-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Add custom highlighted fields through the bulk edit feature #164301
Labels
8.15 candidate
enhancement
New value added to drive a business result
Feature:Rule Management
Security Solution Detection Rule Management area
Team:Detection Engine
Security Solution Detection Engine Area
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Comments
8 tasks
peluja1012
added
enhancement
New value added to drive a business result
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Team:Detection Rule Management
Security Detection Rule Management Team
labels
Aug 31, 2023
Pinging @elastic/security-solution (Team: SecuritySolution) |
Or set default custom highlighted fields in Advanced Settings. |
e40pud
added a commit
to e40pud/kibana
that referenced
this issue
Mar 24, 2024
7 tasks
5 tasks
banderror
changed the title
Add custom highlighted fields through the bulk edit feature
[Security Solution] Add custom highlighted fields through the bulk edit feature
Apr 16, 2024
banderror
added
Team:Detections and Resp
Security Detection Response Team
Feature:Rule Management
Security Solution Detection Rule Management area
Team:Detection Engine
Security Solution Detection Engine Area
8.15 candidate
labels
Apr 16, 2024
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
Pinging @elastic/security-detection-engine (Team:Detection Engine) |
e40pud
added a commit
that referenced
this issue
May 2, 2024
) **Resolves: #164301 **Resolves: elastic/security-team#8958 ## Summary With these changes we introduce a new feature - Bulk custom highlighted fields update. It works similarly to bulk tags and indices update. Here is the overview of the work that has been done: https://github.com/elastic/kibana/assets/2700761/b1ba6670-9984-43c9-9f1e-e18a2b7f071f ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] elastic/security-docs#5090 - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] [ESS 100 times](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5834) - [ ] [Serverless 100 times](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5835) --------- Co-authored-by: Kibana Machine <[email protected]> Co-authored-by: Devin W. Hurley <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
8.15 candidate
enhancement
New value added to drive a business result
Feature:Rule Management
Security Solution Detection Rule Management area
Team:Detection Engine
Security Solution Detection Engine Area
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
In reference to [Detection Engine][Rules] - Adds custom highlighted fields option #163235 it would be good if we could add custom highlighted fields through the bulk edit feature, or set default highlighted fields in Advanced Settings or Security > Manage. The reason is it will be very time consuming to add/edit custom highlighted fields on mass.
When we update the elastic rules we have to delete the existing rules, then reimport the new rules. The bulk edit feature would make it easier to do this quickly. If there's no way to add custom highlighted fields, I wouldn't think we'd be able to use custom highlighted fields as they would be too time consuming to maintain. That would be a shame as it sounds like a good feature. Adding the event object fields will make the security alerts easier to triage i.e event.category, event.action, event.outcome etc
The text was updated successfully, but these errors were encountered: