[Security Solution] Allow users to edit related_integrations field for custom rules

packages/kbn-doc-links/src/get_doc_links.ts

@@ -480,6 +480,7 @@ export const getDocLinks = ({ kibanaBranch, buildFlavor }: GetDocLinkOptions): D
       privileges: `${SECURITY_SOLUTION_DOCS}endpoint-management-req.html`,
       manageDetectionRules: `${SECURITY_SOLUTION_DOCS}rules-ui-management.html`,
       createEsqlRuleType: `${SECURITY_SOLUTION_DOCS}rules-ui-create.html#create-esql-rule`,
+      ruleUiAdvancedParams: `${SECURITY_SOLUTION_DOCS}rules-ui-create.html#rule-ui-advanced-params`,
       entityAnalytics: {
         riskScorePrerequisites: `${SECURITY_SOLUTION_DOCS}ers-requirements.html`,
         hostRiskScore: `${SECURITY_SOLUTION_DOCS}host-risk-score.html`,

packages/kbn-doc-links/src/types.ts

@@ -355,6 +355,7 @@ export interface DocLinks {
     readonly privileges: string;
     readonly manageDetectionRules: string;
     readonly createEsqlRuleType: string;
+    readonly ruleUiAdvancedParams: string;
     readonly entityAnalytics: {
       readonly riskScorePrerequisites: string;
       readonly hostRiskScore: string;

x-pack/plugins/security_solution/common/api/detection_engine/fleet_integrations/get_all_integrations/get_all_integrations_route.ts

@@ -0,0 +1,12 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { Integration } from '../model/integrations';
+
+export interface GetAllIntegrationsResponse {
+  integrations: Integration[];
+}

x-pack/plugins/security_solution/common/api/detection_engine/fleet_integrations/index.ts

@@ -5,7 +5,10 @@
  * 2.0.
  */
 
+export * from './get_all_integrations/get_all_integrations_route';
+
 export * from './get_installed_integrations/get_installed_integrations_route';
 export * from './urls';
 
+export * from './model/integrations';
 export * from './model/installed_integrations';

x-pack/plugins/security_solution/common/api/detection_engine/fleet_integrations/model/integrations.ts

@@ -0,0 +1,101 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+// -------------------------------------------------------------------------------------------------
+// Fleet Package Integration
+
+/**
+ * Information about a Fleet integration including info about its package.
+ *
+ * @example
+ * {
+ *   package_name: 'aws',
+ *   package_title: 'AWS',
+ *   integration_name: 'cloudtrail',
+ *   integration_title: 'AWS CloudTrail',
+ *   latest_package_version: '1.2.3',
+ *   is_installed: false
+ *   is_enabled: false
+ * }
+ *
+ * @example
+ * {
+ *   package_name: 'aws',
+ *   package_title: 'AWS',
+ *   integration_name: 'cloudtrail',
+ *   integration_title: 'AWS CloudTrail',
+ *   latest_package_version: '1.16.1',
+ *   installed_package_version: '1.16.1',
+ *   is_installed: true
+ *   is_enabled: false
+ * }
+ *
+ * @example
+ * {
+ *   package_name: 'system',
+ *   package_title: 'System',
+ *   latest_package_version: '2.0.1',
+ *   installed_package_version: '1.13.0',
+ *   is_installed: true
+ *   is_enabled: true
+ * }
+ *
+ */
+export interface Integration {
+  /**
+   * Name is a unique package id within a given cluster.
+   * There can't be 2 or more different packages with the same name.
+   * @example 'aws'
+   */
+  package_name: string;
+
+  /**
+   * Title is a user-friendly name of the package that we show in the UI.
+   * @example 'AWS'
+   */
+  package_title: string;
+
+  /**
+   * Whether the package is installed
+   */
+  is_installed: boolean;
+
+  /**
+   * Whether this integration is enabled
+   */
+  is_enabled: boolean;
+
+  /**
+   * Version of the latest available package. Semver-compatible.
+   * @example '1.2.3'
+   */
+  latest_package_version: string;
+
+  /**
+   * Version of the installed package. Semver-compatible.
+   * @example '1.2.3'
+   */
+  installed_package_version?: string;
+
+  /**
+   * Name identifies an integration within its package.
+   * Undefined when package name === integration name. This indicates that it's the only integration
+   * within this package.
+   * @example 'cloudtrail'
+   * @example undefined
+   */
+  integration_name?: string;
+
+  /**
+   * Title is a user-friendly name of the integration that we show in the UI.
+   * Undefined when package name === integration name. This indicates that it's the only integration
+   * within this package.
+   * @example 'AWS CloudTrail'
+   * @example undefined
+   */
+  integration_title?: string;
+}

x-pack/plugins/security_solution/common/api/detection_engine/fleet_integrations/urls.ts

