Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] Rule Updates in bulk with conflicts #196776

Merged
merged 20 commits into from
Nov 11, 2024

Conversation

jpdjere
Copy link
Contributor

@jpdjere jpdjere commented Oct 17, 2024

Resolves: #180589

Summary

  • Handles bulk updating of rules with conflicts in the Rule Upgrades table. See detailed requirements implemented in ticket linked above.
  • Changes default pick_version of both the /upgrade/_perform endpoint, and of the request payloads for that endpoint from the frontend, from TARGET to MERGED, when the isPrebuiltRulesCustomizationEnabled is true.
  • Also: handles issue in /upgrade/_perform endpoint with the index and data_view_id fields. See file: x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/diffable_rule_fields_mappings.ts.

See demo video: https://www.loom.com/share/90d94d2a8f16442b9a43a425eeab6697

New copy in warning modal
image

Newly added tooltips:

image
image
image

Checklist

Delete any items that are not applicable to this PR.

For maintainers

Comment on lines -681 to -690
export const performUpgradeAllRules = async (): Promise<PerformRuleUpgradeResponseBody> =>
KibanaServices.get().http.fetch(PERFORM_RULE_UPGRADE_URL, {
method: 'POST',
version: '1',
body: JSON.stringify({
mode: 'ALL_RULES',
pick_version: 'TARGET',
}),
});

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Deleting this since from now onwards the frontend client will never be just sending a request to update ALL rules, since some of them might have conflicts: we want to filter those out before making the request, which is done in this PR.

API users can still send this type request, and will get detailed errors if there are conflicts.

@jpdjere jpdjere self-assigned this Oct 18, 2024
@jpdjere jpdjere added Team:Detections and Resp Security Detection Response Team Team:Detection Rule Management Security Detection Rule Management Team v9.0.0 Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area v8.16.0 v8.17.0 Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. release_note:skip Skip the PR/issue when compiling release notes labels Oct 18, 2024
@jpdjere jpdjere marked this pull request as ready for review October 18, 2024 19:49
@jpdjere jpdjere requested review from a team as code owners October 18, 2024 19:49
@jpdjere jpdjere requested a review from xcrzx October 18, 2024 19:49
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

@jpdjere
Copy link
Contributor Author

jpdjere commented Oct 18, 2024

@approksiu @ARWNightingale

Hi! I worked on this feature and it's basically done. You can take a look at the video as a demo.

Only question is: I wrote the texts of the modal myself. Want to take a look at it and decide if we should involve the docs team here for input?

@jpdjere jpdjere added the backport:prev-minor Backport to (8.x) the previous minor version (i.e. one version back from main) label Oct 18, 2024
@banderror banderror removed the v8.16.0 label Oct 22, 2024
@banderror
Copy link
Contributor

Only question is: I wrote the texts of the modal myself. Want to take a look at it and decide if we should involve the docs team here for input?

@jpdjere By default, we involve the Docs team for reviewing any UI copies. For their convenience, it would be great if you could please add screenshots of every copy to the PR description, and tag @joepeeples near every corresponding place in the code.

@banderror banderror added the ui-copy Review of UI copy with docs team is recommended label Oct 22, 2024
@banderror banderror requested a review from joepeeples October 22, 2024 14:41
@xcrzx
Copy link
Contributor

xcrzx commented Oct 22, 2024

Hi @jpdjere, what is the scope of this PR? I'm looking at the linked ticket requirements:

Bulk Upgrade Action:

When users select multiple rules for a bulk upgrade, only those without conflicts should be upgraded. The system should automatically exclude rules with conflicts from the upgrade process.
If a user selects rules that include conflicts, a modal window should appear (similar to the one used during bulk edits). This modal will inform the user that some selected rules contain conflicts and cannot be upgraded in bulk. The user will then be prompted to proceed with upgrading only the rules without conflicts.

This doesn't seem to be implemented:

Screen.Recording.2024-10-22.at.17.34.09.mov

@xcrzx
Copy link
Contributor

xcrzx commented Oct 22, 2024

The implementation also doesn't match the Upgrade All button behavior:

Upgrade All Button Behavior:

The "Upgrade All" button should now only upgrade rules that do not contain conflicts. The system should automatically exclude rules with conflicts from the upgrade process.
The UI needs to be updated to clearly communicate this to users, ensuring they understand that only conflict-free rules will be upgraded when using this option.

