Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[8.x] [Security Solution] Integrate Prebuilt Rules Customization UI with the `_perform` upgrade API (#199761) #200193

Merged
merged 1 commit into from
Nov 14, 2024

Conversation

kibanamachine
Copy link
Contributor

Backport

This will backport the following commits from main to 8.x:

Questions ?

Please refer to the Backport tool documentation

…e `_perform` upgrade API (elastic#199761)

**Partially addresses:** elastic#171520

## Summary

This PR integrates Prebuilt Rules Customization UI functionality with
the `/internal/detection_engine/prebuilt_rules/upgrade/_perform`
Prebuilt Rules Customization upgrade API.

> [!CAUTION]
> This PR doesn't handle rule type changes. Prebuilt rule updates with
rule type change consider having a NON SOLVABLE conflict and won't be
upgraded neither individually nor in bulk. Addressing that task requires
UI and functional changes and will be addressed in a separate PR.

## Details

## How to test

- Clear Elasticsearch data
- Run Elasticsearch and Kibana locally (do not open Kibana in a web
browser)
- Install an outdated version of the `security_detection_engine` Fleet
package
   ```bash
curl -X POST --user elastic:changeme -H 'Content-Type: application/json'
-H 'kbn-xsrf: 123' -H "elastic-api-version: 2023-10-31" -d
'{"force":true}'
http://localhost:5601/kbn/api/fleet/epm/packages/security_detection_engine/8.14.1
   ```
- Install prebuilt rules
   ```bash
curl -X POST --user elastic:changeme -H 'Content-Type: application/json'
-H 'kbn-xsrf: 123' -H "elastic-api-version: 1" -d '{"mode":"ALL_RULES"}'
http://localhost:5601/kbn/internal/detection_engine/prebuilt_rules/installation/_perform
   ```
- Open `Detection Rules (SIEM)` Page -> `Rule Updates`
- [ ] Check update functionality in a flyout
  - Pick a rule
  - Click on rule's name
  - Make changes to fields in incoming rule updates updates
  - Save field(s) changes
  -  Press the `Update` button
- [ ] Check table row rule update
  - Pick a rule
  - Click on rule's name
  - Make changes to fields in incoming rule updates updates
  - Save field(s) changes
  - Close the flyout
  -  Press the `Update rule` button in the rule's table row
- [ ] Check bulk rule update
  - Pick a few rules and for each of them do the next steps
  - Click on rule's name
  - Make changes to fields in incoming rule updates updates
  - Save field(s) changes
  - Close the flyout
  -  After press the `Update All` button on the page
- [ ] Check selected rules bulk update
  - Pick a few rules and for each of them do the next steps
  - Click on rule's name
  - Make changes to fields in incoming rule updates updates
  - Save field(s) changes
  - Close the flyout
  -  After select the modified rule updates
  -  Press the `Update N selected rule(s)` button on the page

Co-authored-by: Dmitrii Shevchenko <[email protected]>
(cherry picked from commit 1862b59)
@kibanamachine kibanamachine merged commit 63b2b6f into elastic:8.x Nov 14, 2024
36 checks passed
@elasticmachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 13.4MB 13.4MB +158.0B

cc @maximpn

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants