Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] Add custom highlighted fields through the bulk edit feature #164301

Closed
mbudge opened this issue Aug 21, 2023 · 4 comments · Fixed by #179312
Closed

[Security Solution] Add custom highlighted fields through the bulk edit feature #164301

mbudge opened this issue Aug 21, 2023 · 4 comments · Fixed by #179312
Assignees
Labels
8.15 candidate enhancement New value added to drive a business result Feature:Rule Management Security Solution Detection Rule Management area Team:Detection Engine Security Solution Detection Engine Area Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.

Comments

@mbudge
Copy link

mbudge commented Aug 21, 2023

In reference to [Detection Engine][Rules] - Adds custom highlighted fields option #163235 it would be good if we could add custom highlighted fields through the bulk edit feature, or set default highlighted fields in Advanced Settings or Security > Manage. The reason is it will be very time consuming to add/edit custom highlighted fields on mass.

When we update the elastic rules we have to delete the existing rules, then reimport the new rules. The bulk edit feature would make it easier to do this quickly. If there's no way to add custom highlighted fields, I wouldn't think we'd be able to use custom highlighted fields as they would be too time consuming to maintain. That would be a shame as it sounds like a good feature. Adding the event object fields will make the security alerts easier to triage i.e event.category, event.action, event.outcome etc

@botelastic botelastic bot added the needs-team Issues missing a team label label Aug 21, 2023
@peluja1012 peluja1012 added enhancement New value added to drive a business result Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Detection Rule Management Security Detection Rule Management Team labels Aug 31, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@botelastic botelastic bot removed the needs-team Issues missing a team label label Aug 31, 2023
@peluja1012 peluja1012 added the needs-team Issues missing a team label label Aug 31, 2023
@botelastic botelastic bot removed the needs-team Issues missing a team label label Aug 31, 2023
@mbudge
Copy link
Author

mbudge commented Nov 11, 2023

Or set default custom highlighted fields in Advanced Settings.

@banderror banderror changed the title Add custom highlighted fields through the bulk edit feature [Security Solution] Add custom highlighted fields through the bulk edit feature Apr 16, 2024
@banderror banderror added Team:Detections and Resp Security Detection Response Team Feature:Rule Management Security Solution Detection Rule Management area Team:Detection Engine Security Solution Detection Engine Area 8.15 candidate labels Apr 16, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-engine (Team:Detection Engine)

e40pud added a commit that referenced this issue May 2, 2024
)

**Resolves: #164301
**Resolves: elastic/security-team#8958

## Summary

With these changes we introduce a new feature - Bulk custom highlighted
fields update. It works similarly to bulk tags and indices update.

Here is the overview of the work that has been done:


https://github.com/elastic/kibana/assets/2700761/b1ba6670-9984-43c9-9f1e-e18a2b7f071f

### Checklist

Delete any items that are not applicable to this PR.

- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
  - [ ] elastic/security-docs#5090
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [ ] [ESS 100
times](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5834)
- [ ] [Serverless 100
times](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5835)

---------

Co-authored-by: Kibana Machine <[email protected]>
Co-authored-by: Devin W. Hurley <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
8.15 candidate enhancement New value added to drive a business result Feature:Rule Management Security Solution Detection Rule Management area Team:Detection Engine Security Solution Detection Engine Area Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

5 participants