diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts index 6e24b902995f4..374c6ff492e8d 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts +++ b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts @@ -21,11 +21,8 @@ import { RequiredFieldArray, RiskScore, RiskScoreMapping, - RuleAuthorArray, RuleDescription, - RuleExceptionList, RuleFalsePositiveArray, - RuleLicense, RuleName, RuleReferenceArray, RuleSignatureId, @@ -82,12 +79,9 @@ export const DiffableCommonFields = z.object({ setup: SetupGuide, related_integrations: RelatedIntegrationArray, required_fields: RequiredFieldArray, - author: RuleAuthorArray, - license: RuleLicense, // Other domain fields rule_schedule: RuleSchedule, // NOTE: new field - exceptions_list: z.array(RuleExceptionList), max_signals: MaxSignals, // Optional fields diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.ts b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.ts index 784f75d09bd7a..0021aece67455 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.ts +++ b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.ts @@ -40,7 +40,7 @@ export const FIELDS_TO_UPGRADE_TO_CURRENT_VERSION = [ 'items_per_search', ] as const; -export const NON_UPGRADEABLE_DIFFABLE_FIELDS = [ +export const FIELDS_TO_UPGRADE_TO_TARGET_VERSION = [ 'type', 'rule_id', 'version', @@ -48,6 +48,10 @@ export const NON_UPGRADEABLE_DIFFABLE_FIELDS = [ 'license', ] as const; +// Fields which are part of DiffableRule but are not upgradeable +// and need to be omittted from the DiffableUpgradableFields +export const NON_UPGRADEABLE_DIFFABLE_FIELDS = ['type', 'rule_id', 'version'] as const; + type NON_UPGRADEABLE_DIFFABLE_FIELDS_TO_OMIT_TYPE = { readonly [key in (typeof NON_UPGRADEABLE_DIFFABLE_FIELDS)[number]]: true; }; diff --git a/x-pack/plugins/security_solution/common/detection_engine/prebuilt_rules/diff/convert_rule_to_diffable.ts b/x-pack/plugins/security_solution/common/detection_engine/prebuilt_rules/diff/convert_rule_to_diffable.ts index 45b4612e83c8e..0f70a86c54e29 100644 --- a/x-pack/plugins/security_solution/common/detection_engine/prebuilt_rules/diff/convert_rule_to_diffable.ts +++ b/x-pack/plugins/security_solution/common/detection_engine/prebuilt_rules/diff/convert_rule_to_diffable.ts @@ -133,12 +133,9 @@ const extractDiffableCommonFields = ( setup: rule.setup ?? '', related_integrations: rule.related_integrations ?? [], required_fields: addEcsToRequiredFields(rule.required_fields), - author: rule.author ?? [], - license: rule.license ?? '', // Other domain fields rule_schedule: extractRuleSchedule(rule), - exceptions_list: rule.exceptions_list ?? [], max_signals: rule.max_signals ?? DEFAULT_MAX_SIGNALS, // --------------------- OPTIONAL FIELDS diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/constants.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/constants.ts index 5d42c8d73fd84..04660191c9cbf 100644 --- a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/constants.ts +++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/constants.ts @@ -14,7 +14,6 @@ export const ABOUT_UPGRADE_FIELD_ORDER: Array = [ 'version', 'name', 'description', - 'author', 'building_block', 'investigation_fields', 'severity', @@ -23,7 +22,6 @@ export const ABOUT_UPGRADE_FIELD_ORDER: Array = [ 'risk_score_mapping', 'references', 'false_positives', - 'license', 'rule_name_override', 'threat', 'threat_indicator_path', diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/components/constants.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/components/constants.ts deleted file mode 100644 index ad348c85148b2..0000000000000 --- a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/components/constants.ts +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { DiffableAllFields } from '../../../../../../../common/api/detection_engine'; - -type NonEditableFields = Readonly>; - -/* These fields are not visible in the comparison UI and are not editable */ -export const HIDDEN_FIELDS: NonEditableFields = new Set([ - 'alert_suppression', - 'author', - 'rule_id', - 'license', - 'version', -]); diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_readonly/common_rule_field_readonly.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_readonly/common_rule_field_readonly.tsx index 9471a17b216b3..bc4f1928ef9ba 100644 --- a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_readonly/common_rule_field_readonly.tsx +++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_readonly/common_rule_field_readonly.tsx @@ -19,11 +19,9 @@ import { NameReadOnly } from './fields/name/name'; import { TagsReadOnly } from './fields/tags/tags'; import { DescriptionReadOnly } from './fields/description/description'; import { assertUnreachable } from '../../../../../../../common/utility_types'; -import { AuthorReadOnly } from './fields/author/author'; import { BuildingBlockReadOnly } from './fields/building_block/building_block'; import { InvestigationFieldsReadOnly } from './fields/investigation_fields/investigation_fields'; import { FalsePositivesReadOnly } from './fields/false_positives/false_positives'; -import { LicenseReadOnly } from './fields/license/license'; import { MaxSignalsReadOnly } from './fields/max_signals/max_signals'; import { NoteReadOnly } from './fields/note/note'; import { RuleScheduleReadOnly } from './fields/rule_schedule/rule_schedule'; @@ -46,23 +44,16 @@ export function CommonRuleFieldReadOnly({ finalDiffableRule, }: CommonRuleFieldReadOnlyProps) { switch (fieldName) { - case 'author': - return ; case 'building_block': return ; case 'description': return ; - case 'exceptions_list': - /* Exceptions are not used in prebuilt rules */ - return null; case 'investigation_fields': return ( ); case 'false_positives': return ; - case 'license': - return ; case 'max_signals': return ; case 'name': diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_readonly/fields/author/author.stories.