[Detection Engine][Rules] - Adds custom highlighted fields option #163235
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
yctercero
changed the title
8 tasks
yctercero
commented
Aug 11, 2023
|
@elasticmachine merge upstream |
💔 Build FailedFailed CI Steps
Test Failures
Metrics [docs]Async chunks
History
To update your PR or re-run it, just comment with: |
hop-dev
pushed a commit
to hop-dev/kibana
that referenced
this pull request
Aug 16, 2023
…astic#163235) ## Summary Allows a user to define which fields to highlight in areas where we currently use "highlighted fields" feature.
8 tasks
|
It would be good if we could add fields through the bulk edit feature. |
|
@mbudge do you mind opening a feature request for this in https://github.com/elastic/kibana/issues? |
bryce-b
pushed a commit
that referenced
this pull request
Aug 22, 2023
…63235) ## Summary Allows a user to define which fields to highlight in areas where we currently use "highlighted fields" feature.
16 tasks
nikitaindik
added a commit
that referenced
this pull request
Aug 25, 2023
…ovements (#164179) **Addresses: #162334 **Base PR: #163304 <img width="1177" alt="Screenshot 2023-08-24 at 04 09 07" src="https://github.com/elastic/kibana/assets/15949146/73ac6726-69d4-4c46-bb16-da704a02aba5"> ## Summary This is a follow-up refactoring and bugfix PR to improve the prebuilt rules flyout. Base PR: #163304 #### Changes - [x] Tweak UI so that it matches the design more closely. [Design](https://www.figma.com/file/gLHm8LpTtSkAUQHrkG3RHU/%5B8.7%5D-%5BRules%5D-Rule-Immutability%2FCustomization?type=design&node-id=3563-612771&mode=design&t=yqZ6LI0vAjbir9xc-0) (external). - [x] Rewrite preview installation and upgrade API endpoints to respond with `RuleResponse` instead of `DiffableRule` - [x] Revert some changes introduced by this [PR](#163304) - [x] Revert exports in `x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/rule_schemas.ts` - [x] Delete `x-pack/plugins/security_solution/common/detection_engine/diffable_rule_to_rule_response.ts` - [x] Make the data contexts unaware of any UI elements that are consuming them - [x] Move rendering of specialized flyout components into to the context provider so that the table is unaware of the flyout. - [x] Make "flyoutRule" and "closeFlyout" internal to the context. Components outside don't need to know anything about how a rule is displayed. We can encapsulate this knowledge inside the context and expose only a generic method, like openRulePreview(ruleId) - [x] Remove unnecessary checks after using "invariant" - [x] Make sure query, timeline template and all the other fields are shown in the flyout. Compare each rule in a flyout with the Rule Details to ensure that all fields are in place. - [x] Remove the enable / disable switch machine learning job UI switch element - [x] Add custom highlighted fields to the flyout ([comment](#163235 (comment))) ### Checklist Delete any items that are not applicable to this PR. - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials. [Docs ticket](elastic/security-docs#3798) - [x] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [x] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [x] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
nikitaindik
added a commit
to banderror/kibana
that referenced
this pull request
Aug 26, 2023
…ovements (elastic#164179) **Addresses: elastic#162334 **Base PR: elastic#163304 <img width="1177" alt="Screenshot 2023-08-24 at 04 09 07" src="https://github.com/elastic/kibana/assets/15949146/73ac6726-69d4-4c46-bb16-da704a02aba5"> ## Summary This is a follow-up refactoring and bugfix PR to improve the prebuilt rules flyout. Base PR: elastic#163304 #### Changes - [x] Tweak UI so that it matches the design more closely. [Design](https://www.figma.com/file/gLHm8LpTtSkAUQHrkG3RHU/%5B8.7%5D-%5BRules%5D-Rule-Immutability%2FCustomization?type=design&node-id=3563-612771&mode=design&t=yqZ6LI0vAjbir9xc-0) (external). - [x] Rewrite preview installation and upgrade API endpoints to respond with `RuleResponse` instead of `DiffableRule` - [x] Revert some changes introduced by this [PR](elastic#163304) - [x] Revert exports in `x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/rule_schemas.ts` - [x] Delete `x-pack/plugins/security_solution/common/detection_engine/diffable_rule_to_rule_response.ts` - [x] Make the data contexts unaware of any UI elements that are consuming them - [x] Move rendering of specialized flyout components into to the context provider so that the table is unaware of the flyout. - [x] Make "flyoutRule" and "closeFlyout" internal to the context. Components outside don't need to know anything about how a rule is displayed. We can encapsulate this knowledge inside the context and expose only a generic method, like openRulePreview(ruleId) - [x] Remove unnecessary checks after using "invariant" - [x] Make sure query, timeline template and all the other fields are shown in the flyout. Compare each rule in a flyout with the Rule Details to ensure that all fields are in place. - [x] Remove the enable / disable switch machine learning job UI switch element - [x] Add custom highlighted fields to the flyout ([comment](elastic#163235 (comment))) ### Checklist Delete any items that are not applicable to this PR. - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials. [Docs ticket](elastic/security-docs#3798) - [x] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [x] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [x] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) (cherry picked from commit c115f5d) # Conflicts: # x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_installation/review_rule_installation_route.ts
banderror
referenced
this pull request
Aug 26, 2023
…ut improvements (#164179) (#164897) # Backport This will backport the following commits from `main` to `8.10`: - [[Security Solution] Prebuilt rules installation / upgrade flyout improvements (#164179)](#164179) <!--- Backport version: 8.9.8 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Nikita Indik","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-08-25T19:47:13Z","message":"[Security Solution] Prebuilt rules installation / upgrade flyout improvements (#164179)\n\n**Addresses: https://github.com/elastic/kibana/issues/162334**\r\n**Base PR: https://github.com/elastic/kibana/pull/163304**\r\n\r\n<img width=\"1177\" alt=\"Screenshot 2023-08-24 at 04 09 07\"\r\nsrc=\"https://github.com/elastic/kibana/assets/15949146/73ac6726-69d4-4c46-bb16-da704a02aba5\">\r\n\r\n## Summary\r\n\r\nThis is a follow-up refactoring and bugfix PR to improve the prebuilt\r\nrules flyout. Base PR: #163304\r\n\r\n#### Changes\r\n- [x] Tweak UI so that it matches the design more closely.\r\n[Design](https://www.figma.com/file/gLHm8LpTtSkAUQHrkG3RHU/%5B8.7%5D-%5BRules%5D-Rule-Immutability%2FCustomization?type=design&node-id=3563-612771&mode=design&t=yqZ6LI0vAjbir9xc-0)\r\n(external).\r\n- [x] Rewrite preview installation and upgrade API endpoints to respond\r\nwith `RuleResponse` instead of `DiffableRule`\r\n- [x] Revert some changes introduced by this\r\n[PR](https://github.com/elastic/kibana/pull/163304)\r\n- [x] Revert exports in\r\n`x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/rule_schemas.ts`\r\n- [x] Delete\r\n`x-pack/plugins/security_solution/common/detection_engine/diffable_rule_to_rule_response.ts`\r\n- [x] Make the data contexts unaware of any UI elements that are\r\nconsuming them\r\n- [x] Move rendering of specialized flyout components into to the\r\ncontext provider so that the table is unaware of the flyout.\r\n- [x] Make \"flyoutRule\" and \"closeFlyout\" internal to the context.\r\nComponents outside don't need to know anything about how a rule is\r\ndisplayed. We can encapsulate this knowledge inside the context and\r\nexpose only a generic method, like openRulePreview(ruleId)\r\n - [x] Remove unnecessary checks after using \"invariant\"\r\n- [x] Make sure query, timeline template and all the other fields are\r\nshown in the flyout. Compare each rule in a flyout with the Rule Details\r\nto ensure that all fields are in place.