-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Detection Engine][Rules] - Adds custom highlighted fields option #163235
Conversation
@elasticmachine merge upstream |
💔 Build FailedFailed CI Steps
Test Failures
Metrics [docs]Async chunks
History
To update your PR or re-run it, just comment with: |
…astic#163235) ## Summary Allows a user to define which fields to highlight in areas where we currently use "highlighted fields" feature.
It would be good if we could add fields through the bulk edit feature. |
@mbudge do you mind opening a feature request for this in https://github.com/elastic/kibana/issues? |
…63235) ## Summary Allows a user to define which fields to highlight in areas where we currently use "highlighted fields" feature.
…ovements (#164179) **Addresses: #162334 **Base PR: #163304 <img width="1177" alt="Screenshot 2023-08-24 at 04 09 07" src="https://github.com/elastic/kibana/assets/15949146/73ac6726-69d4-4c46-bb16-da704a02aba5"> ## Summary This is a follow-up refactoring and bugfix PR to improve the prebuilt rules flyout. Base PR: #163304 #### Changes - [x] Tweak UI so that it matches the design more closely. [Design](https://www.figma.com/file/gLHm8LpTtSkAUQHrkG3RHU/%5B8.7%5D-%5BRules%5D-Rule-Immutability%2FCustomization?type=design&node-id=3563-612771&mode=design&t=yqZ6LI0vAjbir9xc-0) (external). - [x] Rewrite preview installation and upgrade API endpoints to respond with `RuleResponse` instead of `DiffableRule` - [x] Revert some changes introduced by this [PR](#163304) - [x] Revert exports in `x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/rule_schemas.ts` - [x] Delete `x-pack/plugins/security_solution/common/detection_engine/diffable_rule_to_rule_response.ts` - [x] Make the data contexts unaware of any UI elements that are consuming them - [x] Move rendering of specialized flyout components into to the context provider so that the table is unaware of the flyout. - [x] Make "flyoutRule" and "closeFlyout" internal to the context. Components outside don't need to know anything about how a rule is displayed. We can encapsulate this knowledge inside the context and expose only a generic method, like openRulePreview(ruleId) - [x] Remove unnecessary checks after using "invariant" - [x] Make sure query, timeline template and all the other fields are shown in the flyout. Compare each rule in a flyout with the Rule Details to ensure that all fields are in place. - [x] Remove the enable / disable switch machine learning job UI switch element - [x] Add custom highlighted fields to the flyout ([comment](#163235 (comment))) ### Checklist Delete any items that are not applicable to this PR. - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials. [Docs ticket](elastic/security-docs#3798) - [x] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [x] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [x] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
…ovements (elastic#164179) **Addresses: elastic#162334 **Base PR: elastic#163304 <img width="1177" alt="Screenshot 2023-08-24 at 04 09 07" src="https://github.com/elastic/kibana/assets/15949146/73ac6726-69d4-4c46-bb16-da704a02aba5"> ## Summary This is a follow-up refactoring and bugfix PR to improve the prebuilt rules flyout. Base PR: elastic#163304 #### Changes - [x] Tweak UI so that it matches the design more closely. [Design](https://www.figma.com/file/gLHm8LpTtSkAUQHrkG3RHU/%5B8.7%5D-%5BRules%5D-Rule-Immutability%2FCustomization?type=design&node-id=3563-612771&mode=design&t=yqZ6LI0vAjbir9xc-0) (external). - [x] Rewrite preview installation and upgrade API endpoints to respond with `RuleResponse` instead of `DiffableRule` - [x] Revert some changes introduced by this [PR](elastic#163304) - [x] Revert exports in `x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/rule_schemas.ts` - [x] Delete `x-pack/plugins/security_solution/common/detection_engine/diffable_rule_to_rule_response.ts` - [x] Make the data contexts unaware of any UI elements that are consuming them - [x] Move rendering of specialized flyout components into to the