[Security Solution] FinalEdit: Add fields that are common for all rule types
#196642
Conversation
nikitaindik
added
release_note:skip
nikitaindik
force-pushed
the
editable-common-fields-2
branch
from
cfacec3 to
19ddb83
Compare
nikitaindik
force-pushed
the
editable-common-fields-2
branch
from
0f789a4 to
6377545
Compare
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
There was a problem hiding this comment.
@nikitaindik I had a look at the recent changes and left comments. I think we should make slight improvements before merging it back.
| const { selectedField, indexPattern } = useMemo(() => { | ||
| /* eslint-disable @typescript-eslint/no-shadow */ | ||
| /* If the field is not found in the indices, we still want to show it in the dropdown */ | ||
| const selectedField = foundField || { name: field.value, type: fieldType }; |
There was a problem hiding this comment.
It's better to use a different name inside useMemo and remove eslint-disable.
| ); | ||
| return newSelectedField; | ||
| }, [field.value, indices]); | ||
| const foundField = field.value && indices.fields.find(({ name }) => name === field.value); |
There was a problem hiding this comment.
This line should be inside useMemo()'s callback.
| const { selectedField, indexPattern } = useMemo(() => { | ||
| /* eslint-disable @typescript-eslint/no-shadow */ | ||
| /* If the field is not found in the indices, we still want to show it in the dropdown */ | ||
| const selectedField = foundField || { name: field.value, type: fieldType }; | ||
| const indexPattern = foundField | ||
| ? indices | ||
| : { ...indices, fields: [...indices.fields, selectedField] }; | ||
|
|
||
| return { selectedField, indexPattern }; | ||
| /* eslint-enable @typescript-eslint/no-shadow */ | ||
| }, [field.value, indices, foundField, fieldType]); |
There was a problem hiding this comment.
For better readability this logic could be moved to an "internal" hook named like useSelectedField() and placed under the component in the file.
Though it might be better to have this logic in FieldComponent.
| ) { | ||
| /* | ||
| Getting values for required fields via flattened fields instead of using `getFormData`. | ||
| This is because `getFormData` applies a serializer function to field values, which might update values. |
There was a problem hiding this comment.
How exactly serializer update values? Or, why it's a problem for our case?
There was a problem hiding this comment.
Serializer is a function you can pass to the form library. It converts form data from an internal format to an output format when you click Submit.
To get the form data for validation, we normally use form.getFormData(). However, this method internally calls the serializer. In this case, we need the form data in its internal format, before it is serialized, because the returned value would be different if you pass a different serialzers.
There was a problem hiding this comment.
In our case we have no serializer on the Rule Editing page, but we do have one in the flyout
| @@ -26,3 +28,13 @@ export function pickTypeForName({ name, type, typesByFieldName = {} }: PickTypeF | |||
| */ | |||
| return typesAvailableForName[0] ?? type; | |||
| } | |||
|
|
|||
| export function getFlattenedArrayFieldNames( | |||
There was a problem hiding this comment.
Not sure that commment, is enough. We rely on internal implmenatin, and if it chanes, we don't have ability to notice that our function don't work.
Ar least we should have a tests for his function, which use real form implmentaion
But can we maybe use getInternalArrayFieldPath function from the forms?
| @@ -44,14 +44,6 @@ export const RequiredFieldRow = ({ | |||
| const rowFieldConfig: FieldConfig<RequiredField | RequiredFieldInput, {}, RequiredFieldInput> = | |||
| useMemo( | |||
| () => ({ | |||
| deserializer: (value) => { | |||
There was a problem hiding this comment.
It was needed to convert the type from RequiredField to RequiredFieldInput, but I've modified the component to use RequiredField, so this conversion is no longer needed.
| @@ -26,3 +28,13 @@ export function pickTypeForName({ name, type, typesByFieldName = {} }: PickTypeF | |||
| */ | |||
| return typesAvailableForName[0] ?? type; | |||
| } | |||
|
|
|||
| export function getFlattenedArrayFieldNames( | |||
There was a problem hiding this comment.
Ok, I see that you didn't add this code, it was already there.
Still if possible add tests, or reuse getInternalArrayFieldPath will be great
| const fieldTypeFilter = useMemo(() => [fieldType], [fieldType]); | ||
| const { selectedField, indexPattern } = useMemo(() => { | ||
| /* eslint-disable @typescript-eslint/no-shadow */ | ||
| /* If the field is not found in the indices, we still want to show it in the dropdown */ |
There was a problem hiding this comment.
Are we sure what we want to show it in dropdown?
Will be ther any error or message that field not in index?
There was a problem hiding this comment.
Actually, I ended up removing this part and reverting to previous behaviour. It turned out we already handle such case in a nested component.
💚 Build Succeeded
Metrics [docs]Module Count
Async chunks
Public APIs missing exports
Unknown metric groupsESLint disabled line counts
Total ESLint disabled count
History
cc @nikitaindik |
There was a problem hiding this comment.
