Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[8.x] [Security Solution] Integrate Prebuilt Rules Customization UI w…
…ith the `_perform` upgrade API (elastic#199761) (elastic#200193) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] Integrate Prebuilt Rules Customization UI with the `_perform` upgrade API (elastic#199761)](elastic#199761) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Maxim Palenov","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-14T14:13:20Z","message":"[Security Solution] Integrate Prebuilt Rules Customization UI with the `_perform` upgrade API (elastic#199761)\n\n**Partially addresses:** https://github.com/elastic/kibana/issues/171520\r\n\r\n## Summary\r\n\r\nThis PR integrates Prebuilt Rules Customization UI functionality with\r\nthe `/internal/detection_engine/prebuilt_rules/upgrade/_perform`\r\nPrebuilt Rules Customization upgrade API.\r\n\r\n> [!CAUTION]\r\n> This PR doesn't handle rule type changes. Prebuilt rule updates with\r\nrule type change consider having a NON SOLVABLE conflict and won't be\r\nupgraded neither individually nor in bulk. Addressing that task requires\r\nUI and functional changes and will be addressed in a separate PR.\r\n\r\n## Details\r\n\r\n\r\n## How to test\r\n\r\n- Clear Elasticsearch data\r\n- Run Elasticsearch and Kibana locally (do not open Kibana in a web\r\nbrowser)\r\n- Install an outdated version of the `security_detection_engine` Fleet\r\npackage\r\n ```bash\r\ncurl -X POST --user elastic:changeme -H 'Content-Type: application/json'\r\n-H 'kbn-xsrf: 123' -H \"elastic-api-version: 2023-10-31\" -d\r\n'{\"force\":true}'\r\nhttp://localhost:5601/kbn/api/fleet/epm/packages/security_detection_engine/8.14.1\r\n ```\r\n- Install prebuilt rules\r\n ```bash\r\ncurl -X POST --user elastic:changeme -H 'Content-Type: application/json'\r\n-H 'kbn-xsrf: 123' -H \"elastic-api-version: 1\" -d '{\"mode\":\"ALL_RULES\"}'\r\nhttp://localhost:5601/kbn/internal/detection_engine/prebuilt_rules/installation/_perform\r\n ```\r\n- Open `Detection Rules (SIEM)` Page -> `Rule Updates`\r\n- [ ] Check update functionality in a flyout\r\n - Pick a rule\r\n - Click on rule's name\r\n - Make changes to fields in incoming rule updates updates\r\n - Save field(s) changes\r\n - Press the `Update` button\r\n- [ ] Check table row rule update\r\n - Pick a rule\r\n - Click on rule's name\r\n - Make changes to fields in incoming rule updates updates\r\n - Save field(s) changes\r\n - Close the flyout\r\n - Press the `Update rule` button in the rule's table row\r\n- [ ] Check bulk rule update\r\n - Pick a few rules and for each of them do the next steps\r\n - Click on rule's name\r\n - Make changes to fields in incoming rule updates updates\r\n - Save field(s) changes\r\n - Close the flyout\r\n - After press the `Update All` button on the page\r\n- [ ] Check selected rules bulk update\r\n - Pick a few rules and for each of them do the next steps\r\n - Click on rule's name\r\n - Make changes to fields in incoming rule updates updates\r\n - Save field(s) changes\r\n - Close the flyout\r\n - After select the modified rule updates\r\n - Press the `Update N selected rule(s)` button on the page\r\n\r\nCo-authored-by: Dmitrii Shevchenko <[email protected]>","sha":"1862b5914786a207238c650465c3d6b3f04ab172","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v8.17.0"],"title":"[Security Solution] Integrate Prebuilt Rules Customization UI with the `_perform` upgrade API","number":199761,"url":"https://github.com/elastic/kibana/pull/199761","mergeCommit":{"message":"[Security Solution] Integrate Prebuilt Rules Customization UI with the `_perform` upgrade API (elastic#199761)\n\n**Partially addresses:** https://github.com/elastic/kibana/issues/171520\r\n\r\n## Summary\r\n\r\nThis PR integrates Prebuilt Rules Customization UI functionality with\r\nthe `/internal/detection_engine/prebuilt_rules/upgrade/_perform`\r\nPrebuilt Rules Customization upgrade API.\r\n\r\n> [!CAUTION]\r\n> This PR doesn't handle rule type changes. Prebuilt rule updates with\r\nrule type change consider having a NON SOLVABLE conflict and won't be\r\nupgraded neither individually nor in bulk. Addressing that task requires\r\nUI and functional changes and will be addressed in a separate PR.