All rules are being upgraded, regardless of conflicts.

Screen.Recording.2024-10-22.at.17.41.32.mov

The page also crashes in the end.

@jpdjere
Copy link
Contributor Author

jpdjere commented Oct 22, 2024

@xcrzx Are you sure you pulled the right branch and pulled the latest changes? Everything you mentioned above is what I implemented; see the video that I posted in the PR description above.

Also, since the PR changes the default pick_version in the request payload from TARGET to MERGE (when FF is on), the update should fail anyways for all rules that have conflicts. And I don't see that happening in the videos you posted above. That's why I suspect you might be running an older commit.

@xcrzx
Copy link
Contributor

xcrzx commented Oct 22, 2024

@xcrzx Are you sure you pulled the right branch and pulled the latest changes? Everything you mentioned above is what I implemented; see the video that I posted in the PR description above.

@jpdjere You are right, apologies, I was on another branch 🤦‍♂️

Copy link
Contributor

@xcrzx xcrzx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested the PR locally with both rule customization enabled and disabled, using both UI and API calls. No issues found apart from minor usability concerns. Posting suggestions mostly on code structure and organisation, separation of concerns.

Also, the PR implements the rule upgrade path for rules without conflicts. What is the plan for conflict resolution?

The initial issue contains the following:

Reviewing Conflicts:

Rules that contain conflicts, including those with solvable conflicts, must be reviewed before they can be upgraded. Users need to open the upgrade preview, review the proposed changes, and then decide whether to accept or decline the changes.

Currently, it's not possible to accept or decline the changes. Is this going to be implemented separately?

Additionally, the PR doesn't contain any tests. What is the plan for covering the introduced functionality with tests?

@@ -67,3 +90,7 @@ export const UpgradePrebuiltRulesTableButtons = ({
</EuiFlexGroup>
);
};

function isAllRuleHaveConflicts(rules: Array<{ diff: { num_fields_with_conflicts: number } }>) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A slightly more grammatically correct name for the function could be:

Suggested change
function isAllRuleHaveConflicts(rules: Array<{ diff: { num_fields_with_conflicts: number } }>) {
function doAllRulesHaveConflicts(rules: Array<{ diff: { num_fields_with_conflicts: number } }>) {

Comment on lines 41 to 44
const isAllSelectedRulesHaveConflicts =
isPrebuiltRulesCustomizationEnabled && isAllRuleHaveConflicts(selectedRules);
const isAllRulesHaveConflicts =
isPrebuiltRulesCustomizationEnabled && isAllRuleHaveConflicts(ruleUpgradeInfos);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And here:

  1. isAllSelectedRulesHaveConflictsdoAllSelectedRulesHaveConflicts
  2. isAllRulesHaveConflictsdoAllRulesHaveConflicts

Comment on lines +37 to 44
/**
* Rule upgrade state (all rules available for upgrade)
*/
ruleUpgradeInfos: RuleUpgradeInfoForReview[];
/**
* Rule upgrade state after applying `filterOptions`
*/
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can improve naming here for more clarity:
ruleUpgradeInfos -> allUpgradeableRules
rulesUpgradeState -> filteredUpgradeableRules

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not directly related to this PR, but the rulesUpgradeState seems to contain not only the currently filtered rules but also some additional state, such as final rule versions. Mixing these two states together feels like poor design, but perhaps I'm missing some context here. I'd be happy to discuss the state composition in more detail, let's sync up on that.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @xcrzx,

do you still have concerns regarding rulesUpgradeState type and would like to discuss that?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, let's sync on this. I'll send an invite

Comment on lines 162 to 166
const getRulesWithConflicts = useCallback(
(ruleIds?: RuleSignatureId[]) => {
// If no rules are selected (update all rules case), then check all rules
const rulesSelectedForUpgrade = ruleIds ?? Object.keys(rulesUpgradeState);
const rulesToUpgrade = rulesSelectedForUpgrade.map((ruleId) => rulesUpgradeState[ruleId]);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to handle a situation where ruleId is not found in rulesUpgradeState. Let's at least add an invariant, something like:

const rule = rulesUpgradeState[ruleId];
invariant(rule, `Rule with ID ${ruleId} not found in rulesUpgradeState`);

