProps> = ({
   const {
     services: { application },
   } = useKibana();
-  const automatedResponseActionsForMoreRulesEnabled = useIsExperimentalFeatureEnabled(
-    'automatedResponseActionsForMoreRulesEnabled'
-  );
+
   const displayActionsOptions = useMemo(
     () => (
       <>
@@ -105,15 +102,15 @@ const StepRuleActionsComponent: FC<StepRuleActionsProps> = ({
     [actionMessageParams, summaryActionMessageParams]
   );
   const displayResponseActionsOptions = useMemo(() => {
-    if (shouldShowResponseActions(ruleType, automatedResponseActionsForMoreRulesEnabled)) {
+    if (shouldShowResponseActions(ruleType)) {
       return (
         <UseArray path="responseActions" initialNumberOfItems={0}>
           {ResponseActionsForm}
         </UseArray>
       );
     }
     return null;
-  }, [ruleType, automatedResponseActionsForMoreRulesEnabled]);
+  }, [ruleType]);
   // only display the actions dropdown if the user has "read" privileges for actions
   const displayActionsDropDown = useMemo(() => {
     return application.capabilities.actions.show ? (

diff --git a/...ins/security_solution/public/management/cypress/e2e/automated_response_actions/form.cy.ts b/...ins/security_solution/public/management/cypress/e2e/automated_response_actions/form.cy.ts
@@ -30,7 +30,6 @@ describe(
         kbnServerArgs: [
           `--xpack.securitySolution.enableExperimental=${JSON.stringify([
             'automatedProcessActionsEnabled',
-            'automatedResponseActionsForMoreRulesEnabled',
           ])}`,
         ],
       },

diff --git a/...k/plugins/security_solution/server/lib/detection_engine/rule_management/utils/validate.ts b/...k/plugins/security_solution/server/lib/detection_engine/rule_management/utils/validate.ts
@@ -70,14 +70,7 @@ export const validateResponseActionsPermissions = async (
   ruleUpdate: RuleCreateProps | RuleUpdateProps,
   existingRule?: RuleAlertType | null
 ): Promise<void> => {
-  const { experimentalFeatures } = await securitySolution.getConfig();
-
-  if (
-    !shouldShowResponseActions(
-      ruleUpdate.type,
-      experimentalFeatures.automatedResponseActionsForMoreRulesEnabled
-    )
-  ) {
+  if (!shouldShowResponseActions(ruleUpdate.type)) {
     return;
   }