[Security Solution] Adds UI support for filtering by rule source customization #197340
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dplumlee
added
release_note:skip
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
|
I just started reviewing the PR and noticed an inconsistency in how we refer to customized rules. On the rule details page, we label them "Customized": On the rule table, we label them "Modified": I think we should use consistent naming across different pages. I’m fine with either term, let’s just pick one and stick with it. |
|
@dplumlee, the ticked description also mentions:
Should it also be implemented in this PR? |
xcrzx
reviewed
Nov 1, 2024
x-pack/plugins/security_solution/public/detection_engine/rule_management/logic/types.ts
Outdated
Show resolved
Hide resolved
...components/rules_table/upgrade_prebuilt_rules_table/upgrade_prebuilt_rules_table_filters.tsx
Outdated
Show resolved
Hide resolved
x-pack/plugins/security_solution/public/detection_engine/rule_management/logic/types.ts
Outdated
Show resolved
Hide resolved
...i/components/rules_table/upgrade_prebuilt_rules_table/upgrade_rule_source_filter_popover.tsx
Outdated
Show resolved
Hide resolved
@xcrzx That's a good point, I would agree. I think the badge was added before we recently changed some of the language we were using, @ARWNightingale / @approksiu should we be using "Modified" or "Customized" to refer to the customized prebuilt rules in the UI |
The most recent naming is "modified" - let's use it, good catch! |
|
Hey @approksiu, we've been using the word "customized" and "customization" all over the place - in tickets, PR descriptions, code, API contracts, and even the data we store in Elasticsearch in rule saved objects. Any good reason we should divert from it in favor of "modified"? If we do it, we will need to update the existing terminology everywhere, except the already closed issues. Renaming the |
We only need to change the badge on the Rule details page to "modified", no need to change "customized" naming in code. The "Modified" badge is the interim solution till we have faceted filters and an additional indication of modified/customized fields on the rule page/flyout. cc @dplumlee @xcrzx @banderror |
|
The above sounds good to me, we discussed this with @approksiu offline too. |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
|
Starting backport for target branches: 8.x |
💚 Build Succeeded
Metrics [docs]Module Count
Async chunks
History
cc @dplumlee |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Nov 6, 2024
…omization (elastic#197340) ## Summary Addresses elastic#180169 > [!NOTE] > Feature is behind the `prebuiltRulesCustomizationEnabled` feature flag. Adds a filter for prebuilt rules in the Update rules table for "Modified" and "Unmodified" rules. Also adds a badge column in the Rules table to display whether a prebuilt rule has been customized or not. Also switches the "Customized Elastic rule" badge on the rule details page to align with the updated language of "_Modified_ Elastic rule" ### Screenshots #### Modified badge in Rules table  #### Modification filter dropdown on Rule update page <img width="1479" alt="Screenshot 2024-10-24 at 11 46 26 AM" src="https://github.com/user-attachments/assets/82715abe-6ff6-4ba6-97b3-6fab9f42069e"> #### New "customized rule" badge language on Rule details page  ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels) - [ ] This will appear in the **Release Notes** and follow the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Elastic Machine <[email protected]> (cherry picked from commit f740d95)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Nov 7, 2024
…e customization (#197340) (#199217) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] Adds UI support for filtering by rule source customization (#197340)](#197340) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Davis Plumlee","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-06T19:51:25Z","message":"[Security Solution] Adds UI support for filtering by rule source customization (#197340)\n\n## Summary\r\n\r\nAddresses https://github.com/elastic/kibana/issues/180169\r\n\r\n> [!NOTE] \r\n> Feature is behind the `prebuiltRulesCustomizationEnabled` feature\r\nflag.\r\n\r\nAdds a filter for prebuilt rules in the Update rules table for\r\n\"Modified\" and \"Unmodified\" rules. Also adds a badge column in the Rules\r\ntable to display whether a prebuilt rule has been customized or not.\r\n\r\nAlso switches the \"Customized Elastic rule\" badge on the rule details\r\npage to align with the updated language of \"_Modified_ Elastic rule\"\r\n\r\n### Screenshots\r\n\r\n#### Modified badge in Rules table\r\n\r\n\r\n#### Modification filter dropdown on Rule update page\r\n<img width=\"1479\" alt=\"Screenshot 2024-10-24 at 11 46 26 AM\"\r\nsrc=\"https://github.com/user-attachments/assets/82715abe-6ff6-4ba6-97b3-6fab9f42069e\">\r\n\r\n#### New \"customized rule\" badge language on Rule details page\r\n\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x] Any UI touched in this PR is usable by keyboard only (learn more\r\nabout [keyboard accessibility](https://webaim.org/techniques/keyboard/))\r\n\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)\r\n- [ ] This will appear in the **Release Notes** and follow the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"f740d953c7c624ddc26e1bef7a88dd9bb901a451","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v8.17.0"],"title":"[Security Solution] Adds UI support for filtering by rule source customization","number":197340,"url":"https://github.com/elastic/kibana/pull/197340","mergeCommit":{"message":"[Security Solution] Adds UI support for filtering by rule source customization (#197340)\n\n## Summary\r\n\r\nAddresses https://github.com/elastic/kibana/issues/180169\r\n\r\n> [!NOTE] \r\n> Feature is behind the `prebuiltRulesCustomizationEnabled` feature\r\nflag.\r\n\r\nAdds a filter for prebuilt rules in the Update rules table for\r\n\"Modified\" and \"Unmodified\" rules. Also adds a badge column in the Rules\r\ntable to display whether a prebuilt rule has been customized or not.\r\n\r\nAlso switches the \"Customized Elastic rule\" badge on the rule details\r\npage to align with the updated language of \"_Modified_ Elastic rule\"\r\n\r\n### Screenshots\r\n\r\n#### Modified badge in Rules table\r\n\r\n\r\n#### Modification filter dropdown on Rule update page\r\n<img width=\"1479\" alt=\"Screenshot 2024-10-24 at 11 46 26 AM\"\r\nsrc=\"https://github.com/user-attachments/assets/82715abe-6ff6-4ba6-97b3-6fab9f42069e\">\r\n\r\n#### New \"customized rule\" badge language on Rule details page\r\n\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x] Any UI touched in this PR is usable by keyboard only (learn more\r\nabout [keyboard accessibility](https://webaim.org/techniques/keyboard/))\r\n\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)\r\n- [ ] This will appear in the **Release Notes** and follow the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"f740d953c7c624ddc26e1bef7a88dd9bb901a451"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/197340","number":197340,"mergeCommit":{"message":"[Security Solution] Adds UI support for filtering by rule source customization (#197340)\n\n## Summary\r\n\r\nAddresses https://github.com/elastic/kibana/issues/180169\r\n\r\n> [!NOTE] \r\n> Feature is behind the `prebuiltRulesCustomizationEnabled` feature\r\nflag.\r\n\r\nAdds a filter for prebuilt rules in the Update rules table for\r\n\"Modified\" and \"Unmodified\" rules. Also adds a badge column in the Rules\r\ntable to display whether a prebuilt rule has been customized or not.\r\n\r\nAlso switches the \"Customized Elastic rule\" badge on the rule details\r\npage to align with the updated language of \"_Modified_ Elastic rule\"\r\n\r\n### Screenshots\r\n\r\n#### Modified badge in Rules table\r\n\r\n\r\n#### Modification filter dropdown on Rule update page\r\n<img width=\"1479\" alt=\"Screenshot 2024-10-24 at 11 46 26 AM\"\r\nsrc=\"https://github.com/user-attachments/assets/82715abe-6ff6-4ba6-97b3-6fab9f42069e\">\r\n\r\n#### New \"customized rule\" badge language on Rule details page\r\n\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x] Any UI touched in this PR is usable by keyboard only (learn more\r\nabout [keyboard accessibility](https://webaim.org/techniques/keyboard/))\r\n\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)\r\n- [ ] This will appear in the **Release Notes** and follow the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"f740d953c7c624ddc26e1bef7a88dd9bb901a451"}},{"branch":"8.x","label":"v8.17.0","branchLabelMappingKey":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> --------- Co-authored-by: Davis Plumlee <[email protected]> Co-authored-by: Davis Plumlee <[email protected]>
mgadewoll
pushed a commit
to mgadewoll/kibana
that referenced
this pull request
Nov 7, 2024
…omization (elastic#197340) ## Summary Addresses elastic#180169 > [!NOTE] > Feature is behind the `prebuiltRulesCustomizationEnabled` feature flag. Adds a filter for prebuilt rules in the Update rules table for "Modified" and "Unmodified" rules. Also adds a badge column in the Rules table to display whether a prebuilt rule has been customized or not. Also switches the "Customized Elastic rule" badge on the rule details page to align with the updated language of "_Modified_ Elastic rule" ### Screenshots #### Modified badge in Rules table  #### Modification filter dropdown on Rule update page <img width="1479" alt="Screenshot 2024-10-24 at 11 46 26 AM" src="https://github.com/user-attachments/assets/82715abe-6ff6-4ba6-97b3-6fab9f42069e"> #### New "customized rule" badge language on Rule details page  ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels) - [ ] This will appear in the **Release Notes** and follow the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Elastic Machine <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Addresses #180169
Note
Feature is behind the
prebuiltRulesCustomizationEnabledfeature flag.Adds a filter for prebuilt rules in the Update rules table for "Modified" and "Unmodified" rules. Also adds a badge column in the Rules table to display whether a prebuilt rule has been customized or not.
Also switches the "Customized Elastic rule" badge on the rule details page to align with the updated language of "Modified Elastic rule"
Screenshots
Modified badge in Rules table
Modification filter dropdown on Rule update page
New "customized rule" badge language on Rule details page
Checklist
Delete any items that are not applicable to this PR.
For maintainers