This way, we get an easily recognizable error message instead of cannot read property xxx of undefined later on.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added exception handling and toast in the UI:
image

// Prepare payload for upgrade with rules with no conflicts
const ruleIdsWithConflicts = rulesWithConflicts.map((rule) => rule.rule_id);
const rulesToUpgradeWithNoConflicts = isPrebuiltRulesCustomizationEnabled
? rulesToUpgrade.filter((rule) => !ruleIdsWithConflicts.includes(rule.rule_id))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Set.has will be orders of magnitude faster for a larger number of rules than Array.includes, as it has O(1) time complexity compared to O(n) for arrays. I'd suggest using a Set for ruleIdsWithConflicts.

jpdjere and others added 10 commits November 8, 2024 16:24
…management_ui/components/rules_table/upgrade_prebuilt_rules_table/modals/upgrade_conflicts_modal/translations.tsx

Co-authored-by: Nastasha Solomon <[email protected]>
…management_ui/components/rules_table/upgrade_prebuilt_rules_table/modals/upgrade_conflicts_modal/translations.tsx

Co-authored-by: Nastasha Solomon <[email protected]>
…management_ui/components/rules_table/upgrade_prebuilt_rules_table/translations.ts

Co-authored-by: Nastasha Solomon <[email protected]>
…tion_engine/rules/translations.ts

Co-authored-by: Nastasha Solomon <[email protected]>
…management_ui/components/rules_table/upgrade_prebuilt_rules_table/translations.ts

Co-authored-by: Nastasha Solomon <[email protected]>
@xcrzx xcrzx force-pushed the bulk-upgrade-rules-changes branch from fc534b2 to f360a7d Compare November 8, 2024 15:40
@xcrzx xcrzx added backport:version Backport to applied version labels and removed backport:prev-minor Backport to (8.x) the previous minor version (i.e. one version back from main) labels Nov 8, 2024
Copy link
Contributor

@xcrzx xcrzx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for addressing my comments and adding happy path tests, @jpdjere!

I tested the upgrade flow locally with both FF on and off, no issues.

@xcrzx xcrzx enabled auto-merge (squash) November 11, 2024 10:40
@xcrzx xcrzx disabled auto-merge November 11, 2024 10:40
@xcrzx xcrzx enabled auto-merge (squash) November 11, 2024 10:40
@xcrzx xcrzx merged commit 99160f5 into elastic:main Nov 11, 2024
43 checks passed
@kibanamachine
Copy link
Contributor

Starting backport for target branches: 8.x

https://github.com/elastic/kibana/actions/runs/11778555159

@elasticmachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 6133 6135 +2

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 13.4MB 13.4MB +3.1KB

History

cc @jpdjere

@kibanamachine
Copy link
Contributor

💔 All backports failed

Status Branch Result
8.x Backport failed because of merge conflicts

You might need to backport the following PRs to 8.x:
- [Search Playground] Change route on selector changed in between search/chat modes (#197431)
- [Entity Analytics] [Entity Store] Fix Asset Criticality index issue when setting up entity engines concurrently (#199486)
- [APM] Attempt to fix service maps (#192859)
- [OpenAPI][Fleet] Add missing operation summaries (#199548)
- Update serverless link targets (#199396)

Manual backport

To create the backport manually run:

node scripts/backport --pr 196776

Questions ?

Please refer to the Backport tool documentation

@xcrzx
Copy link
Contributor

xcrzx commented Nov 11, 2024

💚 All backports created successfully

Status Branch Result
8.x

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

xcrzx pushed a commit to xcrzx/kibana that referenced this pull request Nov 11, 2024
Resolves: elastic#180589

## Summary

- Handles bulk updating of rules with conflicts in the Rule Upgrades
table. See detailed requirements implemented in ticket linked above.
- Changes default `pick_version` of both the `/upgrade/_perform`
endpoint, and of the request payloads for that endpoint from the
frontend, from `TARGET` to `MERGED`, when the
`isPrebuiltRulesCustomizationEnabled` is `true`.
- **Also:** handles issue in `/upgrade/_perform` endpoint with the
`index` and `data_view_id` fields. See file:
`x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/diffable_rule_fields_mappings.ts`.