@nikitaindik Thanks for addressing my comments 🙏
I tested the PR on the latest commit and editable components work as expected 👍
|
@nkhristinin There is time constrain on Prebuilt Rule Customization readiness. Do you think there is something critical in you comments and should be addressed in this PR? I created a ticket for rule creation/editing forms improvements. Let's add any desired enhancements/improvements to that ticket. |
|
@maximpn I think we can add tests for this function later #196642 (comment) Other comments, not blocking, more requesting reason for those changes |
|
Starting backport for target branches: 8.x |
…ule types (elastic#196642) **Partially addresses: elastic#171520 **Is a follow-up to: elastic#196326 This PR enables editing of common fields in the new "Updates" tab of the rule upgrade flyout. The common fields are fields applicable to all rule types. ## Summary These fields are editable now: - `building_block` - `description` - `false_positives` - `investigation_fields` - `max_signals` - `note` - `references` - `related_integrations` - `required_fields` - `risk_score` - `risk_score_mapping` - `rule_name_override` - `rule_schedule` - `setup` - `severity` - `severity_mapping` - `tags` - `threat` - `timeline_template` - `timestamp_override` <img width="2672" alt="Schermafbeelding 2024-10-16 om 17 32 06" src="https://github.com/user-attachments/assets/6dd615e2-6e84-4e1f-b674-f42d03f575e7"> ### Testing - Ensure the `prebuiltRulesCustomizationEnabled` feature flag is enabled. - To simulate the availability of prebuilt rule upgrades, downgrade a currently installed prebuilt rule using the `PATCH api/detection_engine/rules` API. - Set `version: 1` in the request body to downgrade it to version 1. - Modify other rule fields in the request body as needed to test the changes. (cherry picked from commit 3d3b32f)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…common for all rule types (#196642) (#199743) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] `FinalEdit`: Add fields that are common for all rule types (#196642)](#196642) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Nikita Indik","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-12T10:04:10Z","message":"[Security Solution] `FinalEdit`: Add fields that are common for all rule types (#196642)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/171520**\r\n**Is a follow-up to: https://github.com/elastic/kibana/pull/196326**\r\n\r\nThis PR enables editing of common fields in the new \"Updates\" tab of the rule upgrade flyout. The common fields are fields applicable to all rule types.\r\n\r\n## Summary\r\nThese fields are editable now:\r\n - `building_block`\r\n - `description`\r\n - `false_positives`\r\n - `investigation_fields`\r\n - `max_signals`\r\n - `note`\r\n - `references`\r\n - `related_integrations`\r\n - `required_fields`\r\n - `risk_score`\r\n - `risk_score_mapping`\r\n - `rule_name_override`\r\n - `rule_schedule`\r\n - `setup`\r\n - `severity`\r\n - `severity_mapping`\r\n - `tags`\r\n - `threat`\r\n - `timeline_template`\r\n - `timestamp_override`\r\n\r\n<img width=\"2672\" alt=\"Schermafbeelding 2024-10-16 om 17 32 06\" src=\"https://github.com/user-attachments/assets/6dd615e2-6e84-4e1f-b674-f42d03f575e7\">\r\n\r\n### Testing\r\n - Ensure the `prebuiltRulesCustomizationEnabled` feature flag is enabled.\r\n - To simulate the availability of prebuilt rule upgrades, downgrade a currently installed prebuilt rule using the `PATCH api/detection_engine/rules` API. \r\n - Set `version: 1` in the request body to downgrade it to version 1.\r\n - Modify other rule fields in the request body as needed to test the changes.","sha":"3d3b32faf6992f95805a37230e7e7e552e19a801","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:prev-minor"],"title":"[Security Solution] `FinalEdit`: Add fields that are common for all rule types","number":196642,"url":"https://github.com/elastic/kibana/pull/196642","mergeCommit":{"message":"[Security Solution] `FinalEdit`: Add fields that are common for all rule types (#196642)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/171520**\r\n**Is a follow-up to: https://github.com/elastic/kibana/pull/196326**\r\n\r\nThis PR enables editing of common fields in the new \"Updates\" tab of the rule upgrade flyout. The common fields are fields applicable to all rule types.\r\n\r\n## Summary\r\nThese fields are editable now:\r\n - `building_block`\r\n - `description`\r\n - `false_positives`\r\n - `investigation_fields`\r\n - `max_signals`\r\n - `note`\r\n - `references`\r\n - `related_integrations`\r\n - `required_fields`\r\n - `risk_score`\r\n - `risk_score_mapping`\r\n - `rule_name_override`\r\n - `rule_schedule`\r\n - `setup`\r\n - `severity`\r\n - `severity_mapping`\r\n - `tags`\r\n - `threat`\r\n - `timeline_template`\r\n - `timestamp_override`\r\n\r\n<img width=\"2672\" alt=\"Schermafbeelding 2024-10-16 om 17 32 06\" src=\"https://github.com/user-attachments/assets/6dd615e2-6e84-4e1f-b674-f42d03f575e7\">\r\n\r\n### Testing\r\n - Ensure the `prebuiltRulesCustomizationEnabled` feature flag is enabled.