-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Allow users to edit max_signals field for custom rules #179680
[Security Solution] Allow users to edit max_signals field for custom rules #179680
Conversation
...rity_solution/public/detection_engine/rule_creation_ui/components/step_about_rule/schema.tsx
Outdated
Show resolved
Hide resolved
How do we feel about selecting the name for |
Haha, jinx, we both asked the same thing just now. 😜 I think "Max alerts" is a more meaningful label to users — I assume we can't also rename the field itself (due to breaking changes, etc)? It might be a little odd to have different names in the UI and in the data, but I don't know if users are likely to notice, if |
@joepeeples yeah, we can't easily rename the field without a lot of problems but in the one prior example we have of referring to the value in the UI, we use "max alerts" so I reckon that's probably a good enough solution. It won't break anything for API users anyways so I don't think we would run into too much confusion adding it to the rule forms. I'll go ahead and do that then unless @approksiu had another idea in mind. |
/ci |
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
Pinging @elastic/security-solution (Team: SecuritySolution) |
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
@dplumlee I'm trying to get the Serverless URL and credentials to allow for testing, but for whatever reason that step failed. I'll rerun CI. |
/ci |
...ns/security_solution/public/detection_engine/rule_creation_ui/pages/rule_creation/helpers.ts
Outdated
Show resolved
Hide resolved
💚 Build Succeeded
Metrics [docs]Module Count
Public APIs missing comments
Async chunks
Canvas Sharable Runtime
Page load bundle
History
To update your PR or re-run it, just comment with: cc @dplumlee |
Resolves: #173593
Fixes: #164234
Summary
Adds a number component in the create and edit rule forms so that users are able to customize the
max_signals
value for custom rules from the UI. Also adds validations to the rule API's for invalid values being passed in.This PR also exposes the
xpack.alerting.rules.run.alerts.max
config setting from the alerting framework to the frontend and backend so that we can validate against it as it supersedes our ownmax_signals
value.Flaky test run (internal)
Screenshots
Form component
Details Page
Error state
Warning state
Checklist
Delete any items that are not applicable to this PR.
For maintainers