**See demo video:**
https://www.loom.com/share/90d94d2a8f16442b9a43a425eeab6697

**New copy in warning modal**
<img width="1660" alt="image"
src="https://github.com/user-attachments/assets/85632192-142a-4e12-b396-1eb2320ca3f4">

**Newly added tooltips:**

![image](https://github.com/user-attachments/assets/7ada117e-57a7-4699-ad08-312c734586d9)

![image](https://github.com/user-attachments/assets/c8ed80ac-c1c3-48f1-8f8e-2433415a6772)

![image](https://github.com/user-attachments/assets/d77ed6f0-5d65-4933-9012-f6cd153a9350)

### Checklist

Delete any items that are not applicable to this PR.

- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))

### For maintainers

- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)
- [ ] This will appear in the **Release Notes** and follow the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

---------

Co-authored-by: Nastasha Solomon <[email protected]>
Co-authored-by: Dmitrii <[email protected]>
(cherry picked from commit 99160f5)

# Conflicts:
#	.github/CODEOWNERS
xcrzx added a commit that referenced this pull request Nov 11, 2024
… (#199649)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[Security Solution] Rule Updates in bulk with conflicts
(#196776)](#196776)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Juan Pablo
Djeredjian","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-11T12:29:21Z","message":"[Security
Solution] Rule Updates in bulk with conflicts (#196776)\n\nResolves:
https://github.com/elastic/kibana/issues/180589\r\n\r\n##
Summary\r\n\r\n- Handles bulk updating of rules with conflicts in the
Rule Upgrades\r\ntable. See detailed requirements implemented in ticket
linked above.\r\n- Changes default `pick_version` of both the
`/upgrade/_perform`\r\nendpoint, and of the request payloads for that
endpoint from the\r\nfrontend, from `TARGET` to `MERGED`, when
the\r\n`isPrebuiltRulesCustomizationEnabled` is `true`.\r\n- **Also:**
handles issue in `/upgrade/_perform` endpoint with the\r\n`index` and
`data_view_id` fields. See
file:\r\n`x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/diffable_rule_fields_mappings.ts`.\r\n\r\n**See
demo
video:**\r\nhttps://www.loom.com/share/90d94d2a8f16442b9a43a425eeab6697\r\n\r\n**New
copy in warning modal**\r\n<img width=\"1660\"
alt=\"image\"\r\nsrc=\"https://github.com/user-attachments/assets/85632192-142a-4e12-b396-1eb2320ca3f4\">\r\n\r\n**Newly
added tooltips:**
\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/7ada117e-57a7-4699-ad08-312c734586d9)\r\n\r\n![image](https://github.com/user-attachments/assets/c8ed80ac-c1c3-48f1-8f8e-2433415a6772)\r\n\r\n![image](https://github.com/user-attachments/assets/d77ed6f0-5d65-4933-9012-f6cd153a9350)\r\n\r\n\r\n###
Checklist\r\n\r\nDelete any items that are not applicable to this
PR.\r\n\r\n- [ ] Any text added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n-
[
]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas
added for features that require explanation or tutorials\r\n- [ ] Any UI
touched in this PR is usable by keyboard only (learn more\r\nabout
[keyboard
accessibility](https://webaim.org/techniques/keyboard/))\r\n\r\n### For
maintainers\r\n\r\n- [ ] This was checked for breaking API changes and
was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)\r\n-
[ ] This will appear in the **Release Notes** and follow
the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by:
Nastasha Solomon
<[email protected]>\r\nCo-authored-by:
Dmitrii
<[email protected]>","sha":"99160f52d6a2e0ad4698ca8e5ac40316ebb733c9","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection Rule
Management","ui-copy","Feature:Prebuilt Detection
Rules","backport:version","v8.17.0"],"number":196776,"url":"https://github.com/elastic/kibana/pull/196776","mergeCommit":{"message":"[Security
Solution] Rule Updates in bulk with conflicts (#196776)\n\nResolves:
https://github.com/elastic/kibana/issues/180589\r\n\r\n##
Summary\r\n\r\n- Handles bulk updating of rules with conflicts in the
Rule Upgrades\r\ntable. See detailed requirements implemented in ticket
linked above.\r\n- Changes default `pick_version` of both the
`/upgrade/_perform`\r\nendpoint, and of the request payloads for that