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_readonly/fields/author/author.stories.tsx deleted file mode 100644 index 97526ec0290b9..0000000000000 --- a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_readonly/fields/author/author.stories.tsx +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React from 'react'; -import type { Story } from '@storybook/react'; -import { AuthorReadOnly } from './author'; -import { FieldReadOnly } from '../../field_readonly'; -import type { DiffableRule } from '../../../../../../../../../common/api/detection_engine'; -import { mockCustomQueryRule } from '../../storybook/mocks'; -import { ThreeWayDiffStorybookProviders } from '../../storybook/three_way_diff_storybook_providers'; - -export default { - component: AuthorReadOnly, - title: 'Rule Management/Prebuilt Rules/Upgrade Flyout/ThreeWayDiff/FieldReadOnly/author', -}; - -interface TemplateProps { - finalDiffableRule: DiffableRule; -} - -const Template: Story = (args) => { - return ( - - - - ); -}; - -export const Default = Template.bind({}); - -Default.args = { - finalDiffableRule: mockCustomQueryRule({ - author: ['Elastic', 'John Doe'], - }), -}; diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_readonly/fields/author/author.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_readonly/fields/author/author.tsx deleted file mode 100644 index c284275bd4db4..0000000000000 --- a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_readonly/fields/author/author.tsx +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React from 'react'; -import { EuiDescriptionList } from '@elastic/eui'; -import * as ruleDetailsI18n from '../../../../translations'; -import type { RuleAuthorArray } from '../../../../../../../../../common/api/detection_engine'; -import { Author } from '../../../../rule_about_section'; - -interface AuthorReadOnlyProps { - author: RuleAuthorArray; -} - -export function AuthorReadOnly({ author }: AuthorReadOnlyProps) { - return ( - , - }, - ]} - /> - ); -} diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_readonly/fields/license/license.stories.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_readonly/fields/license/license.stories.tsx deleted file mode 100644 index 666f4b6507798..0000000000000 --- a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_readonly/fields/license/license.stories.tsx +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React from 'react'; -import type { Story } from '@storybook/react'; -import { LicenseReadOnly } from './license'; -import { FieldReadOnly } from '../../field_readonly'; -import type { DiffableRule } from '../../../../../../../../../common/api/detection_engine'; -import { mockCustomQueryRule } from '../../storybook/mocks'; -import { ThreeWayDiffStorybookProviders } from '../../storybook/three_way_diff_storybook_providers'; - -export default { - component: LicenseReadOnly, - title: 'Rule Management/Prebuilt Rules/Upgrade Flyout/ThreeWayDiff/FieldReadOnly/license', -}; - -interface TemplateProps { - finalDiffableRule: DiffableRule; -} - -const Template: Story = (args) => { - return ( - - - - ); -}; - -export const Default = Template.bind({}); - -Default.args = { - finalDiffableRule: mockCustomQueryRule({ - license: 'Elastic License 2.0', - }), -}; diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_readonly/fields/license/license.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_readonly/fields/license/license.tsx deleted file mode 100644 index 18032f66ab81d..0000000000000 --- a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_readonly/fields/license/license.tsx +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React from 'react'; -import { EuiDescriptionList } from '@elastic/eui'; -import * as ruleDetailsI18n from '../../../../translations'; -import type { RuleLicense } from '../../../../../../../../../common/api/detection_engine'; -import { License } from '../../../../rule_about_section'; - -interface LicenseReadOnlyProps { - license: RuleLicense; -} - -export function LicenseReadOnly({ license }: LicenseReadOnlyProps) { - return ( - , - }, - ]} - /> - ); -} diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_readonly/storybook/mocks.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_readonly/storybook/mocks.ts index e940f1ba52a40..18973df5ca545 100644 --- a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_readonly/storybook/mocks.ts +++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_readonly/storybook/mocks.ts @@ -137,14 +137,10 @@ const commonDiffableRuleFields: DiffableCommonFields = { setup: '', related_integrations: [], required_fields: [], - author: [], - license: '', - rule_schedule: { interval: '5m', lookback: '360s', }, - exceptions_list: [], max_signals: DEFAULT_MAX_SIGNALS, }; diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/model/prebuilt_rule_upgrade/fields.