Skip to content

Commit

Permalink
[Cases] Case action (#168369)
Browse files Browse the repository at this point in the history
## Summary

Depends on: #166267,
#170326,
#169484,
#173740,
#173763,
#178068,
#178307,
#178600,
#180437

PRs:
- #168370
- #169229
- #171754
- #172709
- #173012
- #175107
- #175452
- #175505
- #177033
- #178277
- #177139
- #179796

Fixes: #153837

## Testing

Run Kibana with `--run-examples` if you want to use the "Always firing"
rule.

Create a rule with a case action in observability and the stack. The
security solution is not supported. You should not be able to assign a
case action in a security solution rule.

1. Test the "Reopen closed cases" configuration.
2. Test the "Grouping by" configuration. Only one field is allowed. Not
all fields are persisted in alerts. If you select a field not part of
the alert the case action will create a case where the grouping value is
set to `unknow`.
3. Test the "Time window" feature. You can comment out the validation to
test for shorter times.
4. Verify that the case action is experimental.
5. Verify that based on the rule type the case is created in the correct
solution.
6. Verify that you cannot create a rule with the case action on the
basic license.
7. Verify that the execution of the case action fails if you do not have
permission for cases. Pending work on the system actions framework level
to not allow users to create rules with system actions where they do not
have permission.
8. Stress test the case action by creating multiple rules.

### Checklist

Delete any items that are not applicable to this PR.

- [x]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

### For maintainers

- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

## Release notes

Automatically create cases when an alert is triggered.

---------

Co-authored-by: kibanamachine <[email protected]>
Co-authored-by: adcoelho <[email protected]>
Co-authored-by: Janki Salvi <[email protected]>
  • Loading branch information
4 people authored Apr 12, 2024
1 parent c837518 commit b735d8c
Show file tree
Hide file tree
Showing 106 changed files with 11,496 additions and 199 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,7 @@ export const HASH_TO_VERSION_MAP = {
'cases-comments|93535d41ca0279a4a2e5d08acd3f28e3': '10.0.0',
'cases-configure|c124bd0be4c139d0f0f91fb9eeca8e37': '10.0.0',
'cases-connector-mappings|a98c33813f364f0b068e8c592ac6ef6d': '10.0.0',
'cases-rules|1cb4b03690489e07aa86f283dcea5ce1': '10.0.0',
'cases-telemetry|3d1b76c39bfb2cc8296b024d73854724': '10.0.0',
'cases-user-actions|07a6651cf37853dd5d64bfb2c796e102': '10.0.0',
'cases|8f7dc53b17c272ea19f831537daa082d': '10.1.0',
Expand Down
7 changes: 7 additions & 0 deletions packages/kbn-check-mappings-update-cli/current_fields.json
Original file line number Diff line number Diff line change
Expand Up @@ -195,6 +195,13 @@
"cases-connector-mappings": [
"owner"
],
"cases-rules": [
"counter",
"createdAt",
"rules",
"rules.id",
"updatedAt"
],
"cases-telemetry": [],
"cases-user-actions": [
"action",
Expand Down
27 changes: 24 additions & 3 deletions packages/kbn-check-mappings-update-cli/current_mappings.json
Original file line number Diff line number Diff line change
Expand Up @@ -669,6 +669,27 @@
}
}
},
"cases-rules": {
"dynamic": false,
"properties": {
"counter": {
"type": "unsigned_long"
},
"createdAt": {
"type": "date"
},
"rules": {
"properties": {
"id": {
"type": "keyword"
}
}
},
"updatedAt": {
"type": "date"
}
}
},
"cases-telemetry": {
"dynamic": false,
"properties": {}
Expand Down Expand Up @@ -1568,11 +1589,11 @@
"assetType": {
"type": "keyword"
},
"dashboardSavedObjectId": {
"type": "keyword"
},
"dashboardFilterAssetIdEnabled": {
"type": "boolean"
},
"dashboardSavedObjectId": {
"type": "keyword"
}
}
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@ describe('checking migration metadata changes on all registered SO types', () =>
"cases-comments": "5cb0a421588831c2a950e50f486048b8aabbae25",
"cases-configure": "44ed7b8e0f44df39516b8870589b89e32224d2bf",
"cases-connector-mappings": "f9d1ac57e484e69506c36a8051e4d61f4a8cfd25",
"cases-rules": "6d1776f5c46a99e1a0f3085c537146c1cdfbc829",
"cases-telemetry": "f219eb7e26772884342487fc9602cfea07b3cedc",
"cases-user-actions": "483f10db9b3bd1617948d7032a98b7791bf87414",
"cloud-security-posture-settings": "e0f61c68bbb5e4cfa46ce8994fa001e417df51ca",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ const previouslyRegisteredTypes = [
'cases-comments',
'cases-configure',
'cases-connector-mappings',
'cases-rules',
'cases-sub-case',
'cases-user-actions',
'cases-telemetry',
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -195,6 +195,7 @@ describe('split .kibana index into multiple system indices', () => {
"cases-comments",
"cases-configure",
"cases-connector-mappings",
"cases-rules",
"cases-telemetry",
"cases-user-actions",
"cloud-security-posture-settings",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ describe('createSystemConnectors', () => {
{
id: 'system-connector-system-action-type-2',
actionTypeId: 'system-action-type-2',
name: 'System action: system-action-type-2',
name: 'My system action type',
secrets: {},
config: {},
isDeprecated: false,
Expand Down
2 changes: 1 addition & 1 deletion x-pack/plugins/actions/server/create_system_actions.ts
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ export const createSystemConnectors = (actionTypes: ActionType[]): InMemoryConne
const systemConnectors: InMemoryConnector[] = systemActionTypes.map((systemActionType) => ({
id: `system-connector-${systemActionType.id}`,
actionTypeId: systemActionType.id,
name: `System action: ${systemActionType.id}`,
name: systemActionType.name,
isMissingSecrets: false,
config: {},
secrets: {},
Expand Down
Loading

0 comments on commit b735d8c

Please sign in to comment.