endpoint from the\r\nfrontend, from `TARGET` to `MERGED`, when
the\r\n`isPrebuiltRulesCustomizationEnabled` is `true`.\r\n- **Also:**
handles issue in `/upgrade/_perform` endpoint with the\r\n`index` and
`data_view_id` fields. See
file:\r\n`x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/diffable_rule_fields_mappings.ts`.\r\n\r\n**See
demo
video:**\r\nhttps://www.loom.com/share/90d94d2a8f16442b9a43a425eeab6697\r\n\r\n**New
copy in warning modal**\r\n<img width=\"1660\"
alt=\"image\"\r\nsrc=\"https://github.com/user-attachments/assets/85632192-142a-4e12-b396-1eb2320ca3f4\">\r\n\r\n**Newly
added tooltips:**
\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/7ada117e-57a7-4699-ad08-312c734586d9)\r\n\r\n![image](https://github.com/user-attachments/assets/c8ed80ac-c1c3-48f1-8f8e-2433415a6772)\r\n\r\n![image](https://github.com/user-attachments/assets/d77ed6f0-5d65-4933-9012-f6cd153a9350)\r\n\r\n\r\n###
Checklist\r\n\r\nDelete any items that are not applicable to this
PR.\r\n\r\n- [ ] Any text added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n-
[
]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas
added for features that require explanation or tutorials\r\n- [ ] Any UI
touched in this PR is usable by keyboard only (learn more\r\nabout
[keyboard
accessibility](https://webaim.org/techniques/keyboard/))\r\n\r\n### For
maintainers\r\n\r\n- [ ] This was checked for breaking API changes and
was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)\r\n-
[ ] This will appear in the **Release Notes** and follow
the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by:
Nastasha Solomon
<[email protected]>\r\nCo-authored-by:
Dmitrii
<[email protected]>","sha":"99160f52d6a2e0ad4698ca8e5ac40316ebb733c9"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/196776","number":196776,"mergeCommit":{"message":"[Security
Solution] Rule Updates in bulk with conflicts (#196776)\n\nResolves:
https://github.com/elastic/kibana/issues/180589\r\n\r\n##
Summary\r\n\r\n- Handles bulk updating of rules with conflicts in the
Rule Upgrades\r\ntable. See detailed requirements implemented in ticket
linked above.\r\n- Changes default `pick_version` of both the
`/upgrade/_perform`\r\nendpoint, and of the request payloads for that
endpoint from the\r\nfrontend, from `TARGET` to `MERGED`, when
the\r\n`isPrebuiltRulesCustomizationEnabled` is `true`.\r\n- **Also:**
handles issue in `/upgrade/_perform` endpoint with the\r\n`index` and
`data_view_id` fields. See
file:\r\n`x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/diffable_rule_fields_mappings.ts`.\r\n\r\n**See
demo
video:**\r\nhttps://www.loom.com/share/90d94d2a8f16442b9a43a425eeab6697\r\n\r\n**New
copy in warning modal**\r\n<img width=\"1660\"
alt=\"image\"\r\nsrc=\"https://github.com/user-attachments/assets/85632192-142a-4e12-b396-1eb2320ca3f4\">\r\n\r\n**Newly
added tooltips:**
\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/7ada117e-57a7-4699-ad08-312c734586d9)\r\n\r\n![image](https://github.com/user-attachments/assets/c8ed80ac-c1c3-48f1-8f8e-2433415a6772)\r\n\r\n![image](https://github.com/user-attachments/assets/d77ed6f0-5d65-4933-9012-f6cd153a9350)\r\n\r\n\r\n###
Checklist\r\n\r\nDelete any items that are not applicable to this
PR.\r\n\r\n- [ ] Any text added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n-
[
]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas
added for features that require explanation or tutorials\r\n- [ ] Any UI
touched in this PR is usable by keyboard only (learn more\r\nabout
[keyboard
accessibility](https://webaim.org/techniques/keyboard/))\r\n\r\n### For
maintainers\r\n\r\n- [ ] This was checked for breaking API changes and
was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)\r\n-
[ ] This will appear in the **Release Notes** and follow
the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by:
Nastasha Solomon
<[email protected]>\r\nCo-authored-by:
Dmitrii
<[email protected]>","sha":"99160f52d6a2e0ad4698ca8e5ac40316ebb733c9"}},{"branch":"8.x","label":"v8.17.0","labelRegex":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Juan Pablo Djeredjian <[email protected]>
tkajtoch pushed a commit to tkajtoch/kibana that referenced this pull request Nov 12, 2024
Resolves: elastic#180589

