[Security Solution] Integrate Prebuilt Rules Customization UI with the _perform upgrade API
#199761
+68
−41
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
maximpn
added
release_note:skip
maximpn
force-pushed
the
integrate-ui-with-_perform-upgrade-api
branch
from
18bbcb7 to
2c6f94f
Compare
maximpn
changed the title
_perform API_perform upgrade API
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
69 tasks
xcrzx
approved these changes
Nov 14, 2024
There was a problem hiding this comment.
Tested this PR locally with a focus on the feature flag off case. No issues found across all cases—single rule update, bulk update, or all—each sends the correct payload to the backend with the target version selected. I also tested the feature flag on, but only covered the happy paths. I’ll likely put more effort into testing later today or next week. For now, let's merge this PR to unblock work on the rule type change. Left a couple of comments for future improvements and created a ticket for proper OCC handling as discussed yesterday: #200134
| return rulesToUpgrade.filter((rule) => rule.diff.num_fields_with_conflicts > 0); | ||
| }, | ||
| [rulesUpgradeState] | ||
| ); | ||
|
|
||
| const { mutateAsync: upgradeSpecificRulesRequest } = usePerformUpgradeSpecificRules({ | ||
| pickVersion: isPrebuiltRulesCustomizationEnabled ? 'MERGED' : 'TARGET', |
There was a problem hiding this comment.
Note for future refactoring: We construct the perform request payload in two places. The first part is pickVersion here, and the second part is ruleUpgradeSpecifiers inside upgradeRules. This separation makes it difficult to follow and understand the entire payload. We should aim to construct the payload in a single location for better clarity and maintainability.
| })); | ||
| setLoadingRules((prev) => [...prev, ...rulesToUpgrade.map((r) => r.rule_id)]); | ||
| const conflictRuleIdsSet = new Set( | ||
| isPrebuiltRulesCustomizationEnabled |
There was a problem hiding this comment.
Note for future refactoring: We use isPrebuiltRulesCustomizationEnabled in seleral different places across this context, making it difficult to follow the full logic when the feature flag is on or off. I suggest splitting the upgrade methods into two for improved clarity: updateRulesWithCustomization when the FF is on, and updateRulesWithoutCustomization when it's off.
maximpn
force-pushed
the
integrate-ui-with-_perform-upgrade-api
branch
from
c1275bf to
6d90ced
Compare
|
Starting backport for target branches: 8.x https://github.com/elastic/kibana/actions/runs/11838943846 |
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Async chunks
History
cc @maximpn |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Nov 14, 2024
…e `_perform` upgrade API (elastic#199761) **Partially addresses:** elastic#171520 ## Summary This PR integrates Prebuilt Rules Customization UI functionality with the `/internal/detection_engine/prebuilt_rules/upgrade/_perform` Prebuilt Rules Customization upgrade API. > [!CAUTION] > This PR doesn't handle rule type changes. Prebuilt rule updates with rule type change consider having a NON SOLVABLE conflict and won't be upgraded neither individually nor in bulk. Addressing that task requires UI and functional changes and will be addressed in a separate PR. ## Details ## How to test - Clear Elasticsearch data - Run Elasticsearch and Kibana locally (do not open Kibana in a web browser) - Install an outdated version of the `security_detection_engine` Fleet package ```bash curl -X POST --user elastic:changeme -H 'Content-Type: application/json' -H 'kbn-xsrf: 123' -H "elastic-api-version: 2023-10-31" -d '{"force":true}' http://localhost:5601/kbn/api/fleet/epm/packages/security_detection_engine/8.14.1 ``` - Install prebuilt rules ```bash curl -X POST --user elastic:changeme -H 