@@ -7,5 +7,7 @@
 
 import { INTERNAL_DETECTION_ENGINE_URL as INTERNAL_URL } from '../../../constants';
 
+export const GET_ALL_INTEGRATIONS_URL = `${INTERNAL_URL}/fleet/integrations/all` as const;
+
 export const GET_INSTALLED_INTEGRATIONS_URL =
   `${INTERNAL_URL}/fleet/integrations/installed` as const;

x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/rule_schemas.gen.ts

@@ -53,11 +53,11 @@ import {
   MaxSignals,
   ThreatArray,
   SetupGuide,
+  RelatedIntegrationArray,
   RuleObjectId,
   RuleSignatureId,
   IsRuleImmutable,
   RuleSource,
-  RelatedIntegrationArray,
   RequiredFieldArray,
   RuleQuery,
   IndexPatternArray,
@@ -136,6 +136,7 @@ export const BaseDefaultableFields = z.object({
   max_signals: MaxSignals.optional(),
   threat: ThreatArray.optional(),
   setup: SetupGuide.optional(),
+  related_integrations: RelatedIntegrationArray.optional(),
 });
 
 export type BaseCreateProps = z.infer<typeof BaseCreateProps>;
@@ -163,7 +164,6 @@ export const ResponseFields = z.object({
   created_at: z.string().datetime(),
   created_by: z.string(),
   revision: z.number().int().min(0),
-  related_integrations: RelatedIntegrationArray,
   required_fields: RequiredFieldArray,
   execution_summary: RuleExecutionSummary.optional(),
 });

x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/rule_schemas.schema.yaml

@@ -131,6 +131,9 @@ components:
         setup:
           $ref: './common_attributes.schema.yaml#/components/schemas/SetupGuide'
 
+        related_integrations:
+          $ref: './common_attributes.schema.yaml#/components/schemas/RelatedIntegrationArray'
+
     BaseCreateProps:
       x-inline: true
       allOf:
@@ -178,13 +181,11 @@ components:
         revision:
           type: integer
           minimum: 0
-        # NOTE: For now, Related Integrations and Required Fields are
+        # NOTE: For now, Required Fields are
         # supported for prebuilt rules only. We don't want to allow users to edit these 3
         # fields via the API. If we added them to baseParams.defaultable, they would
         # become a part of the request schema as optional fields. This is why we add them
         # here, in order to add them only to the response schema.
-        related_integrations:
-          $ref: './common_attributes.schema.yaml#/components/schemas/RelatedIntegrationArray'
         required_fields:
           $ref: './common_attributes.schema.yaml#/components/schemas/RequiredFieldArray'
         execution_summary:

x-pack/plugins/security_solution/public/common/mock/create_react_query_wrapper.tsx

@@ -0,0 +1,25 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
+
+export function createReactQueryWrapper(): React.FC {
+  const queryClient = new QueryClient({
+    defaultOptions: {
+      queries: {
+        // Turn retries off, otherwise we won't be able to test errors
+        retry: false,
+      },
+    },
+  });
+
+  // eslint-disable-next-line react/display-name
+  return ({ children }) => (
+    <QueryClientProvider client={queryClient}>{children}</QueryClientProvider>
+  );
+}

x-pack/plugins/security_solution/public/common/mock/index.ts

@@ -19,3 +19,4 @@ export * from './test_providers';
 export * from './timeline_results';
 export * from './utils';
 export * from './create_store';
+export * from './create_react_query_wrapper';

x-pack/plugins/security_solution/public/detection_engine/fleet_integrations/api/__mocks__/api_client.ts

