Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] FinalEdit: Add fields that are common for all rule types (PR 1) #196326

Closed

Conversation

nikitaindik
Copy link
Contributor

@nikitaindik nikitaindik commented Oct 15, 2024

Partially addresses: #171520

This is a first of two PRs that adds common editable fields. Decided to split in two PRs for ease of code review.

Summary

Make the following fields editable in ThreeWayDiff UI:

  • description
  • false_positives
  • investigation_fields
  • references
  • tags
Scherm­afbeelding 2024-10-16 om 17 32 06

@nikitaindik nikitaindik added release_note:skip Skip the PR/issue when compiling release notes Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Detection Rule Management Security Detection Rule Management Team Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area backport:prev-minor Backport to (8.x) the previous minor version (i.e. one version back from main) labels Oct 15, 2024
@nikitaindik nikitaindik self-assigned this Oct 15, 2024
@nikitaindik nikitaindik changed the title [Security Solution] FinalEdit: Add fields that are common for all rule types [Security Solution] FinalEdit: Add fields that are common for all rule types (PR 1) Oct 16, 2024
@nikitaindik nikitaindik marked this pull request as ready for review October 16, 2024 15:36
@nikitaindik nikitaindik requested a review from a team as a code owner October 16, 2024 15:36
@nikitaindik nikitaindik requested a review from dplumlee October 16, 2024 15:36
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

@elasticmachine
Copy link
Contributor

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] Jest Tests #18 / useSetupTechnology should revert the agent policy name to the original value when switching from agentless back to agent-based

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 6038 6044 +6

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 20.7MB 20.7MB +2.1KB

History

cc @nikitaindik

@nikitaindik
Copy link
Contributor Author

Closing in favour of #196642. All the changes from this PR will be included there.

maximpn pushed a commit that referenced this pull request Nov 12, 2024
…ule types (#196642)

**Partially addresses: #171520
**Is a follow-up to: #196326

This PR enables editing of common fields in the new "Updates" tab of the rule upgrade flyout. The common fields are fields applicable to all rule types.

## Summary
These fields are editable now:
 - `building_block`
 - `description`
 - `false_positives`
 - `investigation_fields`
 - `max_signals`
 - `note`
 - `references`
 - `related_integrations`
 - `required_fields`
 - `risk_score`
 - `risk_score_mapping`
 - `rule_name_override`
 - `rule_schedule`
 - `setup`
 - `severity`
 - `severity_mapping`
 - `tags`
 - `threat`
 - `timeline_template`
 - `timestamp_override`

<img width="2672" alt="Scherm­afbeelding 2024-10-16 om 17 32 06" src="https://github.com/user-attachments/assets/6dd615e2-6e84-4e1f-b674-f42d03f575e7">

### Testing
 - Ensure the `prebuiltRulesCustomizationEnabled` feature flag is enabled.
 - To simulate the availability of prebuilt rule upgrades, downgrade a currently installed prebuilt rule using the `PATCH api/detection_engine/rules` API. 
   - Set `version: 1` in the request body to downgrade it to version 1.
   - Modify other rule fields in the request body as needed to test the changes.
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Nov 12, 2024
…ule types (elastic#196642)

**Partially addresses: elastic#171520
**Is a follow-up to: elastic#196326

This PR enables editing of common fields in the new "Updates" tab of the rule upgrade flyout. The common fields are fields applicable to all rule types.

## Summary
These fields are editable now:
 - `building_block`
 - `description`
 - `false_positives`
 - `investigation_fields`
 - `max_signals`
 - `note`
 - `references`
 - `related_integrations`
 - `required_fields`
 - `risk_score`
 - `risk_score_mapping`
 - `rule_name_override`
 - `rule_schedule`
 - `setup`
 - `severity`
 - `severity_mapping`
 - `tags`
 - `threat`
 - `timeline_template`
 - `timestamp_override`

<img width="2672" alt="Scherm­afbeelding 2024-10-16 om 17 32 06" src="https://github.com/user-attachments/assets/6dd615e2-6e84-4e1f-b674-f42d03f575e7">

### Testing
 - Ensure the `prebuiltRulesCustomizationEnabled` feature flag is enabled.
 - To simulate the availability of prebuilt rule upgrades, downgrade a currently installed prebuilt rule using the `PATCH api/detection_engine/rules` API.
   - Set `version: 1` in the request body to downgrade it to version 1.
   - Modify other rule fields in the request body as needed to test the changes.

(cherry picked from commit 3d3b32f)
tkajtoch pushed a commit to tkajtoch/kibana that referenced this pull request Nov 12, 2024
…ule types (elastic#196642)

**Partially addresses: elastic#171520
**Is a follow-up to: elastic#196326

This PR enables editing of common fields in the new "Updates" tab of the rule upgrade flyout. The common fields are fields applicable to all rule types.

## Summary
These fields are editable now:
 - `building_block`
 - `description`
 - `false_positives`
 - `investigation_fields`
 - `max_signals`
 - `note`
 - `references`
 - `related_integrations`
 - `required_fields`
 - `risk_score`
 - `risk_score_mapping`
 - `rule_name_override`
 - `rule_schedule`
 - `setup`
 - `severity`
 - `severity_mapping`
 - `tags`
 - `threat`
 - `timeline_template`
 - `timestamp_override`

<img width="2672" alt="Scherm­afbeelding 2024-10-16 om 17 32 06" src="https://github.com/user-attachments/assets/6dd615e2-6e84-4e1f-b674-f42d03f575e7">

### Testing
 - Ensure the `prebuiltRulesCustomizationEnabled` feature flag is enabled.
 - To simulate the availability of prebuilt rule upgrades, downgrade a currently installed prebuilt rule using the `PATCH api/detection_engine/rules` API. 
   - Set `version: 1` in the request body to downgrade it to version 1.
   - Modify other rule fields in the request body as needed to test the changes.
CAWilson94 pushed a commit to CAWilson94/kibana that referenced this pull request Nov 18, 2024
…ule types (elastic#196642)

**Partially addresses: elastic#171520
**Is a follow-up to: elastic#196326

This PR enables editing of common fields in the new "Updates" tab of the rule upgrade flyout. The common fields are fields applicable to all rule types.

## Summary
These fields are editable now:
 - `building_block`
 - `description`
 - `false_positives`
 - `investigation_fields`
 - `max_signals`
 - `note`
 - `references`
 - `related_integrations`
 - `required_fields`
 - `risk_score`
 - `risk_score_mapping`
 - `rule_name_override`
 - `rule_schedule`
 - `setup`
 - `severity`
 - `severity_mapping`
 - `tags`
 - `threat`
 - `timeline_template`
 - `timestamp_override`

<img width="2672" alt="Scherm­afbeelding 2024-10-16 om 17 32 06" src="https://github.com/user-attachments/assets/6dd615e2-6e84-4e1f-b674-f42d03f575e7">

### Testing
 - Ensure the `prebuiltRulesCustomizationEnabled` feature flag is enabled.
 - To simulate the availability of prebuilt rule upgrades, downgrade a currently installed prebuilt rule using the `PATCH api/detection_engine/rules` API. 
   - Set `version: 1` in the request body to downgrade it to version 1.
   - Modify other rule fields in the request body as needed to test the changes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport:prev-minor Backport to (8.x) the previous minor version (i.e. one version back from main) Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area release_note:skip Skip the PR/issue when compiling release notes Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants