-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Allows editing and exporting prebuilt rules from the Rule Management and Rule Details pages #198202
Conversation
Pinging @elastic/security-solution (Team: SecuritySolution) |
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
Tested with both FF on and off. All features working as expected 👍 LGTM ✅ |
@elasticmachine merge upstream |
bfee024
to
9ef2f4f
Compare
@dplumlee Can you please add screenshots and/or video showing the changes made in this PR? |
@elasticmachine merge upstream |
@elasticmachine merge upstream |
💚 Build Succeeded
Metrics [docs]Async chunks
History
cc @dplumlee |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code changes LGTM.
I did some extended manual testing locally with both feature flags ON and OFF. First, I checked many scenarios with the flag ON. Then I kept the prebuilt customized, prebuilt non-customized, and custom rules created when the flag was ON, turned it OFF, and continued testing the app. I did this to check if the "new" data breaks the app without the flag.
- Feature flag is ON
- Rule Management page
- Should be possible to edit:
- A single non-customized prebuilt rule (only rule actions).
- A single customized prebuilt rule (only rule actions).
- A custom rule (any parameter).
- Should be possible to bulk edit prebuilt rules:
- Add index patterns.
- Delete index patterns.
- Add tags.
- Delete tags.
- Add custom highlighted fields.
- Delete custom highlighted fields.
- Add rule actions.
- Update rule schedules.
- Apply timeline template.
- Should be possible to export:
- A single non-customized prebuilt rule.
- A single customized prebuilt rule.
- A custom rule.
- Should be possible to bulk export:
- A mixture of prebuilt non-customized, prebuilt customized, and custom rules.
- Only prebuilt non-customized rules.
- Only prebuilt customized rules.
- Only custom rules.
- Should be possible to bulk import:
- A mixture of prebuilt non-customized, prebuilt customized, and custom rules.
- Only prebuilt non-customized rules.
- Only prebuilt customized rules.
- Only custom rules.
- Should be possible to edit:
- Rule Details page
- Should be possible to edit:
- A non-customized prebuilt rule.
- A customized prebuilt rule.
- A custom rule.
- Should be possible to export:
- A non-customized prebuilt rule.
- A customized prebuilt rule.
- A custom rule.
- Should be possible to edit:
- Rule Management page
- Feature flag is OFF
- Rule Management page
- Should be possible to edit:
- A single prebuilt rule (only rule actions).
- A custom rule (any parameter).
- Should NOT be possible to bulk edit prebuilt rules, except adding rule actions:
- NO: Add index patterns.
- NO: Delete index patterns.
- NO: Add tags.
- NO: Delete tags.
- NO: Add custom highlighted fields.
- NO: Delete custom highlighted fields.
- YES: Add rule actions.
- NO: Update rule schedules.
- NO: Apply timeline template.
- Should NOT be possible to export prebuilt rules.
- Should be possible to export custom rules.
- Should NOT be possible to bulk export prebuilt rules.
- Should be possible to bulk export custom rules.
- Should NOT be possible to bulk import prebuilt rules.
- Should be possible to bulk import custom rules.
- Should be possible to edit:
- Rule Details page
- Should be possible to edit:
- A single prebuilt rule (only rule actions).
- A custom rule (any parameter).
- Should NOT be possible to export a prebuilt rule.
- Should be possible to export a custom rule.
- Should be possible to edit:
- Rule Management page
Let's use this checklist as a base for writing a test plan in the near future. I'm thinking about creating a few separate tickets for writing test plans so we could close the ones that this PR refers to in the description.
Thank you @dplumlee, let's 🚢 it!