'Content-Type: application/json' -H 'kbn-xsrf: 123' -H "elastic-api-version: 1" -d '{"mode":"ALL_RULES"}' http://localhost:5601/kbn/internal/detection_engine/prebuilt_rules/installation/_perform ``` - Open `Detection Rules (SIEM)` Page -> `Rule Updates` - [ ] Check update functionality in a flyout - Pick a rule - Click on rule's name - Make changes to fields in incoming rule updates updates - Save field(s) changes - Press the `Update` button - [ ] Check table row rule update - Pick a rule - Click on rule's name - Make changes to fields in incoming rule updates updates - Save field(s) changes - Close the flyout - Press the `Update rule` button in the rule's table row - [ ] Check bulk rule update - Pick a few rules and for each of them do the next steps - Click on rule's name - Make changes to fields in incoming rule updates updates - Save field(s) changes - Close the flyout - After press the `Update All` button on the page - [ ] Check selected rules bulk update - Pick a few rules and for each of them do the next steps - Click on rule's name - Make changes to fields in incoming rule updates updates - Save field(s) changes - Close the flyout - After select the modified rule updates - Press the `Update N selected rule(s)` button on the page Co-authored-by: Dmitrii Shevchenko <[email protected]> (cherry picked from commit 1862b59)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Nov 14, 2024
…ith the `_perform` upgrade API (#199761) (#200193) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] Integrate Prebuilt Rules Customization UI with the `_perform` upgrade API (#199761)](#199761) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Maxim Palenov","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-14T14:13:20Z","message":"[Security Solution] Integrate Prebuilt Rules Customization UI with the `_perform` upgrade API (#199761)\n\n**Partially addresses:** https://github.com/elastic/kibana/issues/171520\r\n\r\n## Summary\r\n\r\nThis PR integrates Prebuilt Rules Customization UI functionality with\r\nthe `/internal/detection_engine/prebuilt_rules/upgrade/_perform`\r\nPrebuilt Rules Customization upgrade API.\r\n\r\n> [!CAUTION]\r\n> This PR doesn't handle rule type changes. Prebuilt rule updates with\r\nrule type change consider having a NON SOLVABLE conflict and won't be\r\nupgraded neither individually nor in bulk. Addressing that task requires\r\nUI and functional changes and will be addressed in a separate PR.\r\n\r\n## Details\r\n\r\n\r\n## How to test\r\n\r\n- Clear Elasticsearch data\r\n- Run Elasticsearch and Kibana locally (do not open Kibana in a web\r\nbrowser)\r\n- Install an outdated version of the `security_detection_engine` Fleet\r\npackage\r\n ```bash\r\ncurl -X POST --user elastic:changeme -H 'Content-Type: application/json'\r\n-H 'kbn-xsrf: 123' -H \"elastic-api-version: 2023-10-31\" -d\r\n'{\"force\":true}'\r\nhttp://localhost:5601/kbn/api/fleet/epm/packages/security_detection_engine/8.14.1\r\n ```\r\n- Install prebuilt rules\r\n ```bash\r\ncurl -X POST --user elastic:changeme -H 'Content-Type: application/json'\r\n-H 'kbn-xsrf: 123' -H \"elastic-api-version: 1\" -d '{\"mode\":\"ALL_RULES\"}'\r\nhttp://localhost:5601/kbn/internal/detection_engine/prebuilt_rules/installation/_perform\r\n ```\r\n- Open `Detection Rules (SIEM)` Page -> `Rule Updates`\r\n- [ ] Check update functionality in a flyout\r\n - Pick a rule\r\n - Click on rule's name\r\n - Make changes to fields in incoming rule updates updates\r\n - Save field(s) changes\r\n - Press the `Update` button\r\n- [ ] Check table row rule update\r\n - Pick a rule\r\n - Click on rule's name\r\n - Make changes to fields in incoming rule updates updates\r\n - Save field(s) changes\r\n - Close the flyout\r\n - Press the `Update rule` button in the rule's table row\r\n- [ ] Check bulk rule