context provider so that the table is unaware of the flyout. - [x] Make "flyoutRule" and "closeFlyout" internal to the context. Components outside don't need to know anything about how a rule is displayed. We can encapsulate this knowledge inside the context and expose only a generic method, like openRulePreview(ruleId) - [x] Remove unnecessary checks after using "invariant" - [x] Make sure query, timeline template and all the other fields are shown in the flyout. Compare each rule in a flyout with the Rule Details to ensure that all fields are in place. - [x] Remove the enable / disable switch machine learning job UI switch element - [x] Add custom highlighted fields to the flyout ([comment](elastic#163235 (comment))) ### Checklist Delete any items that are not applicable to this PR. - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials. [Docs ticket](elastic/security-docs#3798) - [x] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [x] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [x] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) (cherry picked from commit c115f5d) # Conflicts: # x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_installation/review_rule_installation_route.ts
…ut improvements (#164179) (#164897) # Backport This will backport the following commits from `main` to `8.10`: - [[Security Solution] Prebuilt rules installation / upgrade flyout improvements (#164179)](#164179) <!--- Backport version: 8.9.8 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Nikita Indik","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-08-25T19:47:13Z","message":"[Security Solution] Prebuilt rules installation / upgrade flyout improvements (#164179)\n\n**Addresses: https://github.com/elastic/kibana/issues/162334**\r\n**Base PR: https://github.com/elastic/kibana/pull/163304**\r\n\r\n<img width=\"1177\" alt=\"Screenshot 2023-08-24 at 04 09 07\"\r\nsrc=\"https://github.com/elastic/kibana/assets/15949146/73ac6726-69d4-4c46-bb16-da704a02aba5\">\r\n\r\n## Summary\r\n\r\nThis is a follow-up refactoring and bugfix PR to improve the prebuilt\r\nrules flyout. Base PR: #163304\r\n\r\n#### Changes\r\n- [x] Tweak UI so that it matches the design more closely.\r\n[Design](https://www.figma.com/file/gLHm8LpTtSkAUQHrkG3RHU/%5B8.7%5D-%5BRules%5D-Rule-Immutability%2FCustomization?type=design&node-id=3563-612771&mode=design&t=yqZ6LI0vAjbir9xc-0)\r\n(external).\r\n- [x] Rewrite preview installation and upgrade API endpoints to respond\r\nwith `RuleResponse` instead of `DiffableRule`\r\n- [x] Revert some changes introduced by this\r\n[PR](https://github.com/elastic/kibana/pull/163304)\r\n- [x] Revert exports in\r\n`x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/rule_schemas.ts`\r\n- [x] Delete\r\n`x-pack/plugins/security_solution/common/detection_engine/diffable_rule_to_rule_response.ts`\r\n- [x] Make the data contexts unaware of any UI elements that are\r\nconsuming them\r\n- [x] Move rendering of specialized flyout components into to the\r\ncontext provider so that the table is unaware of the flyout.\r\n- [x] Make \"flyoutRule\" and \"closeFlyout\" internal to the context.\r\nComponents outside don't need to know anything about how a rule is\r\ndisplayed. We can encapsulate this knowledge inside the context and\r\nexpose only a generic method, like openRulePreview(ruleId)\r\n - [x] Remove unnecessary checks after using \"invariant\"\r\n- [x] Make sure query, timeline template and all the other fields are\r\nshown in the flyout. Compare each rule in a flyout with the Rule Details\r\nto ensure that all fields are in place.