Starting backport for target branches: 8.x https://github.com/elastic/kibana/actions/runs/11826697457 |
…the Rule Management and Rule Details pages (elastic#198202) **Resolves: elastic#180171 **Resolves: elastic#180176 **Resolves: elastic#180173 ## Summary > [!NOTE] > Feature is behind the `prebuiltRulesCustomizationEnabled` feature flag. Adds logic to allow users to edit and export prebuilt rules from both the Rule management page and Rule details page via the bulk action menu and the singular overflow menu ### Acceptance criteria - [x] Feature is hidden behind prebuiltRulesCustomizationEnabled feature flag - [x] Modified components still work as expected when feature flag is off - [x] Bulk actions are able to performed on all rule types from Rule management page bulk actions menu - [x] Editing - [x] Index patterns - [x] Tags - [x] Highlighted fields - [x] Schedule - [x] Export - [x] Singular rule actions are able to be performed on all rule types from rule management page overflow column - [x] Export - [x] Singular rule actions are able to be performed on all rule types from rule details page - [x] Export ### Screenshots *** ### Rule management table overflow menu #### Before **Export button is disabled for prebuilt rules** ![Screenshot 2024-11-07 at 7 38 12 PM](https://github.com/user-attachments/assets/13f8cd87-a9e5-486c-ab0f-d206de8bab4b) #### After **Export button is enabled for all rule types** ![Screenshot 2024-11-07 at 7 34 27 PM](https://github.com/user-attachments/assets/4b3d9364-02d5-406a-9f8a-c9ad8fed8486) ### Rule details page overflow menu #### Before **Export button is disabled for prebuilt rules** ![Screenshot 2024-11-07 at 7 37 40 PM](https://github.com/user-attachments/assets/621b56e3-1f47-49db-aedb-fd05a3b75007) #### After **Export button is enabled for all rule types** ![Screenshot 2024-11-07 at 7 34 38 PM](https://github.com/user-attachments/assets/d533f288-4393-4acf-ba88-91c32ab32955) --------- Co-authored-by: Elastic Machine <[email protected]> (cherry picked from commit 02e4edc)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
… from the Rule Management and Rule Details pages (#198202) (#200103) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] Allows editing and exporting prebuilt rules from the Rule Management and Rule Details pages (#198202)](#198202) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Davis Plumlee","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-13T22:11:48Z","message":"[Security Solution] Allows editing and exporting prebuilt rules from the Rule Management and Rule Details pages (#198202)\n\n**Resolves: https://github.com/elastic/kibana/issues/180171**\r\n**Resolves: https://github.com/elastic/kibana/issues/180176**\r\n**Resolves: https://github.com/elastic/kibana/issues/180173**\r\n\r\n## Summary\r\n\r\n> [!NOTE] \r\n> Feature is behind the `prebuiltRulesCustomizationEnabled` feature\r\nflag.\r\n\r\nAdds logic to allow users to edit and export prebuilt rules from both\r\nthe Rule management page and Rule details page via the bulk action menu\r\nand the singular overflow menu\r\n\r\n\r\n### Acceptance criteria\r\n\r\n- [x] Feature is hidden behind prebuiltRulesCustomizationEnabled feature\r\nflag\r\n- [x] Modified components still work as expected when feature flag is\r\noff\r\n- [x] Bulk actions are able to performed on all rule types from Rule\r\nmanagement page bulk actions menu\r\n - [x] Editing\r\n - [x] Index patterns\r\n - [x] Tags\r\n - [x] Highlighted fields\r\n - [x] Schedule\r\n - [x] Export\r\n- [x] Singular rule actions are able to be performed on all rule types\r\nfrom rule management page overflow column\r\n - [x] Export\r\n- [x] Singular rule actions are able to be performed on all rule types\r\nfrom rule details page\r\n - [x] Export\r\n \r\n\r\n### Screenshots\r\n***\r\n\r\n### Rule management table overflow menu\r\n\r\n#### Before\r\n**Export button is disabled for prebuilt rules**\r\n![Screenshot 2024-11-07 at 7 38\r\n12 PM](https://github.com/user-attachments/assets/13f8cd87-a9e5-486c-ab0f-d206de8bab4b)\r\n\r\n\r\n#### After\r\n**Export button is enabled for all rule types**\r\n![Screenshot 2024-11-07 at 7 34\r\n27 PM](https://github.com/user-attachments/assets/4b3d9364-02d5-406a-9f8a-c9ad8fed8486)\r\n\r\n### Rule details page overflow menu\r\n\r\n#### Before\r\n**Export button is disabled for prebuilt rules**\r\n![Screenshot 2024-11-07 at 7 37\r\n40 PM](https://github.com/user-attachments/assets/621b56e3-1f47-49db-aedb-fd05a3b75007)\r\n\r\n\r\n#### After\r\n**Export button is enabled for all rule types**\r\n![Screenshot 2024-11-07 at 7 34\r\n38 PM](https://github.com/user-attachments/assets/d533f288-4393-4acf-ba88-91c32ab32955)\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"02e4edc458749ca286c2b03eb71c248c7ef5b335","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v8.17.0"],"title":"[Security Solution] Allows editing and exporting prebuilt rules from the Rule Management and Rule Details pages","number":198202,"url":"https://github.com/elastic/kibana/pull/198202","mergeCommit":{"message":"[Security Solution] Allows editing and exporting prebuilt rules from the Rule Management and Rule Details pages (#198202)\n\n**Resolves: https://github.com/elastic/kibana/issues/180171**\r\n**Resolves: https://github.com/elastic/kibana/issues/180176**\r\n**Resolves: https://github.com/elastic/kibana/issues/180173**\r\n\r\n## Summary\r\n\r\n> [!NOTE] \r\n> Feature is behind the `prebuiltRulesCustomizationEnabled` feature\r\nflag.