update\r\n - Pick a few rules and for each of them do the next steps\r\n - Click on rule's name\r\n - Make changes to fields in incoming rule updates updates\r\n - Save field(s) changes\r\n - Close the flyout\r\n - After press the `Update All` button on the page\r\n- [ ] Check selected rules bulk update\r\n - Pick a few rules and for each of them do the next steps\r\n - Click on rule's name\r\n - Make changes to fields in incoming rule updates updates\r\n - Save field(s) changes\r\n - Close the flyout\r\n - After select the modified rule updates\r\n - Press the `Update N selected rule(s)` button on the page\r\n\r\nCo-authored-by: Dmitrii Shevchenko <[email protected]>","sha":"1862b5914786a207238c650465c3d6b3f04ab172","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v8.17.0"],"title":"[Security Solution] Integrate Prebuilt Rules Customization UI with the `_perform` upgrade API","number":199761,"url":"https://github.com/elastic/kibana/pull/199761","mergeCommit":{"message":"[Security Solution] Integrate Prebuilt Rules Customization UI with the `_perform` upgrade API (#199761)\n\n**Partially addresses:** https://github.com/elastic/kibana/issues/171520\r\n\r\n## Summary\r\n\r\nThis PR integrates Prebuilt Rules Customization UI functionality with\r\nthe `/internal/detection_engine/prebuilt_rules/upgrade/_perform`\r\nPrebuilt Rules Customization upgrade API.\r\n\r\n> [!CAUTION]\r\n> This PR doesn't handle rule type changes. Prebuilt rule updates with\r\nrule type change consider having a NON SOLVABLE conflict and won't be\r\nupgraded neither individually nor in bulk. Addressing that task requires\r\nUI and functional changes and will be addressed in a separate PR.\r\n\r\n## Details\r\n\r\n\r\n## How to test\r\n\r\n- Clear Elasticsearch data\r\n- Run Elasticsearch and Kibana locally (do not open Kibana in a web\r\nbrowser)\r\n- Install an outdated version of the `security_detection_engine` Fleet\r\npackage\r\n ```bash\r\ncurl -X POST --user elastic:changeme -H 'Content-Type: application/json'\r\n-H 'kbn-xsrf: 123' -H \"elastic-api-version: 2023-10-31\" -d\r\n'{\"force\":true}'\r\nhttp://localhost:5601/kbn/api/fleet/epm/packages/security_detection_engine/8.14.1\r\n ```\r\n- Install prebuilt rules\r\n ```bash\r\ncurl -X POST --user elastic:changeme -H 'Content-Type: application/json'\r\n-H 'kbn-xsrf: 123' -H \"elastic-api-version: 1\" -d '{\"mode\":\"ALL_RULES\"}'\r\nhttp://localhost:5601/kbn/internal/detection_engine/prebuilt_rules/installation/_perform\r\n ```\r\n- Open `Detection Rules (SIEM)` Page -> `Rule Updates`\r\n- [ ] Check update functionality in a flyout\r\n - Pick a rule\r\n - Click on rule's name\r\n - Make changes to fields in incoming rule updates updates\r\n - Save field(s) changes\r\n - Press the `Update` button\r\n- [ ] Check table row rule update\r\n - Pick a rule\r\n - Click on rule's name\r\n - Make changes to fields in incoming rule updates updates\r\n - Save field(s) changes\r\n - Close the flyout\r\n - Press the `Update rule` button in the rule's table row\r\n- [ ] Check bulk rule update\r\n - Pick a few rules and for each of them do the next steps\r\n - Click on rule's name\r\n - Make changes to fields in incoming rule updates updates\r\n - Save field(s) changes\r\n - Close the flyout\r\n - After press the `Update All` button on the page\r\n- [ ] Check selected rules bulk update\r\n - Pick a few rules and for each of them do the next steps\r\n - Click on rule's name\r\n - Make changes to fields in incoming rule updates updates\r\n - Save field(s) changes\r\n - Close the flyout\r\n - After select the modified rule updates\r\n - Press the `Update N selected rule(s)` button on the page\r\n\r\nCo-authored-by: Dmitrii Shevchenko <[email protected]>","sha":"1862b5914786a207238c650465c3d6b3f04ab172"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/199761","number":199761,"mergeCommit":{"message":"[Security Solution] Integrate Prebuilt Rules Customization UI with the `_perform` upgrade API (#199761)\n\n**Partially addresses:** https://github.com/elastic/kibana/issues/171520\r\n\r\n## Summary\r\n\r\nThis PR integrates Prebuilt Rules Customization UI functionality with\r\nthe `/internal/detection_engine/prebuilt_rules/upgrade/_perform`\r\nPrebuilt Rules Customization upgrade API.\r\n\r\n> [!CAUTION]\r\n> This PR doesn't handle rule type changes. Prebuilt rule updates with\r\nrule type change consider having a NON SOLVABLE conflict and won't be\r\nupgraded neither individually nor in bulk. Addressing that task requires\r\nUI and functional changes and will be addressed in a separate PR.\r\n\r\n## Details\r\n\r\n\r\n## How to test\r\n\r\n- Clear Elasticsearch data\r\n- Run Elasticsearch and Kibana locally (do not open Kibana in a web\r\nbrowser)\r\n- Install an outdated version of the `security_detection_engine` Fleet\r\npackage\r\n ```bash\r\ncurl -X POST --user elastic:changeme -H 'Content-Type: application/json'\r\n-H 'kbn-xsrf: 123' -H \"elastic-api-version: 2023-10-31\" -d\r\n'{\"force\":true}'\r\nhttp://localhost:5601/kbn/api/fleet/epm/packages/security_detection_engine/8.14.1\r\n ```\r\n- Install prebuilt rules\r\n ```bash\r\ncurl -X POST --user elastic:changeme -H 'Content-Type: application/json'\r\n-H 'kbn-xsrf: 123' -H \"elastic-api-version: 1\" -d '{\"mode\":\"ALL_RULES\"}'\r\nhttp://localhost:5601/kbn/internal/detection_engine/prebuilt_rules/installation/_perform\r\n ```\r\n- Open `Detection Rules (SIEM)` Page -> `Rule Updates`\r\n- [ ] Check update functionality in a flyout\r\n - Pick a rule\r\n - Click on rule's name\r\n - Make changes to fields in incoming rule updates updates\r\n - Save field(s) changes\r\n - Press the `Update` button\r\n- [ ] Check table row rule update\r\n - Pick a rule\r\n - Click on rule's name\r\n - Make changes to fields in incoming rule updates updates\r\n - Save field(s) changes\r\n - Close the flyout\r\n - Press the `Update rule` button in the rule's table row\r\n- [ ] Check bulk rule update\r\n - Pick a few rules and for each of them do the next steps\r\n - Click on rule's name\r\n - Make changes to fields in incoming rule updates updates\r\n - Save field(s) changes\r\n - Close the flyout\r\n - After press the `Update All` button on the page\r\n- [ ] Check selected rules bulk update\r\n - Pick a few rules and for each of them do the next steps\r\n - Click on rule's name\r\n - Make changes to fields in incoming rule updates updates\r\n - Save field(s) changes\r\n - Close the flyout\r\n - After select the modified rule updates\r\n - Press the `Update N selected rule(s)` button on the page\r\n\r\nCo-authored-by: Dmitrii Shevchenko <[email protected]>","sha":"1862b5914786a207238c650465c3d6b3f04ab172"}},{"branch":"8.x","label":"v8.17.0","branchLabelMappingKey":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Maxim Palenov <[email protected]>
wayneseymour
pushed a commit
to wayneseymour/kibana
that referenced
this pull request
Nov 18, 2024
…e `_perform` upgrade API (elastic#199761) **Partially addresses:** elastic#171520 ## Summary This PR integrates Prebuilt Rules Customization UI functionality with the `/internal/detection_engine/prebuilt_rules/upgrade/_perform` Prebuilt Rules Customization upgrade API. > [!CAUTION] > This PR doesn't handle rule type changes. Prebuilt rule updates with rule type change consider having a NON SOLVABLE conflict and won't be upgraded neither individually nor in bulk. Addressing that task requires UI and functional changes and will be addressed in a separate PR. ## Details ## How to test - Clear Elasticsearch data - Run Elasticsearch and Kibana locally (do not open Kibana in a web browser) - Install an outdated