[8.x] [Security Solution] Disables `author` and `licen…

…se` fields in rule edit form for prebuilt rule types (#201887) (#203001)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[Security Solution] Disables `author` and
`license` fields in rule edit form for prebuilt rule types
(#201887)](#201887)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Davis
Plumlee","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-12-04T18:17:55Z","message":"[Security
Solution] Disables `author` and `license` fields in rule edit form for
prebuilt rule types (#201887)\n\n## Summary\r\n\r\nFixes
https://github.com/elastic/kibana/issues/200251\r\n\r\n> [!NOTE] \r\n>
This bug/related fix is only visible with
the\r\n`prebuiltRulesCustomizationEnabled` feature flag turned
on.\r\n\r\nDisables `author` and `license` fields in rule edit form for
prebuilt\r\nrule types as we throw API errors when they are changed from
the\r\nexisting rule value if the rule source is
external.\r\n\r\n\r\n### Screenshots - the same prebuilt rule in the
Rule edit form\r\n**Before**\r\n<img width=\"738\" alt=\"Screenshot
2024-11-26 at 5 32
00 PM\"\r\nsrc=\"https://github.com/user-attachments/assets/6262cdb2-750a-47fb-b6b8-ec07f4acd8aa\">\r\n\r\n\r\n**After**\r\n![Screenshot
2024-12-03 at 3
22\r\n34 PM](https://github.com/user-attachments/assets/bfb4c468-3ea2-4fa0-bd36-a90c32eacce4)\r\n\r\n###
Checklist\r\n\r\nCheck the PR satisfies following conditions.
\r\n\r\nReviewers should verify this PR satisfies this list as
well.\r\n\r\n- [ ] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios","sha":"13fa5259c8df89ff5a27fe0a8214b2eb01d7ed52","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","v9.0.0","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection Rule
Management","Feature:Prebuilt Detection
Rules","backport:version","v8.17.0","v8.18.0"],"title":"[Security
Solution] Disables `author` and `license` fields in rule edit form for
prebuilt rule
types","number":201887,"url":"https://github.com/elastic/kibana/pull/201887","mergeCommit":{"message":"[Security
Solution] Disables `author` and `license` fields in rule edit form for
prebuilt rule types (#201887)\n\n## Summary\r\n\r\nFixes
https://github.com/elastic/kibana/issues/200251\r\n\r\n> [!NOTE] \r\n>
This bug/related fix is only visible with
the\r\n`prebuiltRulesCustomizationEnabled` feature flag turned
on.\r\n\r\nDisables `author` and `license` fields in rule edit form for
prebuilt\r\nrule types as we throw API errors when they are changed from
the\r\nexisting rule value if the rule source is
external.\r\n\r\n\r\n### Screenshots - the same prebuilt rule in the
Rule edit form\r\n**Before**\r\n<img width=\"738\" alt=\"Screenshot
2024-11-26 at 5 32
00 PM\"\r\nsrc=\"https://github.com/user-attachments/assets/6262cdb2-750a-47fb-b6b8-ec07f4acd8aa\">\r\n\r\n\r\n**After**\r\n![Screenshot
2024-12-03 at 3
22\r\n34 PM](https://github.com/user-attachments/assets/bfb4c468-3ea2-4fa0-bd36-a90c32eacce4)\r\n\r\n###
Checklist\r\n\r\nCheck the PR satisfies following conditions.
\r\n\r\nReviewers should verify this PR satisfies this list as
well.\r\n\r\n- [ ] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios","sha":"13fa5259c8df89ff5a27fe0a8214b2eb01d7ed52"}},"sourceBranch":"main","suggestedTargetBranches":["8.17","8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/201887","number":201887,"mergeCommit":{"message":"[Security
Solution] Disables `author` and `license` fields in rule edit form for
prebuilt rule types (#201887)\n\n## Summary\r\n\r\nFixes
https://github.com/elastic/kibana/issues/200251\r\n\r\n> [!NOTE] \r\n>
This bug/related fix is only visible with
the\r\n`prebuiltRulesCustomizationEnabled` feature flag turned
on.\r\n\r\nDisables `author` and `license` fields in rule edit form for
prebuilt\r\nrule types as we throw API errors when they are changed from
the\r\nexisting rule value if the rule source is
external.\r\n\r\n\r\n### Screenshots - the same prebuilt rule in the
Rule edit form\r\n**Before**\r\n<img width=\"738\" alt=\"Screenshot
2024-11-26 at 5 32
00 PM\"\r\nsrc=\"https://github.com/user-attachments/assets/6262cdb2-750a-47fb-b6b8-ec07f4acd8aa\">\r\n\r\n\r\n**After**\r\n![Screenshot
2024-12-03 at 3
22\r\n34 PM](https://github.com/user-attachments/assets/bfb4c468-3ea2-4fa0-bd36-a90c32eacce4)\r\n\r\n###
Checklist\r\n\r\nCheck the PR satisfies following conditions.
\r\n\r\nReviewers should verify this PR satisfies this list as
well.\r\n\r\n- [ ] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios","sha":"13fa5259c8df89ff5a27fe0a8214b2eb01d7ed52"}},{"branch":"8.17","label":"v8.17.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Davis Plumlee <[email protected]>
Co-authored-by: Elastic Machine <[email protected]>

x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_about_rule/index.tsx

@@ -5,14 +5,15 @@
  * 2.0.
  */
 
-import { EuiAccordion, EuiFlexItem, EuiSpacer, EuiFormRow } from '@elastic/eui';
+import { EuiAccordion, EuiFlexItem, EuiSpacer, EuiFormRow, EuiToolTip } from '@elastic/eui';
 import type { FC } from 'react';
 import React, { memo, useCallback, useEffect, useState, useMemo } from 'react';
 import styled from 'styled-components';
 
 import type { DataViewBase } from '@kbn/es-query';
 import type { Severity, Type } from '@kbn/securitysolution-io-ts-alerting-types';
 