\r\n\r\nAdds logic to allow users to edit and export prebuilt rules from both\r\nthe Rule management page and Rule details page via the bulk action menu\r\nand the singular overflow menu\r\n\r\n\r\n### Acceptance criteria\r\n\r\n- [x] Feature is hidden behind prebuiltRulesCustomizationEnabled feature\r\nflag\r\n- [x] Modified components still work as expected when feature flag is\r\noff\r\n- [x] Bulk actions are able to performed on all rule types from Rule\r\nmanagement page bulk actions menu\r\n - [x] Editing\r\n - [x] Index patterns\r\n - [x] Tags\r\n - [x] Highlighted fields\r\n - [x] Schedule\r\n - [x] Export\r\n- [x] Singular rule actions are able to be performed on all rule types\r\nfrom rule management page overflow column\r\n - [x] Export\r\n- [x] Singular rule actions are able to be performed on all rule types\r\nfrom rule details page\r\n - [x] Export\r\n \r\n\r\n### Screenshots\r\n***\r\n\r\n### Rule management table overflow menu\r\n\r\n#### Before\r\n**Export button is disabled for prebuilt rules**\r\n![Screenshot 2024-11-07 at 7 38\r\n12 PM](https://github.com/user-attachments/assets/13f8cd87-a9e5-486c-ab0f-d206de8bab4b)\r\n\r\n\r\n#### After\r\n**Export button is enabled for all rule types**\r\n![Screenshot 2024-11-07 at 7 34\r\n27 PM](https://github.com/user-attachments/assets/4b3d9364-02d5-406a-9f8a-c9ad8fed8486)\r\n\r\n### Rule details page overflow menu\r\n\r\n#### Before\r\n**Export button is disabled for prebuilt rules**\r\n![Screenshot 2024-11-07 at 7 37\r\n40 PM](https://github.com/user-attachments/assets/621b56e3-1f47-49db-aedb-fd05a3b75007)\r\n\r\n\r\n#### After\r\n**Export button is enabled for all rule types**\r\n![Screenshot 2024-11-07 at 7 34\r\n38 PM](https://github.com/user-attachments/assets/d533f288-4393-4acf-ba88-91c32ab32955)\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"02e4edc458749ca286c2b03eb71c248c7ef5b335"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/198202","number":198202,"mergeCommit":{"message":"[Security Solution] Allows editing and exporting prebuilt rules from the Rule Management and Rule Details pages (#198202)\n\n**Resolves: https://github.com/elastic/kibana/issues/180171**\r\n**Resolves: https://github.com/elastic/kibana/issues/180176**\r\n**Resolves: https://github.com/elastic/kibana/issues/180173**\r\n\r\n## Summary\r\n\r\n> [!NOTE] \r\n> Feature is behind the `prebuiltRulesCustomizationEnabled` feature\r\nflag.\r\n\r\nAdds logic to allow users to edit and export prebuilt rules from both\r\nthe Rule management page and Rule details page via the bulk action menu\r\nand the singular overflow menu\r\n\r\n\r\n### Acceptance criteria\r\n\r\n- [x] Feature is hidden behind prebuiltRulesCustomizationEnabled feature\r\nflag\r\n- [x] Modified components still work as expected when feature flag is\r\noff\r\n- [x] Bulk actions are able to performed on all rule types from Rule\r\nmanagement page bulk actions menu\r\n - [x] Editing\r\n - [x] Index patterns\r\n - [x] Tags\r\n - [x] Highlighted fields\r\n - [x] Schedule\r\n - [x] Export\r\n- [x] Singular rule actions are able to be performed on all rule types\r\nfrom rule management page overflow column\r\n - [x] Export\r\n- [x] Singular rule actions are able to be performed on all rule types\r\nfrom rule details page\r\n - [x] Export\r\n \r\n\r\n### Screenshots\r\n***\r\n\r\n### Rule management table overflow menu\r\n\r\n#### Before\r\n**Export button is disabled for prebuilt rules**\r\n![Screenshot 2024-11-07 at 7 38\r\n12 PM](https://github.com/user-attachments/assets/13f8cd87-a9e5-486c-ab0f-d206de8bab4b)\r\n\r\n\r\n#### After\r\n**Export button is enabled for all rule types**\r\n![Screenshot 2024-11-07 at 7 34\r\n27 PM](https://github.com/user-attachments/assets/4b3d9364-02d5-406a-9f8a-c9ad8fed8486)\r\n\r\n### Rule details page overflow menu\r\n\r\n#### Before\r\n**Export button is disabled for prebuilt rules**\r\n![Screenshot 2024-11-07 at 7 37\r\n40 PM](https://github.com/user-attachments/assets/621b56e3-1f47-49db-aedb-fd05a3b75007)\r\n\r\n\r\n#### After\r\n**Export button is enabled for all rule types**\r\n![Screenshot 2024-11-07 at 7 34\r\n38 PM](https://github.com/user-attachments/assets/d533f288-4393-4acf-ba88-91c32ab32955)\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"02e4edc458749ca286c2b03eb71c248c7ef5b335"}},{"branch":"8.x","label":"v8.17.0","branchLabelMappingKey":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Davis Plumlee <[email protected]>
…the Rule Management and Rule Details pages (elastic#198202) **Resolves: elastic#180171 **Resolves: elastic#180176 **Resolves: elastic#180173 ## Summary > [!NOTE] > Feature is behind the `prebuiltRulesCustomizationEnabled` feature flag. Adds logic to allow users to edit and export prebuilt rules from both the Rule management page and Rule details page via the bulk action menu and the singular overflow menu ### Acceptance criteria - [x] Feature is hidden behind prebuiltRulesCustomizationEnabled feature flag - [x] Modified components still work as expected when feature flag is off - [x] Bulk actions are able to performed on all rule types from Rule management page bulk actions menu - [x] Editing - [x] Index patterns - [x] Tags - [x] Highlighted fields - [x] Schedule - [x] Export - [x] Singular rule actions are able to be performed on all rule types from rule management page overflow column - [x] Export - [x] Singular rule actions are able to be performed on all rule types from rule details page - [x] Export ### Screenshots *** ### Rule management table overflow menu #### Before **Export button is disabled for prebuilt rules** ![Screenshot 2024-11-07 at 7 38 12 PM](https://github.com/user-attachments/assets/13f8cd87-a9e5-486c-ab0f-d206de8bab4b) #### After **Export button is enabled for all rule types** ![Screenshot 2024-11-07 at 7 34 27 PM](https://github.com/user-attachments/assets/4b3d9364-02d5-406a-9f8a-c9ad8fed8486) ### Rule details page overflow menu #### Before **Export button is disabled for prebuilt rules** ![Screenshot 2024-11-07 at 7 37 40 PM](https://github.com/user-attachments/assets/621b56e3-1f47-49db-aedb-fd05a3b75007) #### After **Export button is enabled for all rule types** ![Screenshot 2024-11-07 at 7 34 38 PM](https://github.com/user-attachments/assets/d533f288-4393-4acf-ba88-91c32ab32955) --------- Co-authored-by: Elastic Machine <[email protected]>
…the Rule Management and Rule Details pages (elastic#198202) **Resolves: elastic#180171 **Resolves: elastic#180176 **Resolves: elastic#180173 ## Summary > [!NOTE] > Feature is behind the `prebuiltRulesCustomizationEnabled` feature flag. Adds logic to allow users to edit and export prebuilt rules from both the Rule management page and Rule details page via the bulk action menu and the singular overflow menu ### Acceptance criteria - [x] Feature is hidden behind prebuiltRulesCustomizationEnabled feature flag - [x] Modified components still work as expected when feature flag is off - [x] Bulk actions are able to performed on all rule types from Rule management page bulk actions menu - [x] Editing - [x] Index patterns - [x] Tags - [x] Highlighted fields - [x] Schedule - [x] Export - [x] Singular rule actions are able to be performed on all rule types from rule management page overflow column - [x] Export - [x] Singular rule actions are able to be performed on all rule types from rule details page - [x] Export ### Screenshots *** ### Rule management table overflow menu #### Before **Export button is disabled for prebuilt rules** ![Screenshot 2024-11-07 at 7 38 12 PM](https://github.com/user-attachments/assets/13f8cd87-a9e5-486c-ab0f-d206de8bab4b) #### After **Export button is enabled for all rule types** ![Screenshot 2024-11-07 at 7 34 27 PM](https://github.com/user-attachments/assets/4b3d9364-02d5-406a-9f8a-c9ad8fed8486) ### Rule details page overflow menu #### Before **Export button is disabled for prebuilt rules** ![Screenshot 2024-11-07 at 7 37 40 PM](https://github.com/user-attachments/assets/621b56e3-1f47-49db-aedb-fd05a3b75007) #### After **Export button is enabled for all rule types** ![Screenshot 2024-11-07 at 7 34 38 PM](https://github.com/user-attachments/assets/d533f288-4393-4acf-ba88-91c32ab32955) --------- Co-authored-by: Elastic Machine <[email protected]>
Resolves: #180171
Resolves: #180176
Resolves: #180173
Summary
Note
Feature is behind the
prebuiltRulesCustomizationEnabled
feature flag.Adds logic to allow users to edit and export prebuilt rules from both the Rule management page and Rule details page via the bulk action menu and the singular overflow menu
Acceptance criteria
Screenshots
Rule management table overflow menu
Before
Export button is disabled for prebuilt rules
After
Export button is enabled for all rule types
Rule details page overflow menu
Before
Export button is disabled for prebuilt rules
After
Export button is enabled for all rule types