Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[8.x] [Security Solution] Allow exporting of prebuilt rules via the A…
…PI (#194498) (#196447) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] Allow exporting of prebuilt rules via the API (#194498)](#194498) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Ryland Herrick","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-10-15T21:26:25Z","message":"[Security Solution] Allow exporting of prebuilt rules via the API (#194498)\n\n## Summary\r\n\r\nThis PR introduces the backend functionality necessary to export\r\nprebuilt rules via our existing export APIs:\r\n\r\n1. Export Rules - POST /rules/_export \r\n2. Bulk Actions - POST /rules/_bulk_action \r\n\r\nThe [Prebuilt Rule Customization\r\nRFC](https://github.com/elastic/kibana/blob/main/x-pack/plugins/security_solution/docs/rfcs/detection_response/prebuilt_rules_customization.md)\r\ngoes into detail, and the export-specific issue is described\r\n[here](https://github.com/elastic/kibana/issues/180167#issue-2227974379).\r\n\r\n\r\n## Steps to Review\r\n1. Enable the Feature Flag: `prebuiltRulesCustomizationEnabled`\r\n1. Install the prebuilt rules package via fleet \r\n1. Install some prebuilt rules, and obtain a prebuilt rule's `rule_id`,\r\ne.g. `ac8805f6-1e08-406c-962e-3937057fa86f`\r\n1. Export the rule via the export route, e.g. (in Dev Tools):\r\n\r\n POST kbn:api/detection_engine/rules/_export\r\n \r\nNote that you may need to use the CURL equivalent for these requests, as\r\nthe dev console does not seem to handle file responses:\r\n\r\ncurl --location --request POST\r\n'http://localhost:5601/api/detection_engine/rules/_export?exclude_export_details=true&file_name=exported_rules.ndjson'\r\n\\\r\n --header 'kbn-xsrf: true' \\\r\n --header 'elastic-api-version: 2023-10-31' \\\r\n --header 'Authorization: Basic waefoijawoefiajweo=='\r\n\r\n1. Export the rule via bulk actions, e.g. (in Dev Tools):\r\n\r\n POST kbn:api/detection_engine/rules/_bulk_action\r\n {\r\n \"action\": \"export\"\r\n }\r\n \r\n1. Observe that the exported rules' fields are correct, especially\r\n`rule_source` and `immutable` (see tests added here for examples).\r\n\r\n### Checklist\r\n\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"b67bd83ea93909d809206b1004c306a11fd8ee3f","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","v8.16.0","backport:version"],"title":"[Security Solution] Allow exporting of prebuilt rules via the API","number":194498,"url":"https://github.com/elastic/kibana/pull/194498","mergeCommit":{"message":"[Security Solution] Allow exporting of prebuilt rules via the API (#194498)\n\n## Summary\r\n\r\nThis PR introduces the backend functionality necessary to export\r\nprebuilt rules via our existing export APIs:\r\n\r\n1. Export Rules - POST /rules/_export \r\n2. Bulk Actions - POST /rules/_bulk_action \r\n\r\nThe [Prebuilt Rule Customization\r\nRFC](https://github.com/elastic/kibana/blob/main/x-pack/plugins/security_solution/docs/rfcs/detection_response/prebuilt_rules_customization.md)\r\ngoes into detail, and the export-specific issue is described\r\n[here](https://github.com/elastic/kibana/issues/180167#issue-2227974379).\r\n\r\n\r\n## Steps to Review\r\n1. Enable the Feature Flag: `prebuiltRulesCustomizationEnabled`\r\n1. Install the prebuilt rules package via fleet \r\n1. Install some prebuilt rules, and obtain a prebuilt rule's `rule_id`,\r\ne.g. `ac8805f6-1e08-406c-962e-3937057fa86f`\r\n1. Export the rule via the export route, e.g. (in Dev Tools):\r\n\r\n POST kbn:api/detection_engine/rules/_export\r\n \r\nNote that you may need to use the CURL equivalent for these requests, as\r\nthe dev console does not seem to handle file responses:\r\n\r\ncurl --location --request POST\r\n'http://localhost:5601/api/detection_engine/rules/_export?exclude_export_details=true&file_name=exported_rules.ndjson'\r\n\\\r\n --header 'kbn-xsrf: true' \\\r\n --header 'elastic-api-version: 2023-10-31' \\\r\n --header 'Authorization: Basic waefoijawoefiajweo=='\r\n\r\n1. Export the rule via bulk actions, e.g. (in Dev Tools):\r\n\r\n POST kbn:api/detection_engine/rules/_bulk_action\r\n {\r\n \"action\": \"export\"\r\n }\r\n \r\n1. Observe that the exported rules' fields are correct, especially\r\n`rule_source` and `immutable` (see tests added here for examples).\r\n\r\n### Checklist\r\n\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"b67bd83ea93909d809206b1004c306a11fd8ee3f"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/194498","number":194498,"mergeCommit":{"message":"[Security Solution] Allow exporting of prebuilt rules via the API (#194498)\n\n## Summary\r\n\r\nThis PR introduces the backend functionality necessary to export\r\nprebuilt rules via our existing export APIs:\r\n\r\n1. Export Rules - POST /rules/_export \r\n2. Bulk Actions - POST /rules/_bulk_action \r\n\r\nThe [Prebuilt Rule Customization\r\nRFC](https://github.com/elastic/kibana/blob/main/x-pack/plugins/security_solution/docs/rfcs/detection_response/prebuilt_rules_customization.md)\r\ngoes into detail, and the export-specific issue is described\r\n[here](https://github.com/elastic/kibana/issues/180167#issue-2227974379).\r\n\r\n\r\n## Steps to Review\r\n1. Enable the Feature Flag: `prebuiltRulesCustomizationEnabled`\r\n1. Install the prebuilt rules package via fleet \r\n1. Install some prebuilt rules, and obtain a prebuilt rule's `rule_id`,\r\ne.g. `ac8805f6-1e08-406c-962e-3937057fa86f`\r\n1. Export the rule via the export route, e.g. (in Dev Tools):\r\n\r\n POST kbn:api/detection_engine/rules/_export\r\n \r\nNote that you may need to use the CURL equivalent for these requests, as\r\nthe dev console does not seem to handle file responses:\r\n\r\ncurl --location --request POST\r\n'http://localhost:5601/api/detection_engine/rules/_export?exclude_export_details=true&file_name=exported_rules.ndjson'\r\n\\\r\n --header 'kbn-xsrf: true' \\\r\n --header 'elastic-api-version: 2023-10-31' \\\r\n --header 'Authorization: Basic waefoijawoefiajweo=='\r\n\r\n1. Export the rule via bulk actions, e.g. (in Dev Tools):\r\n\r\n POST kbn:api/detection_engine/rules/_bulk_action\r\n {\r\n \"action\": \"export\"\r\n }\r\n \r\n1. Observe that the exported rules' fields are correct, especially\r\n`rule_source` and `immutable` (see tests added here for examples).\r\n\r\n### Checklist\r\n\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"b67bd83ea93909d809206b1004c306a11fd8ee3f"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Ryland Herrick <[email protected]>
- Loading branch information