## Summary

- Handles bulk updating of rules with conflicts in the Rule Upgrades
table. See detailed requirements implemented in ticket linked above.
- Changes default `pick_version` of both the `/upgrade/_perform`
endpoint, and of the request payloads for that endpoint from the
frontend, from `TARGET` to `MERGED`, when the
`isPrebuiltRulesCustomizationEnabled` is `true`.
- **Also:** handles issue in `/upgrade/_perform` endpoint with the
`index` and `data_view_id` fields. See file:
`x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/diffable_rule_fields_mappings.ts`.

**See demo video:**
https://www.loom.com/share/90d94d2a8f16442b9a43a425eeab6697

**New copy in warning modal**
<img width="1660" alt="image"
src="https://github.com/user-attachments/assets/85632192-142a-4e12-b396-1eb2320ca3f4">

**Newly added tooltips:** 


![image](https://github.com/user-attachments/assets/7ada117e-57a7-4699-ad08-312c734586d9)

![image](https://github.com/user-attachments/assets/c8ed80ac-c1c3-48f1-8f8e-2433415a6772)

![image](https://github.com/user-attachments/assets/d77ed6f0-5d65-4933-9012-f6cd153a9350)


### Checklist

Delete any items that are not applicable to this PR.

- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))

### For maintainers

- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)
- [ ] This will appear in the **Release Notes** and follow the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

---------

Co-authored-by: Nastasha Solomon <[email protected]>
Co-authored-by: Dmitrii <[email protected]>
CAWilson94 pushed a commit to CAWilson94/kibana that referenced this pull request Nov 18, 2024
Resolves: elastic#180589

## Summary

- Handles bulk updating of rules with conflicts in the Rule Upgrades
table. See detailed requirements implemented in ticket linked above.
- Changes default `pick_version` of both the `/upgrade/_perform`
endpoint, and of the request payloads for that endpoint from the
frontend, from `TARGET` to `MERGED`, when the
`isPrebuiltRulesCustomizationEnabled` is `true`.
- **Also:** handles issue in `/upgrade/_perform` endpoint with the
`index` and `data_view_id` fields. See file:
`x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/diffable_rule_fields_mappings.ts`.

**See demo video:**
https://www.loom.com/share/90d94d2a8f16442b9a43a425eeab6697

**New copy in warning modal**
<img width="1660" alt="image"
src="https://github.com/user-attachments/assets/85632192-142a-4e12-b396-1eb2320ca3f4">

**Newly added tooltips:** 


![image](https://github.com/user-attachments/assets/7ada117e-57a7-4699-ad08-312c734586d9)

![image](https://github.com/user-attachments/assets/c8ed80ac-c1c3-48f1-8f8e-2433415a6772)

![image](https://github.com/user-attachments/assets/d77ed6f0-5d65-4933-9012-f6cd153a9350)


### Checklist

Delete any items that are not applicable to this PR.

- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))

### For maintainers

- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)
- [ ] This will appear in the **Release Notes** and follow the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

---------

Co-authored-by: Nastasha Solomon <[email protected]>
Co-authored-by: Dmitrii <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport:version Backport to applied version labels Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area release_note:skip Skip the PR/issue when compiling release notes Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. ui-copy Review of UI copy with docs team is recommended v8.17.0 v9.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Security Solution] Handle conflicting rules in the Rule Upgrade table
8 participants