Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Detections] Add bulk rule action for manual rule run (#9653) #186293

Merged
merged 17 commits into from
Jun 27, 2024
Merged

[Security Solution][Detections] Add bulk rule action for manual rule run (#9653) #186293

merged 17 commits into from
Jun 27, 2024

Conversation

e40pud
Copy link
Contributor

@e40pud e40pud commented Jun 17, 2024
edited
Loading

Main ticket https://github.com/elastic/security-team/issues/9653

With this changes we introduce a new bulk action which allows to schedule backfill for multiple rules.

NOTES:

  • To be able to test these changes, you need to enable feature flag manualRuleRunEnabled first

RECORDING:

Screen.Recording.2024-06-17.at.15.19.11.mov

Checklist

Delete any items that are not applicable to this PR.

@e40pud e40pud added Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. release_note:feature Makes this part of the condensed release notes Team:Detection Engine Security Solution Detection Engine Area labels Jun 17, 2024
@e40pud e40pud self-assigned this Jun 17, 2024
@e40pud
Copy link
Contributor Author

e40pud commented Jun 17, 2024

/ci

@e40pud
Fixing type check error
39e3f1c 
TS7056: The inferred type of this node exceeds the maximum length the compiler will serialize. An explicit type annotation is needed.

https://buildkite.com/elastic/kibana-pull-request/builds/216105
@e40pud
Copy link
Contributor Author

e40pud commented Jun 18, 2024

/ci

@e40pud
Copy link
Contributor Author

e40pud commented Jun 18, 2024

/ci

@e40pud
Copy link
Contributor Author

e40pud commented Jun 19, 2024

@elasticmachine merge upstream

@e40pud
Copy link
Contributor Author

e40pud commented Jun 19, 2024

/ci

@e40pud
Copy link
Contributor Author

e40pud commented Jun 19, 2024

@elasticmachine merge upstream

@e40pud
Copy link
Contributor Author

e40pud commented Jun 19, 2024

/ci

@e40pud
Copy link
Contributor Author

e40pud commented Jun 19, 2024

@elasticmachine merge upstream

@e40pud
Copy link
Contributor Author

e40pud commented Jun 19, 2024

/ci

@e40pud e40pud marked this pull request as ready for review June 19, 2024 15:26
@e40pud e40pud requested review from a team as code owners June 19, 2024 15:26
@e40pud e40pud requested review from nkhristinin and jpdjere June 19, 2024 15:26
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-engine (Team:Detection Engine)

@kibanamachine
Copy link
Contributor

Flaky Test Runner Stats

🎉 All tests passed! - kibana-flaky-test-suite-runner#6356

[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_gaps/trial_license_complete_tier/configs/ess.config.ts: 100/100 tests passed.
[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_gaps/trial_license_complete_tier/configs/serverless.config.ts: 100/100 tests passed.

see run history

@kibanamachine
Copy link
Contributor

Flaky Test Runner Stats

🎉 All tests passed! - kibana-flaky-test-suite-runner#6357

[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/configs/ess.config.ts: 100/100 tests passed.
[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/configs/serverless.config.ts: 100/100 tests passed.

see run history

@e40pud
Copy link
Contributor Author

e40pud commented Jun 27, 2024

@elasticmachine merge upstream

kibanamachine and others added 7 commits June 27, 2024 17:04
@kibanamachine
Merge branch 'main' into security/feature/9653-bulk-backfill
a9e021c
@e40pud
Review feedback
e728c49 
- use "bulk edit action" path for manual rule run action
- adjust error handling to new backfill API error format
- update messages to use "manual rule run" instead of "schedule backfile"
@e40pud
Remove redundant changes
7093102
@e40pud
Remove redundant changes
44d9e58
@e40pud
Remove redundant changes
133ce2d
@e40pud
Update error messages
1aca804
@e40pud
Update cypress tests
4cb2909
@e40pud e40pud requested review from nkhristinin and jpdjere June 27, 2024 10:45
@kibanamachine
Copy link
Contributor

Flaky Test Runner Stats

🎉 All tests passed! - kibana-flaky-test-suite-runner#6412

[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_gaps/trial_license_complete_tier/configs/ess.config.ts: 100/100 tests passed.
[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_gaps/trial_license_complete_tier/configs/serverless.config.ts: 100/100 tests passed.

see run history

nkhristinin
nkhristinin approved these changes Jun 27, 2024
View reviewed changes
Copy link
Contributor

@nkhristinin nkhristinin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, this is great feature!

@kibanamachine
Copy link
Contributor

Flaky Test Runner Stats

🎉 All tests passed! - kibana-flaky-test-suite-runner#6413

[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/configs/ess.config.ts: 100/100 tests passed.
[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/configs/serverless.config.ts: 100/100 tests passed.

see run history

jpdjere
jpdjere reviewed Jun 27, 2024
View reviewed changes
...cypress/cypress/e2e/detection_response/detection_engine/rule_gaps/bulk_manual_rule_run.cy.ts
scheduleManualRuleRunForSelectedRules(enabledCount, disabledCount);

cy.contains(TOASTER_BODY, `Successfully scheduled manual rule run for ${enabledCount} rule`);
});
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we missing an assertion here that checks that there's a warning about disabled rules?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is done within scheduleManualRuleRunForSelectedRules method. We pass disabledCount and if it is > 0 thats we show and handle warning modal.

jpdjere
jpdjere approved these changes Jun 27, 2024
View reviewed changes
Copy link
Contributor

@jpdjere jpdjere left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 🚀 Thanks for working on this, hugely desired feature.

Thanks as well for implementing our suggestions on reusing performBulkAction, I think the PR looks much more concise now and there's much less new code.

Left a couple nits and typo warnings, but 👍 💯

@kibana-ci
Copy link
Collaborator

💛 Build succeeded, but was flaky

Failed CI Steps

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 5533 5534 +1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 14.1MB 14.1MB +16.2KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
securitySolution 83.4KB 83.6KB +201.0B

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @e40pud

@e40pud e40pud merged commit 66f36af into elastic:main Jun 27, 2024
36 checks passed
@kibanamachine kibanamachine added v8.15.0 backport:skip This commit does not require backporting labels Jun 27, 2024
@kibanamachine
Copy link
Contributor

Flaky Test Runner Stats

🎉 All tests passed! - kibana-flaky-test-suite-runner#6410

[✅] Security Solution Rule Management - Cypress: 100/100 tests passed.
[✅] [Serverless] Security Solution Rule Management - Cypress: 100/100 tests passed.

see run history

@kibanamachine
Copy link
Contributor

Flaky Test Runner Stats

🟠 Some tests failed. - kibana-flaky-test-suite-runner#6411

[✅] Security Solution Detection Engine - Cypress: 100/100 tests passed.
[❌] [Serverless] Security Solution Detection Engine - Cypress: 75/100 tests passed.

see run history

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nkhristinin nkhristinin nkhristinin approved these changes

@jpdjere jpdjere jpdjere approved these changes

Assignees

@e40pud e40pud

Labels
backport:skip This commit does not require backporting release_note:feature Makes this part of the condensed release notes Team:Detection Engine Security Solution Detection Engine Area Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.15.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@e40pud @elasticmachine @kibanamachine @kibana-ci @jpdjere @nkhristinin