version of the `security_detection_engine` Fleet package ```bash curl -X POST --user elastic:changeme -H 'Content-Type: application/json' -H 'kbn-xsrf: 123' -H "elastic-api-version: 2023-10-31" -d '{"force":true}' http://localhost:5601/kbn/api/fleet/epm/packages/security_detection_engine/8.14.1 ``` - Install prebuilt rules ```bash curl -X POST --user elastic:changeme -H 'Content-Type: application/json' -H 'kbn-xsrf: 123' -H "elastic-api-version: 1" -d '{"mode":"ALL_RULES"}' http://localhost:5601/kbn/internal/detection_engine/prebuilt_rules/installation/_perform ``` - Open `Detection Rules (SIEM)` Page -> `Rule Updates` - [ ] Check update functionality in a flyout - Pick a rule - Click on rule's name - Make changes to fields in incoming rule updates updates - Save field(s) changes - Press the `Update` button - [ ] Check table row rule update - Pick a rule - Click on rule's name - Make changes to fields in incoming rule updates updates - Save field(s) changes - Close the flyout - Press the `Update rule` button in the rule's table row - [ ] Check bulk rule update - Pick a few rules and for each of them do the next steps - Click on rule's name - Make changes to fields in incoming rule updates updates - Save field(s) changes - Close the flyout - After press the `Update All` button on the page - [ ] Check selected rules bulk update - Pick a few rules and for each of them do the next steps - Click on rule's name - Make changes to fields in incoming rule updates updates - Save field(s) changes - Close the flyout - After select the modified rule updates - Press the `Update N selected rule(s)` button on the page Co-authored-by: Dmitrii Shevchenko <[email protected]>
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this pull request
Nov 18, 2024
…e `_perform` upgrade API (elastic#199761) **Partially addresses:** elastic#171520 ## Summary This PR integrates Prebuilt Rules Customization UI functionality with the `/internal/detection_engine/prebuilt_rules/upgrade/_perform` Prebuilt Rules Customization upgrade API. > [!CAUTION] > This PR doesn't handle rule type changes. Prebuilt rule updates with rule type change consider having a NON SOLVABLE conflict and won't be upgraded neither individually nor in bulk. Addressing that task requires UI and functional changes and will be addressed in a separate PR. ## Details ## How to test - Clear Elasticsearch data - Run Elasticsearch and Kibana locally (do not open Kibana in a web browser) - Install an outdated version of the `security_detection_engine` Fleet package ```bash curl -X POST --user elastic:changeme -H 'Content-Type: application/json' -H 'kbn-xsrf: 123' -H "elastic-api-version: 2023-10-31" -d '{"force":true}' http://localhost:5601/kbn/api/fleet/epm/packages/security_detection_engine/8.14.1 ``` - Install prebuilt rules ```bash curl -X POST --user elastic:changeme -H 'Content-Type: application/json' -H 'kbn-xsrf: 123' -H "elastic-api-version: 1" -d '{"mode":"ALL_RULES"}' http://localhost:5601/kbn/internal/detection_engine/prebuilt_rules/installation/_perform ``` - Open `Detection Rules (SIEM)` Page -> `Rule Updates` - [ ] Check update functionality in a flyout - Pick a rule - Click on rule's name - Make changes to fields in incoming rule updates updates - Save field(s) changes - Press the `Update` button - [ ] Check table row rule update - Pick a rule - Click on rule's name - Make changes to fields in incoming rule updates updates - Save field(s) changes - Close the flyout - Press the `Update rule` button in the rule's table row - [ ] Check bulk rule update - Pick a few rules and for each of them do the next steps - Click on rule's name - Make changes to fields in incoming rule updates updates - Save field(s) changes - Close the flyout - After press the `Update All` button on the page - [ ] Check selected rules bulk update - Pick a few rules and for each of them do the next steps - Click on rule's name - Make changes to fields in incoming rule updates updates - Save field(s) changes - Close the flyout - After select the modified rule updates - Press the `Update N selected rule(s)` button on the page Co-authored-by: Dmitrii Shevchenko <[email protected]>
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this pull request
Nov 18, 2024
…e `_perform` upgrade API (elastic#199761) **Partially addresses:** elastic#171520 ## Summary This PR integrates Prebuilt Rules Customization UI functionality with the `/internal/detection_engine/prebuilt_rules/upgrade/_perform` Prebuilt Rules Customization upgrade API. > [!CAUTION] > This PR doesn't handle rule type changes. Prebuilt rule updates with rule type change consider having a NON SOLVABLE conflict and won't be upgraded neither individually nor in bulk. Addressing that task requires UI and functional changes and will be addressed in a separate PR. ## Details ## How to test - Clear Elasticsearch data - Run Elasticsearch and Kibana locally (do not open Kibana in a web browser) - Install an outdated version of the `security_detection_engine` Fleet package ```bash curl -X POST --user elastic:changeme -H 'Content-Type: application/json' -H 'kbn-xsrf: 123' -H "elastic-api-version: 2023-10-31" -d '{"force":true}' http://localhost:5601/kbn/api/fleet/epm/packages/security_detection_engine/8.14.1 ``` - Install prebuilt rules ```bash curl -X POST --user elastic:changeme -H 'Content-Type: application/json' -H 'kbn-xsrf: 123' -H "elastic-api-version: 1" -d '{"mode":"ALL_RULES"}' http://localhost:5601/kbn/internal/detection_engine/prebuilt_rules/installation/_perform ``` - Open `Detection Rules (SIEM)` Page -> `Rule Updates` - [ ] Check update functionality in a flyout - Pick a rule - Click on rule's name - Make changes to fields in incoming rule updates updates - Save field(s) changes - Press the `Update` button - [ ] Check table row rule update - Pick a rule - Click on rule's name - Make changes to fields in incoming rule updates updates - Save field(s) changes - Close the flyout - Press the `Update rule` button in the rule's table row - [ ] Check bulk rule update - Pick a few rules and for each of them do the next steps - Click on rule's name - Make changes to fields in incoming rule updates updates - Save field(s) changes - Close the flyout - After press the `Update All` button on the page - [ ] Check selected rules bulk update - Pick a few rules and for each of them do the next steps - Click on rule's name - Make changes to fields in incoming rule updates updates - Save field(s) changes - Close the flyout - After select the modified rule updates - Press the `Update N selected rule(s)` button on the page Co-authored-by: Dmitrii Shevchenko <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Partially addresses: #171520
Summary
This PR integrates Prebuilt Rules Customization UI functionality with the
/internal/detection_engine/prebuilt_rules/upgrade/_performPrebuilt Rules Customization upgrade API.Caution
This PR doesn't handle rule type changes. Prebuilt rule updates with rule type change consider having a NON SOLVABLE conflict and won't be upgraded neither individually nor in bulk. Addressing that task requires UI and functional changes and will be addressed in a separate PR.
Details
How to test
security_detection_engineFleet packagecurl -X POST --user elastic:changeme -H 'Content-Type: application/json' -H 'kbn-xsrf: 123' -H "elastic-api-version: 2023-10-31" -d '{"force":true}' http://localhost:5601/kbn/api/fleet/epm/packages/security_detection_engine/8.14.1
Detection Rules (SIEM)Page ->Rule UpdatesUpdatebuttonUpdate rulebutton in the rule's table rowUpdate Allbutton on the pageUpdate N selected rule(s)button on the page