\r\n\r\n## Details\r\n\r\n\r\n## How to test\r\n\r\n- Clear Elasticsearch data\r\n- Run Elasticsearch and Kibana locally (do not open Kibana in a web\r\nbrowser)\r\n- Install an outdated version of the `security_detection_engine` Fleet\r\npackage\r\n ```bash\r\ncurl -X POST --user elastic:changeme -H 'Content-Type: application/json'\r\n-H 'kbn-xsrf: 123' -H \"elastic-api-version: 2023-10-31\" -d\r\n'{\"force\":true}'\r\nhttp://localhost:5601/kbn/api/fleet/epm/packages/security_detection_engine/8.14.1\r\n ```\r\n- Install prebuilt rules\r\n ```bash\r\ncurl -X POST --user elastic:changeme -H 'Content-Type: application/json'\r\n-H 'kbn-xsrf: 123' -H \"elastic-api-version: 1\" -d '{\"mode\":\"ALL_RULES\"}'\r\nhttp://localhost:5601/kbn/internal/detection_engine/prebuilt_rules/installation/_perform\r\n ```\r\n- Open `Detection Rules (SIEM)` Page -> `Rule Updates`\r\n- [ ] Check update functionality in a flyout\r\n - Pick a rule\r\n - Click on rule's name\r\n - Make changes to fields in incoming rule updates updates\r\n - Save field(s) changes\r\n - Press the `Update` button\r\n- [ ] Check table row rule update\r\n - Pick a rule\r\n - Click on rule's name\r\n - Make changes to fields in incoming rule updates updates\r\n - Save field(s) changes\r\n - Close the flyout\r\n - Press the `Update rule` button in the rule's table row\r\n- [ ] Check bulk rule update\r\n - Pick a few rules and for each of them do the next steps\r\n - Click on rule's name\r\n - Make changes to fields in incoming rule updates updates\r\n - Save field(s) changes\r\n - Close the flyout\r\n - After press the `Update All` button on the page\r\n- [ ] Check selected rules bulk update\r\n - Pick a few rules and for each of them do the next steps\r\n - Click on rule's name\r\n - Make changes to fields in incoming rule updates updates\r\n - Save field(s) changes\r\n - Close the flyout\r\n - After select the modified rule updates\r\n - Press the `Update N selected rule(s)` button on the page\r\n\r\nCo-authored-by: Dmitrii Shevchenko <[email protected]>","sha":"1862b5914786a207238c650465c3d6b3f04ab172"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/199761","number":199761,"mergeCommit":{"message":"[Security Solution] Integrate Prebuilt Rules Customization UI with the `_perform` upgrade API (elastic#199761)\n\n**Partially addresses:** https://github.com/elastic/kibana/issues/171520\r\n\r\n## Summary\r\n\r\nThis PR integrates Prebuilt Rules Customization UI functionality with\r\nthe `/internal/detection_engine/prebuilt_rules/upgrade/_perform`\r\nPrebuilt Rules Customization upgrade API.\r\n\r\n> [!CAUTION]\r\n> This PR doesn't handle rule type changes. Prebuilt rule updates with\r\nrule type change consider having a NON SOLVABLE conflict and won't be\r\nupgraded neither individually nor in bulk. Addressing that task requires\r\nUI and functional changes and will be addressed in a separate PR.\r\n\r\n## Details\r\n\r\n\r\n## How to test\r\n\r\n- Clear Elasticsearch data\r\n- Run Elasticsearch and Kibana locally (do not open Kibana in a web\r\nbrowser)\r\n- Install an outdated version of the `security_detection_engine` Fleet\r\npackage\r\n ```bash\r\ncurl -X POST --user elastic:changeme -H 'Content-Type: application/json'\r\n-H 'kbn-xsrf: 123' -H \"elastic-api-version: 2023-10-31\" -d\r\n'{\"force\":true}'\r\nhttp://localhost:5601/kbn/api/fleet/epm/packages/security_detection_engine/8.14.1\r\n ```\r\n- Install prebuilt rules\r\n ```bash\r\ncurl -X POST --user elastic:changeme -H 'Content-Type: application/json'\r\n-H 'kbn-xsrf: 123' -H \"elastic-api-version: 1\" -d '{\"mode\":\"ALL_RULES\"}'\r\nhttp://localhost:5601/kbn/internal/detection_engine/prebuilt_rules/installation/_perform\r\n ```\r\n- Open `Detection Rules (SIEM)` Page -> `Rule Updates`\r\n- [ ] Check update functionality in a flyout\r\n - Pick a rule\r\n - Click on rule's name\r\n - Make changes to fields in incoming rule updates updates\r\n - Save field(s) changes\r\n - Press the `Update` button\r\n- [ ] Check table row rule update\r\n - Pick a rule\r\n - Click on rule's name\r\n - Make changes to fields in incoming rule updates updates\r\n - Save field(s) changes\r\n - Close the flyout\r\n - Press the `Update rule` button in the rule's table row\r\n- [ ] Check bulk rule update\r\n - Pick a few rules and for each of them do the next steps\r\n - Click on rule's name\r\n - Make changes to fields in incoming rule updates updates\r\n - Save field(s) changes\r\n - Close the flyout\r\n - After press the `Update All` button on the page\r\n- [ ] Check selected rules bulk update\r\n - Pick a few rules and for each of them do the next steps\r\n - Click on rule's name\r\n - Make changes to fields in incoming rule updates updates\r\n - Save field(s) changes\r\n - Close the flyout\r\n - After select the modified rule updates\r\n - Press the `Update N selected rule(s)` button on the page\r\n\r\nCo-authored-by: Dmitrii Shevchenko <[email protected]>","sha":"1862b5914786a207238c650465c3d6b3f04ab172"}},{"branch":"8.x","label":"v8.17.0","branchLabelMappingKey":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Maxim Palenov <[email protected]>
- Loading branch information