@@ -5,13 +5,49 @@
  * 2.0.
  */
 
-import type { GetInstalledIntegrationsResponse } from '../../../../../common/api/detection_engine/fleet_integrations';
 import type {
+  GetAllIntegrationsResponse,
+  GetInstalledIntegrationsResponse,
+} from '../../../../../common/api/detection_engine/fleet_integrations';
+import type {
+  FetchAllIntegrationsArgs,
   FetchInstalledIntegrationsArgs,
   IFleetIntegrationsApiClient,
 } from '../api_client_interface';
 
 export const fleetIntegrationsApi: jest.Mocked<IFleetIntegrationsApiClient> = {
+  fetchAllIntegrations: jest
+    .fn<Promise<GetAllIntegrationsResponse>, [FetchAllIntegrationsArgs]>()
+    .mockResolvedValue({
+      integrations: [
+        {
+          package_name: 'o365',
+          package_title: 'Microsoft 365',
+          latest_package_version: '1.2.0',
+          installed_package_version: '1.0.0',
+          is_installed: false,
+          is_enabled: false,
+        },
+        {
+          package_name: 'atlassian_bitbucket',
+          package_title: 'Atlassian Bitbucket',
+          latest_package_version: '1.0.1',
+          installed_package_version: '1.0.1',
+          integration_name: 'audit',
+          integration_title: 'Audit Logs',
+          is_installed: true,
+          is_enabled: true,
+        },
+        {
+          package_name: 'system',
+          package_title: 'System',
+          latest_package_version: '1.6.4',
+          installed_package_version: '1.6.4',
+          is_installed: true,
+          is_enabled: true,
+        },
+      ],
+    }),
   fetchInstalledIntegrations: jest
     .fn<Promise<GetInstalledIntegrationsResponse>, [FetchInstalledIntegrationsArgs]>()
     .mockResolvedValue({

x-pack/plugins/security_solution/public/detection_engine/fleet_integrations/api/api_client.ts

@@ -5,16 +5,31 @@
  * 2.0.
  */
 
-import type { GetInstalledIntegrationsResponse } from '../../../../common/api/detection_engine/fleet_integrations';
-import { GET_INSTALLED_INTEGRATIONS_URL } from '../../../../common/api/detection_engine/fleet_integrations';
+import type {
+  GetAllIntegrationsResponse,
+  GetInstalledIntegrationsResponse,
+} from '../../../../common/api/detection_engine/fleet_integrations';
+import {
+  GET_ALL_INTEGRATIONS_URL,
+  GET_INSTALLED_INTEGRATIONS_URL,
+} from '../../../../common/api/detection_engine/fleet_integrations';
 import { KibanaServices } from '../../../common/lib/kibana';
 
 import type {
+  FetchAllIntegrationsArgs,
   FetchInstalledIntegrationsArgs,
   IFleetIntegrationsApiClient,
 } from './api_client_interface';
 
 export const fleetIntegrationsApi: IFleetIntegrationsApiClient = {
+  fetchAllIntegrations: (args: FetchAllIntegrationsArgs): Promise<GetAllIntegrationsResponse> => {
+    return http().fetch<GetAllIntegrationsResponse>(GET_ALL_INTEGRATIONS_URL, {
+      method: 'GET',
+      version: '1',
+      signal: args.signal,
+    });
+  },
+
   fetchInstalledIntegrations: (
     args: FetchInstalledIntegrationsArgs
   ): Promise<GetInstalledIntegrationsResponse> => {

x-pack/plugins/security_solution/public/detection_engine/fleet_integrations/api/api_client_interface.ts

@@ -5,9 +5,19 @@
  * 2.0.
  */
 
-import type { GetInstalledIntegrationsResponse } from '../../../../common/api/detection_engine/fleet_integrations';
+import type {
+  GetInstalledIntegrationsResponse,
+  GetAllIntegrationsResponse,
+} from '../../../../common/api/detection_engine/fleet_integrations';
 
 export interface IFleetIntegrationsApiClient {
+  /**
+   * Fetch all integrations with installed and enabled statuses
+   *
+   * @throws An error if response is not OK
+   */
+  fetchAllIntegrations(args: FetchAllIntegrationsArgs): Promise<GetAllIntegrationsResponse>;
+
   /**
    * Fetch all installed integrations.
    * @throws An error if response is not OK
@@ -17,6 +27,13 @@ export interface IFleetIntegrationsApiClient {
   ): Promise<GetInstalledIntegrationsResponse>;
 }
 
+export interface FetchAllIntegrationsArgs {
+  /**
+   * Optional signal for cancelling the request.
+   */
+  signal?: AbortSignal;
+}
+
 export interface FetchInstalledIntegrationsArgs {
   /**
    * Array of Fleet packages to filter for.

x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/related_integrations/default_related_integration.ts

@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const DEFAULT_RELATED_INTEGRATION = { package: '', version: '' };

x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/related_integrations/index.ts

@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { RelatedIntegrations } from './related_integrations';