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_management/model/prebuilt_rule_upgrade/fields.ts index c384b48a79d4f..f3b98ba3d0dd9 100644 --- a/x-pack/plugins/security_solution/public/detection_engine/rule_management/model/prebuilt_rule_upgrade/fields.ts +++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/model/prebuilt_rule_upgrade/fields.ts @@ -4,18 +4,18 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ - -import { DiffableCommonFields } from '../../../../../common/api/detection_engine'; -import type { - DiffableCustomQueryFields, - DiffableEqlFields, - DiffableEsqlFields, - DiffableMachineLearningFields, - DiffableNewTermsFields, - DiffableSavedQueryFields, - DiffableThreatMatchFields, - DiffableThresholdFields, - RuleFieldsDiff, +import { + DiffableCommonFields, + NON_UPGRADEABLE_DIFFABLE_FIELDS, + type DiffableCustomQueryFields, + type DiffableEqlFields, + type DiffableEsqlFields, + type DiffableMachineLearningFields, + type DiffableNewTermsFields, + type DiffableSavedQueryFields, + type DiffableThreatMatchFields, + type DiffableThresholdFields, + type RuleFieldsDiff, } from '../../../../../common/api/detection_engine'; export type NonUpgradeableDiffableFields = (typeof NON_UPGRADEABLE_DIFFABLE_FIELDS)[number]; @@ -61,14 +61,6 @@ export type UpgradeableNewTermsFields = Exclude< NonUpgradeableDiffableFields >; -export const NON_UPGRADEABLE_DIFFABLE_FIELDS = [ - 'author', - 'license', - 'rule_id', - 'type', - 'version', -] as const; - export const COMMON_FIELD_NAMES = DiffableCommonFields.keyof().options; export function isCommonFieldName(fieldName: string): fieldName is keyof DiffableCommonFields { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/get_field_predefined_value.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/get_field_predefined_value.ts index 777711e56470c..2fbb6d427158d 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/get_field_predefined_value.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/get_field_predefined_value.ts @@ -7,7 +7,7 @@ import { FIELDS_TO_UPGRADE_TO_CURRENT_VERSION, - NON_UPGRADEABLE_DIFFABLE_FIELDS, + FIELDS_TO_UPGRADE_TO_TARGET_VERSION, } from '../../../../../../common/api/detection_engine'; import { type PrebuiltRuleAsset } from '../../model/rule_assets/prebuilt_rule_asset'; import type { RuleTriad } from '../../model/rule_groups/get_rule_groups'; @@ -24,10 +24,10 @@ type GetFieldPredefinedValueReturnType = * a predefined value or is customizable), and returns the value if it is predefined. * * This function checks whether a field can be upgraded via API contract and how it should - * be handled during the rule upgrade process. It uses the `NON_UPGRADEABLE_DIFFABLE_FIELDS` and + * be handled during the rule upgrade process. It uses the `FIELDS_TO_UPGRADE_TO_TARGET_VERSION` and * `FIELDS_TO_UPGRADE_TO_CURRENT_VERSION` constants to make this determination. * - * `NON_UPGRADEABLE_DIFFABLE_FIELDS` includes fields that are not upgradeable: 'type', 'rule_id', + * `FIELDS_TO_UPGRADE_TO_TARGET_VERSION` includes fields that are not upgradeable: 'type', 'rule_id', * 'version', 'author', and 'license', and are always upgraded to the target version. * * `FIELDS_TO_UPGRADE_TO_CURRENT_VERSION` includes fields that should be updated to their @@ -46,8 +46,8 @@ export const getFieldPredefinedValue = ( upgradeableRule: RuleTriad ): GetFieldPredefinedValueReturnType => { if ( - NON_UPGRADEABLE_DIFFABLE_FIELDS.includes( - fieldName as (typeof NON_UPGRADEABLE_DIFFABLE_FIELDS)[number] + FIELDS_TO_UPGRADE_TO_TARGET_VERSION.includes( + fieldName as (typeof FIELDS_TO_UPGRADE_TO_TARGET_VERSION)[number] ) ) { return { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/calculate_rule_fields_diff.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/calculate_rule_fields_diff.ts index b49e04f566c4b..bde52596667d2 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/calculate_rule_fields_diff.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/calculate_rule_fields_diff.ts @@ -194,10 +194,7 @@ const commonFieldsDiffAlgorithms: FieldsDiffAlgorithmsFor setup: multiLineStringDiffAlgorithm, related_integrations: simpleDiffAlgorithm, required_fields: simpleDiffAlgorithm, - author: scalarArrayDiffAlgorithm, - license: singleLineStringDiffAlgorithm, rule_schedule: simpleDiffAlgorithm, - exceptions_list: simpleDiffAlgorithm, max_signals: numberDiffAlgorithm, rule_name_override: simpleDiffAlgorithm, timestamp_override: simpleDiffAlgorithm, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/upgrade_perform_prebuilt_rules.specific_rules_mode.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/upgrade_perform_prebuilt_rules.specific_rules_mode.ts index 8c086c46927e7..8da3f96d41d6c 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/upgrade_perform_prebuilt_rules.specific_rules_mode.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/upgrade_perform_prebuilt_rules.specific_rules_mode.ts @@ -776,7 +776,6 @@ export default ({ getService }: FtrProviderContext): void => { // Create resolved values different from current values const resolvedValues: { [key: string]: unknown } = { - exceptions_list: [], alert_suppression: { group_by: ['test'], duration: { value: 10, unit: 'm' as const },