\r\n- [x] Remove the enable / disable switch machine learning job UI switch\r\nelement\r\n- [x] Add custom highlighted fields to the flyout\r\n([comment](https://github.com/elastic/kibana/pull/163235#discussion_r1293821203))\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials. [Docs\r\nticket](https://github.com/elastic/security-docs/issues/3798)\r\n- [x] Any UI touched in this PR does not create any new axe failures\r\n(run axe in browser:\r\n[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),\r\n[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))\r\n- [x] This renders correctly on smaller devices using a responsive\r\nlayout. (You can test this [in your\r\nbrowser](https://www.browserstack.com/guide/responsive-testing-on-local-server))\r\n- [x] This was checked for [cross-browser\r\ncompatibility](https://www.elastic.co/support/matrix#matrix_browsers)","sha":"c115f5d3d6f580b195e823c9e948f7b1daf8fddc","branchLabelMapping":{"^v8.11.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","v8.10.0","v8.11.0"],"number":164179,"url":"https://github.com/elastic/kibana/pull/164179","mergeCommit":{"message":"[Security Solution] Prebuilt rules installation / upgrade flyout improvements (#164179)\n\n**Addresses: https://github.com/elastic/kibana/issues/162334**\r\n**Base PR: https://github.com/elastic/kibana/pull/163304**\r\n\r\n<img width=\"1177\" alt=\"Screenshot 2023-08-24 at 04 09 07\"\r\nsrc=\"https://github.com/elastic/kibana/assets/15949146/73ac6726-69d4-4c46-bb16-da704a02aba5\">\r\n\r\n## Summary\r\n\r\nThis is a follow-up refactoring and bugfix PR to improve the prebuilt\r\nrules flyout. Base PR: #163304\r\n\r\n#### Changes\r\n- [x] Tweak UI so that it matches the design more closely.\r\n[Design](https://www.figma.com/file/gLHm8LpTtSkAUQHrkG3RHU/%5B8.7%5D-%5BRules%5D-Rule-Immutability%2FCustomization?type=design&node-id=3563-612771&mode=design&t=yqZ6LI0vAjbir9xc-0)\r\n(external).\r\n- [x] Rewrite preview installation and upgrade API endpoints to respond\r\nwith `RuleResponse` instead of `DiffableRule`\r\n- [x] Revert some changes introduced by this\r\n[PR](https://github.com/elastic/kibana/pull/163304)\r\n- [x] Revert exports in\r\n`x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/rule_schemas.ts`\r\n- [x] Delete\r\n`x-pack/plugins/security_solution/common/detection_engine/diffable_rule_to_rule_response.ts`\r\n- [x] Make the data contexts unaware of any UI elements that are\r\nconsuming them\r\n- [x] Move rendering of specialized flyout components into to the\r\ncontext provider so that the table is unaware of the flyout.\r\n- [x] Make \"flyoutRule\" and \"closeFlyout\" internal to the context.\r\nComponents outside don't need to know anything about how a rule is\r\ndisplayed. We can encapsulate this knowledge inside the context and\r\nexpose only a generic method, like openRulePreview(ruleId)\r\n - [x] Remove unnecessary checks after using \"invariant\"\r\n- [x] Make sure query, timeline template and all the other fields are\r\nshown in the flyout. Compare each rule in a flyout with the Rule Details\r\nto ensure that all fields are in place.\r\n- [x] Remove the enable / disable switch machine learning job UI switch\r\nelement\r\n- [x] Add custom highlighted fields to the flyout\r\n([comment](https://github.com/elastic/kibana/pull/163235#discussion_r1293821203))\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials. [Docs\r\nticket](https://github.com/elastic/security-docs/issues/3798)\r\n- [x] Any UI touched in this PR does not create any new axe failures\r\n(run axe in browser:\r\n[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),\r\n[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))\r\n- [x] This renders correctly on smaller devices using a responsive\r\nlayout. (You can test this [in your\r\nbrowser](https://www.browserstack.com/guide/responsive-testing-on-local-server))\r\n- [x] This was checked for [cross-browser\r\ncompatibility](https://www.elastic.co/support/matrix#matrix_browsers)","sha":"c115f5d3d6f580b195e823c9e948f7b1daf8fddc"}},"sourceBranch":"main","suggestedTargetBranches":["8.10"],"targetPullRequestStates":[{"branch":"8.10","label":"v8.10.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.11.0","labelRegex":"^v8.11.