Skip to content

Commit

Permalink
[EDR Workflows] Enable automated response actions UI in all rules (el…
Browse files Browse the repository at this point in the history
  • Loading branch information
tomsonpl authored Oct 15, 2024
1 parent d87a38f commit 7b9ff3d
Show file tree
Hide file tree
Showing 6 changed files with 6 additions and 50 deletions.
13 changes: 0 additions & 13 deletions x-pack/plugins/security_solution/common/detection_engine/utils.ts
Original file line number Diff line number Diff line change
Expand Up @@ -93,16 +93,3 @@ export const isSuppressionRuleConfiguredWithMissingFields = (ruleType: Type) =>
export const isSuppressionRuleInGA = (ruleType: Type): boolean => {
return isSuppressibleAlertRule(ruleType) && SUPPRESSIBLE_ALERT_RULES_GA.includes(ruleType);
};
export const shouldShowResponseActions = (
ruleType: Type | undefined,
automatedResponseActionsForAllRulesEnabled: boolean
) => {
return (
isQueryRule(ruleType) ||
isEsqlRule(ruleType) ||
isEqlRule(ruleType) ||
isNewTermsRule(ruleType) ||
(automatedResponseActionsForAllRulesEnabled &&
(isThresholdRule(ruleType) || isThreatMatchRule(ruleType) || isMlRule(ruleType)))
);
};
Original file line number Diff line number Diff line change
Expand Up @@ -52,11 +52,6 @@ export const allowedExperimentalValues = Object.freeze({
*/
automatedProcessActionsEnabled: true,

/**
* Temporary feature flag to enable the Response Actions in Rules UI - intermediate release
*/
automatedResponseActionsForAllRulesEnabled: false,

/**
* Enables the ability to send Response actions to SentinelOne and persist the results
* in ES. Adds API changes to support `agentType` and supports `isolate` and `release`
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,6 @@ import type {
ActionVariables,
} from '@kbn/triggers-actions-ui-plugin/public';
import { UseArray } from '@kbn/es-ui-shared-plugin/static/forms/hook_form_lib';
import type { Type } from '@kbn/securitysolution-io-ts-alerting-types';
import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
import { shouldShowResponseActions } from '../../../../../common/detection_engine/utils';
import type { RuleObjectId } from '../../../../../common/api/detection_engine/model/rule_schema';
import { ResponseActionsForm } from '../../../rule_response_actions/response_actions_form';
import type {
Expand All @@ -40,7 +37,6 @@ interface StepRuleActionsProps extends RuleStepProps {
ruleId?: RuleObjectId; // Rule SO's id (not ruleId)
actionMessageParams: ActionVariables;
summaryActionMessageParams: ActionVariables;
ruleType?: Type;
form: FormHook<ActionsStepRule>;
}

Expand Down Expand Up @@ -79,15 +75,11 @@ const StepRuleActionsComponent: FC<StepRuleActionsProps> = ({
isUpdateView = false,
actionMessageParams,
summaryActionMessageParams,
ruleType,
form,
}) => {
const {
services: { application },
} = useKibana();
const automatedResponseActionsForAllRulesEnabled = useIsExperimentalFeatureEnabled(
'automatedResponseActionsForAllRulesEnabled'
);
const displayActionsOptions = useMemo(
() => (
<>
Expand All @@ -105,15 +97,12 @@ const StepRuleActionsComponent: FC<StepRuleActionsProps> = ({
[actionMessageParams, summaryActionMessageParams]
);
const displayResponseActionsOptions = useMemo(() => {
if (shouldShowResponseActions(ruleType, automatedResponseActionsForAllRulesEnabled)) {
return (
<UseArray path="responseActions" initialNumberOfItems={0}>
{ResponseActionsForm}
</UseArray>
);
}
return null;
}, [automatedResponseActionsForAllRulesEnabled, ruleType]);
return (
<UseArray path="responseActions" initialNumberOfItems={0}>
{ResponseActionsForm}
</UseArray>
);
}, []);
// only display the actions dropdown if the user has "read" privileges for actions
const displayActionsDropDown = useMemo(() => {
return application.capabilities.actions.show ? (
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -789,7 +789,6 @@ const CreateRulePageComponent: React.FC = () => {
isLoading={isCreateRuleLoading || loading || isStartingJobs}
actionMessageParams={actionMessageParams}
summaryActionMessageParams={actionMessageParams}
ruleType={ruleType}
form={actionsStepForm}
/>

Expand Down Expand Up @@ -841,7 +840,6 @@ const CreateRulePageComponent: React.FC = () => {
isCreateRuleLoading,
isStartingJobs,
loading,
ruleType,
submitRuleDisabled,
submitRuleEnabled,
]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -348,7 +348,6 @@ const EditRulePageComponent: FC<{ rule: RuleResponse }> = ({ rule }) => {
isUpdateView
actionMessageParams={actionMessageParams}
summaryActionMessageParams={actionMessageParams}
ruleType={rule?.type}
form={actionsStepForm}
key="actionsStep"
/>
Expand All @@ -362,7 +361,6 @@ const EditRulePageComponent: FC<{ rule: RuleResponse }> = ({ rule }) => {
[
rule?.immutable,
rule?.id,
rule?.type,
activeStep,
loading,
isSavedQueryLoading,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@
import type { PartialRule } from '@kbn/alerting-plugin/server';
import { isEqual, xorWith } from 'lodash';
import { stringifyZodError } from '@kbn/zod-helpers';
import { shouldShowResponseActions } from '../../../../../common/detection_engine/utils';
import {
type ResponseAction,
type RuleCreateProps,
Expand Down Expand Up @@ -59,16 +58,6 @@ export const validateResponseActionsPermissions = async (
ruleUpdate: RuleCreateProps | RuleUpdateProps,
existingRule?: RuleAlertType | null
): Promise<void> => {
const { experimentalFeatures } = await securitySolution.getConfig();
if (
!shouldShowResponseActions(
ruleUpdate.type,
experimentalFeatures.automatedResponseActionsForAllRulesEnabled
)
) {
return;
}

if (
!rulePayloadContainsResponseActions(ruleUpdate) ||
(existingRule && !ruleObjectContainsResponseActions(existingRule))
Expand Down

0 comments on commit 7b9ff3d

Please sign in to comment.