+import type { RuleSource } from '../../../../../common/api/detection_engine';
 import { isThreatMatchRule, isEsqlRule } from '../../../../../common/detection_engine/utils';
 import type {
   RuleStepProps,
@@ -55,6 +56,7 @@ interface StepAboutRuleProps extends RuleStepProps {
   timestampOverride: string;
   form: FormHook<AboutStepRule>;
   esqlQuery?: string | undefined;
+  ruleSource?: RuleSource;
 }
 
 interface StepAboutRuleReadOnlyProps {
@@ -85,6 +87,7 @@ const StepAboutRuleComponent: FC<StepAboutRuleProps> = ({
   isLoading,
   form,
   esqlQuery,
+  ruleSource,
 }) => {
   const { data } = useKibana().services;
 
@@ -280,31 +283,51 @@ const StepAboutRuleComponent: FC<StepAboutRuleProps> = ({
               }}
             />
             <EuiSpacer size="l" />
-            <CommonUseField
-              path="author"
-              componentProps={{
-                idAria: 'detectionEngineStepAboutRuleAuthor',
-                'data-test-subj': 'detectionEngineStepAboutRuleAuthor',
-                euiFieldProps: {
-                  fullWidth: true,
-                  isDisabled: isLoading,
-                  placeholder: '',
-                },
-              }}
-            />
+            <EuiToolTip
+              content={
+                ruleSource?.type === 'external'
+                  ? I18n.AUTHOR_IMMUTABLE_FIELD_TOOLTIP_TEXT
+                  : undefined
+              }
+              display="block"
+              position="right"
+            >
+              <CommonUseField
+                path="author"
+                componentProps={{
+                  idAria: 'detectionEngineStepAboutRuleAuthor',
+                  'data-test-subj': 'detectionEngineStepAboutRuleAuthor',
+                  euiFieldProps: {
+                    fullWidth: true,
+                    isDisabled: isLoading || ruleSource?.type === 'external', // We don't allow "author" customization if this is a prebuilt rule
+                    placeholder: '',
+                  },
+                }}
+              />
+            </EuiToolTip>
             <EuiSpacer size="l" />
-            <CommonUseField
-              path="license"
-              componentProps={{
-                idAria: 'detectionEngineStepAboutRuleLicense',
-                'data-test-subj': 'detectionEngineStepAboutRuleLicense',
-                euiFieldProps: {
-                  fullWidth: true,
-                  disabled: isLoading,
-                  placeholder: '',
-                },
-              }}
-            />
+            <EuiToolTip
+              content={
+                ruleSource?.type === 'external'
+                  ? I18n.LICENSE_IMMUTABLE_FIELD_TOOLTIP_TEXT
+                  : undefined
+              }
+              display="block"
+              position="right"
+            >
+              <CommonUseField
+                path="license"
+                componentProps={{
+                  idAria: 'detectionEngineStepAboutRuleLicense',
+                  'data-test-subj': 'detectionEngineStepAboutRuleLicense',
+                  euiFieldProps: {
+                    fullWidth: true,
+                    disabled: isLoading || ruleSource?.type === 'external', // We don't allow "license" customization if this is a prebuilt rule
+                    placeholder: '',
+                  },
+                }}
+              />
+            </EuiToolTip>
             <EuiSpacer size="l" />
             <EuiFormRow label={I18n.GLOBAL_ENDPOINT_EXCEPTION_LIST} fullWidth>
               <CommonUseField

x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_about_rule/translations.ts

@@ -97,3 +97,17 @@ export const ADD_RULE_SETUP_HELP_TEXT = i18n.translate(
     defaultMessage: 'Add rule setup guide...',
   }
 );
+
+export const AUTHOR_IMMUTABLE_FIELD_TOOLTIP_TEXT = i18n.translate(
+  'xpack.securitySolution.detectionEngine.createRule.stepAboutrule.authorImmutableFieldTooltipText',
+  {
+    defaultMessage: 'Author is not editable for Elastic rules',
+  }
+);
+
+export const LICENSE_IMMUTABLE_FIELD_TOOLTIP_TEXT = i18n.translate(
+  'xpack.securitySolution.detectionEngine.createRule.stepAboutrule.licenseImmutableFieldTooltipText',
+  {
+    defaultMessage: 'License is not editable for Elastic rules',
+  }
+);

x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_editing/index.tsx

@@ -278,6 +278,7 @@ const EditRulePageComponent: FC<{ rule: RuleResponse }> = ({ rule }) => {
                   form={aboutStepForm}
                   esqlQuery={esqlQueryForAboutStep}
                   key="aboutStep"
+                  ruleSource={rule.rule_source}
                 />
               )}
               <EuiSpacer />
@@ -343,6 +344,7 @@ const EditRulePageComponent: FC<{ rule: RuleResponse }> = ({ rule }) => {
     [
       isPrebuiltRulesCustomizationEnabled,
       rule?.immutable,
+      rule.rule_source,
       rule?.id,
       activeStep,
       loading,