\r\n - To simulate the availability of prebuilt rule upgrades, downgrade a currently installed prebuilt rule using the `PATCH api/detection_engine/rules` API. \r\n - Set `version: 1` in the request body to downgrade it to version 1.\r\n - Modify other rule fields in the request body as needed to test the changes.","sha":"3d3b32faf6992f95805a37230e7e7e552e19a801"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/196642","number":196642,"mergeCommit":{"message":"[Security Solution] `FinalEdit`: Add fields that are common for all rule types (#196642)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/171520**\r\n**Is a follow-up to: https://github.com/elastic/kibana/pull/196326**\r\n\r\nThis PR enables editing of common fields in the new \"Updates\" tab of the rule upgrade flyout. The common fields are fields applicable to all rule types.\r\n\r\n## Summary\r\nThese fields are editable now:\r\n - `building_block`\r\n - `description`\r\n - `false_positives`\r\n - `investigation_fields`\r\n - `max_signals`\r\n - `note`\r\n - `references`\r\n - `related_integrations`\r\n - `required_fields`\r\n - `risk_score`\r\n - `risk_score_mapping`\r\n - `rule_name_override`\r\n - `rule_schedule`\r\n - `setup`\r\n - `severity`\r\n - `severity_mapping`\r\n - `tags`\r\n - `threat`\r\n - `timeline_template`\r\n - `timestamp_override`\r\n\r\n<img width=\"2672\" alt=\"Schermafbeelding 2024-10-16 om 17 32 06\" src=\"https://github.com/user-attachments/assets/6dd615e2-6e84-4e1f-b674-f42d03f575e7\">\r\n\r\n### Testing\r\n - Ensure the `prebuiltRulesCustomizationEnabled` feature flag is enabled.\r\n - To simulate the availability of prebuilt rule upgrades, downgrade a currently installed prebuilt rule using the `PATCH api/detection_engine/rules` API. \r\n - Set `version: 1` in the request body to downgrade it to version 1.\r\n - Modify other rule fields in the request body as needed to test the changes.","sha":"3d3b32faf6992f95805a37230e7e7e552e19a801"}}]}] BACKPORT--> Co-authored-by: Nikita Indik <[email protected]>
…ule types (elastic#196642) **Partially addresses: elastic#171520 **Is a follow-up to: elastic#196326 This PR enables editing of common fields in the new "Updates" tab of the rule upgrade flyout. The common fields are fields applicable to all rule types. ## Summary These fields are editable now: - `building_block` - `description` - `false_positives` - `investigation_fields` - `max_signals` - `note` - `references` - `related_integrations` - `required_fields` - `risk_score` - `risk_score_mapping` - `rule_name_override` - `rule_schedule` - `setup` - `severity` - `severity_mapping` - `tags` - `threat` - `timeline_template` - `timestamp_override` <img width="2672" alt="Schermafbeelding 2024-10-16 om 17 32 06" src="https://github.com/user-attachments/assets/6dd615e2-6e84-4e1f-b674-f42d03f575e7"> ### Testing - Ensure the `prebuiltRulesCustomizationEnabled` feature flag is enabled. - To simulate the availability of prebuilt rule upgrades, downgrade a currently installed prebuilt rule using the `PATCH api/detection_engine/rules` API. - Set `version: 1` in the request body to downgrade it to version 1. - Modify other rule fields in the request body as needed to test the changes.
…ule types (elastic#196642) **Partially addresses: elastic#171520 **Is a follow-up to: elastic#196326 This PR enables editing of common fields in the new "Updates" tab of the rule upgrade flyout. The common fields are fields applicable to all rule types. ## Summary These fields are editable now: - `building_block` - `description` - `false_positives` - `investigation_fields` - `max_signals` - `note` - `references` - `related_integrations` - `required_fields` - `risk_score` - `risk_score_mapping` - `rule_name_override` - `rule_schedule` - `setup` - `severity` - `severity_mapping` - `tags` - `threat` - `timeline_template` - `timestamp_override` <img width="2672" alt="Schermafbeelding 2024-10-16 om 17 32 06" src="https://github.com/user-attachments/assets/6dd615e2-6e84-4e1f-b674-f42d03f575e7"> ### Testing - Ensure the `prebuiltRulesCustomizationEnabled` feature flag is enabled. - To simulate the availability of prebuilt rule upgrades, downgrade a currently installed prebuilt rule using the `PATCH api/detection_engine/rules` API. - Set `version: 1` in the request body to downgrade it to version 1. - Modify other rule fields in the request body as needed to test the changes.
Partially addresses: #171520
Is a follow-up to: #196326
This PR enables editing of common fields in the new "Updates" tab of the rule upgrade flyout. The common fields are fields applicable to all rule types.
Summary
These fields are editable now:
building_blockdescriptionfalse_positivesinvestigation_fieldsmax_signalsnotereferencesrelated_integrationsrequired_fieldsrisk_scorerisk_score_mappingrule_name_overriderule_schedulesetupseverityseverity_mappingtagsthreattimeline_templatetimestamp_overrideTesting
prebuiltRulesCustomizationEnabledfeature flag is enabled.PATCH api/detection_engine/rulesAPI.version: 1in the request body to downgrade it to version 1.