\r\n- [x] Remove the enable / disable switch machine learning job UI switch\r\nelement\r\n- [x] Add custom highlighted fields to the flyout\r\n([comment](https://github.com/elastic/kibana/pull/163235#discussion_r1293821203))\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials. [Docs\r\nticket](https://github.com/elastic/security-docs/issues/3798)\r\n- [x] Any UI touched in this PR does not create any new axe failures\r\n(run axe in browser:\r\n[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),\r\n[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))\r\n- [x] This renders correctly on smaller devices using a responsive\r\nlayout. (You can test this [in your\r\nbrowser](https://www.browserstack.com/guide/responsive-testing-on-local-server))\r\n- [x] This was checked for [cross-browser\r\ncompatibility](https://www.elastic.co/support/matrix#matrix_browsers)","sha":"c115f5d3d6f580b195e823c9e948f7b1daf8fddc","branchLabelMapping":{"^v8.11.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","v8.10.0","v8.11.0"],"number":164179,"url":"https://github.com/elastic/kibana/pull/164179","mergeCommit":{"message":"[Security Solution] Prebuilt rules installation / upgrade flyout improvements (#164179)\n\n**Addresses: https://github.com/elastic/kibana/issues/162334**\r\n**Base PR: https://github.com/elastic/kibana/pull/163304**\r\n\r\n<img width=\"1177\" alt=\"Screenshot 2023-08-24 at 04 09 07\"\r\nsrc=\"https://github.com/elastic/kibana/assets/15949146/73ac6726-69d4-4c46-bb16-da704a02aba5\">\r\n\r\n## Summary\r\n\r\nThis is a follow-up refactoring and bugfix PR to improve the prebuilt\r\nrules flyout. Base PR: #163304\r\n\r\n#### Changes\r\n- [x] Tweak UI so that it matches the design more closely.\r\n[Design](https://www.figma.com/file/gLHm8LpTtSkAUQHrkG3RHU/%5B8.7%5D-%5BRules%5D-Rule-Immutability%2FCustomization?type=design&node-id=3563-612771&mode=design&t=yqZ6LI0vAjbir9xc-0)\r\n(external).\r\n- [x] Rewrite preview installation and upgrade API endpoints to respond\r\nwith `RuleResponse` instead of `DiffableRule`\r\n- [x] Revert some changes introduced by this\r\n[PR](https://github.com/elastic/kibana/pull/163304)\r\n- [x] Revert exports in\r\n`x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/rule_schemas.ts`\r\n- [x] Delete\r\n`x-pack/plugins/security_solution/common/detection_engine/diffable_rule_to_rule_response.ts`\r\n- [x] Make the data contexts unaware of any UI elements that are\r\nconsuming them\r\n- [x] Move rendering of specialized flyout components into to the\r\ncontext provider so that the table is unaware of the flyout.\r\n- [x] Make \"flyoutRule\" and \"closeFlyout\" internal to the context.\r\nComponents outside don't need to know anything about how a rule is\r\ndisplayed. We can encapsulate this knowledge inside the context and\r\nexpose only a generic method, like openRulePreview(ruleId)\r\n - [x] Remove unnecessary checks after using \"invariant\"\r\n- [x] Make sure query, timeline template and all the other fields are\r\nshown in the flyout. Compare each rule in a flyout with the Rule Details\r\nto ensure that all fields are in place.\r\n- [x] Remove the enable / disable switch machine learning job UI switch\r\nelement\r\n- [x] Add custom highlighted fields to the flyout\r\n([comment](https://github.com/elastic/kibana/pull/163235#discussion_r1293821203))\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials. [Docs\r\nticket](https://github.com/elastic/security-docs/issues/3798)\r\n- [x] Any UI touched in this PR does not create any new axe failures\r\n(run axe in browser:\r\n[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),\r\n[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))\r\n- [x] This renders correctly on smaller devices using a responsive\r\nlayout. (You can test this [in your\r\nbrowser](https://www.browserstack.com/guide/responsive-testing-on-local-server))\r\n- [x] This was checked for [cross-browser\r\ncompatibility](https://www.elastic.co/support/matrix#matrix_browsers)","sha":"c115f5d3d6f580b195e823c9e948f7b1daf8fddc"}},"sourceBranch":"main","suggestedTargetBranches":["8.10"],"targetPullRequestStates":[{"branch":"8.10","label":"v8.10.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.11.0","labelRegex":"^v8.11.