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/164179","number":164179,"mergeCommit":{"message":"[Security Solution] Prebuilt rules installation / upgrade flyout improvements (#164179)\n\n**Addresses: https://github.com/elastic/kibana/issues/162334**\r\n**Base PR: https://github.com/elastic/kibana/pull/163304**\r\n\r\n<img width=\"1177\" alt=\"Screenshot 2023-08-24 at 04 09 07\"\r\nsrc=\"https://github.com/elastic/kibana/assets/15949146/73ac6726-69d4-4c46-bb16-da704a02aba5\">\r\n\r\n## Summary\r\n\r\nThis is a follow-up refactoring and bugfix PR to improve the prebuilt\r\nrules flyout. Base PR: #163304\r\n\r\n#### Changes\r\n- [x] Tweak UI so that it matches the design more closely.\r\n[Design](https://www.figma.com/file/gLHm8LpTtSkAUQHrkG3RHU/%5B8.7%5D-%5BRules%5D-Rule-Immutability%2FCustomization?type=design&node-id=3563-612771&mode=design&t=yqZ6LI0vAjbir9xc-0)\r\n(external).\r\n- [x] Rewrite preview installation and upgrade API endpoints to respond\r\nwith `RuleResponse` instead of `DiffableRule`\r\n- [x] Revert some changes introduced by this\r\n[PR](https://github.com/elastic/kibana/pull/163304)\r\n- [x] Revert exports in\r\n`x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/rule_schemas.ts`\r\n- [x] Delete\r\n`x-pack/plugins/security_solution/common/detection_engine/diffable_rule_to_rule_response.ts`\r\n- [x] Make the data contexts unaware of any UI elements that are\r\nconsuming them\r\n- [x] Move rendering of specialized flyout components into to the\r\ncontext provider so that the table is unaware of the flyout.\r\n- [x] Make \"flyoutRule\" and \"closeFlyout\" internal to the context.\r\nComponents outside don't need to know anything about how a rule is\r\ndisplayed. We can encapsulate this knowledge inside the context and\r\nexpose only a generic method, like openRulePreview(ruleId)\r\n - [x] Remove unnecessary checks after using \"invariant\"\r\n- [x] Make sure query, timeline template and all the other fields are\r\nshown in the flyout. Compare each rule in a flyout with the Rule Details\r\nto ensure that all fields are in place.\r\n- [x] Remove the enable / disable switch machine learning job UI switch\r\nelement\r\n- [x] Add custom highlighted fields to the flyout\r\n([comment](https://github.com/elastic/kibana/pull/163235#discussion_r1293821203))\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials. [Docs\r\nticket](https://github.com/elastic/security-docs/issues/3798)\r\n- [x] Any UI touched in this PR does not create any new axe failures\r\n(run axe in browser:\r\n[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),\r\n[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))\r\n- [x] This renders correctly on smaller devices using a responsive\r\nlayout. (You can test this [in your\r\nbrowser](https://www.browserstack.com/guide/responsive-testing-on-local-server))\r\n- [x] This was checked for [cross-browser\r\ncompatibility](https://www.elastic.co/support/matrix#matrix_browsers)","sha":"c115f5d3d6f580b195e823c9e948f7b1daf8fddc"}}]}] BACKPORT--> Co-authored-by: Nikita Indik <[email protected]> Co-authored-by: Patryk Kopyciński <[email protected]>
|
My engineer is getting arthritis setting 30 custom highlighted fields in 100's of custom rules. Would be good to do this through bulk edit. |
|
@mbudge makes sense, and bulk edit is aligned with the roadmap. |
|
@mbudge - one of our devs, @e40pud , is working on an implementation for bulk adding highlighted fields! Hoping to save many engineers from arthritis - https://github.com/elastic/security-team/issues/8958 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Original PR and changes by @RubixSolver99 . Thanks Carson for doing the heavy lifting here! This PR cleans it up to get over the line.
Allows a user to define which fields to highlight in areas where we currently use "highlighted fields" feature. This includes:
Also ensure:
New rule field being added is
investigation_fields. Not adding it to the alert schemas as we will always be querying for latest in our UX, not looking to pull the custom highlighted fields from the alert doc. This means that this field will be available in the alert doc underkibana.alert.rule.parameters["investigation_fields"].To test
Updated UI screenshots
For the below screenshots, I've created a rule with a custom highlighted field of
host.os.nameRule creation
Rule details
Alerts flyout
Exceptions auto-populate
Checklist