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/164179","number":164179,"mergeCommit":{"message":"[Security Solution] Prebuilt rules installation / upgrade flyout improvements (#164179)\n\n**Addresses: https://github.com/elastic/kibana/issues/162334**\r\n**Base PR: https://github.com/elastic/kibana/pull/163304**\r\n\r\n<img width=\"1177\" alt=\"Screenshot 2023-08-24 at 04 09 07\"\r\nsrc=\"https://github.com/elastic/kibana/assets/15949146/73ac6726-69d4-4c46-bb16-da704a02aba5\">\r\n\r\n## Summary\r\n\r\nThis is a follow-up refactoring and bugfix PR to improve the prebuilt\r\nrules flyout. Base PR: #163304\r\n\r\n#### Changes\r\n- [x] Tweak UI so that it matches the design more closely.\r\n[Design](https://www.figma.com/file/gLHm8LpTtSkAUQHrkG3RHU/%5B8.7%5D-%5BRules%5D-Rule-Immutability%2FCustomization?type=design&node-id=3563-612771&mode=design&t=yqZ6LI0vAjbir9xc-0)\r\n(external).\r\n- [x] Rewrite preview installation and upgrade API endpoints to respond\r\nwith `RuleResponse` instead of `DiffableRule`\r\n- [x] Revert some changes introduced by this\r\n[PR](https://github.com/elastic/kibana/pull/163304)\r\n- [x] Revert exports in\r\n`x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/rule_schemas.ts`\r\n- [x] Delete\r\n`x-pack/plugins/security_solution/common/detection_engine/diffable_rule_to_rule_response.ts`\r\n- [x] Make the data contexts unaware of any UI elements that are\r\nconsuming them\r\n- [x] Move rendering of specialized flyout components into to the\r\ncontext provider so that the table is unaware of the flyout.\r\n- [x] Make \"flyoutRule\" and \"closeFlyout\" internal to the context.\r\nComponents outside don't need to know anything about how a rule is\r\ndisplayed. We can encapsulate this knowledge inside the context and\r\nexpose only a generic method, like openRulePreview(ruleId)\r\n - [x] Remove unnecessary checks after using \"invariant\"\r\n- [x] Make sure query, timeline template and all the other fields are\r\nshown in the flyout. Compare each rule in a flyout with the Rule Details\r\nto ensure that all fields are in place.\r\n- [x] Remove the enable / disable switch machine learning job UI switch\r\nelement\r\n- [x] Add custom highlighted fields to the flyout\r\n([comment](https://github.com/elastic/kibana/pull/163235#discussion_r1293821203))\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials. [Docs\r\nticket](https://github.com/elastic/security-docs/issues/3798)\r\n- [x] Any UI touched in this PR does not create any new axe failures\r\n(run axe in browser:\r\n[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),\r\n[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))\r\n- [x] This renders correctly on smaller devices using a responsive\r\nlayout. (You can test this [in your\r\nbrowser](https://www.browserstack.com/guide/responsive-testing-on-local-server))\r\n- [x] This was checked for [cross-browser\r\ncompatibility](https://www.elastic.co/support/matrix#matrix_browsers)","sha":"c115f5d3d6f580b195e823c9e948f7b1daf8fddc"}}]}] BACKPORT--> Co-authored-by: Nikita Indik <[email protected]> Co-authored-by: Patryk Kopyciński <[email protected]>
My engineer is getting arthritis setting 30 custom highlighted fields in 100's of custom rules. Would be good to do this through bulk edit. |
@mbudge makes sense, and bulk edit is aligned with the roadmap. |
@mbudge - one of our devs, @e40pud , is working on an implementation for bulk adding highlighted fields! Hoping to save many engineers from arthritis - https://github.com/elastic/security-team/issues/8958 |
Summary
Original PR and changes by @RubixSolver99 . Thanks Carson for doing the heavy lifting here! This PR cleans it up to get over the line.
Allows a user to define which fields to highlight in areas where we currently use "highlighted fields" feature. This includes:
Also ensure:
New rule field being added is
investigation_fields
. Not adding it to the alert schemas as we will always be querying for latest in our UX, not looking to pull the custom highlighted fields from the alert doc. This means that this field will be available in the alert doc underkibana.alert.rule.parameters["investigation_fields"]
.To test
Updated UI screenshots
For the below screenshots, I've created a rule with a custom highlighted field of
host.os.name
Rule creation
Rule details
Alerts flyout
Exceptions auto-populate
Checklist