From fa7e55813349d6592b14722e66e07463514e8767 Mon Sep 17 00:00:00 2001 From: FrankHassanabad Date: Wed, 21 Oct 2020 08:50:45 -0600 Subject: [PATCH 1/6] Changes wording for threat matches and rules --- .../components/rules/select_rule_type/translations.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/select_rule_type/translations.ts b/x-pack/plugins/security_solution/public/detections/components/rules/select_rule_type/translations.ts index 7043aa2d2f956..cbfb360fd43a6 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/select_rule_type/translations.ts +++ b/x-pack/plugins/security_solution/public/detections/components/rules/select_rule_type/translations.ts @@ -73,6 +73,6 @@ export const THREAT_MATCH_TYPE_TITLE = i18n.translate( export const THREAT_MATCH_TYPE_DESCRIPTION = i18n.translate( 'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ruleTypeField.threatMatchDescription', { - defaultMessage: 'Upload value lists to write rules around a list of known bad attributes', + defaultMessage: 'Configure rules matching fields from threat feed indices.', } ); From b8bbfcc5075961dc434fb4a7b8e709dbd2f22aea Mon Sep 17 00:00:00 2001 From: FrankHassanabad Date: Thu, 22 Oct 2020 17:53:34 -0600 Subject: [PATCH 2/6] Changed wording per feedback on PR review --- .../components/rules/description_step/translations.tsx | 2 +- .../components/rules/select_rule_type/translations.ts | 5 +++-- .../detections/components/rules/step_define_rule/schema.tsx | 6 +++--- .../scripts/rules/queries/query_with_threat_mapping.json | 2 +- 4 files changed, 8 insertions(+), 7 deletions(-) diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/description_step/translations.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/description_step/translations.tsx index d9186c2da7225..04647871f212e 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/description_step/translations.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/rules/description_step/translations.tsx @@ -65,7 +65,7 @@ export const THRESHOLD_TYPE_DESCRIPTION = i18n.translate( export const THREAT_MATCH_TYPE_DESCRIPTION = i18n.translate( 'xpack.securitySolution.detectionEngine.createRule.threatMatchRuleTypeDescription', { - defaultMessage: 'Threat Match', + defaultMessage: 'Indicator Match', } ); diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/select_rule_type/translations.ts b/x-pack/plugins/security_solution/public/detections/components/rules/select_rule_type/translations.ts index cbfb360fd43a6..b9c229fe78f10 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/select_rule_type/translations.ts +++ b/x-pack/plugins/security_solution/public/detections/components/rules/select_rule_type/translations.ts @@ -66,13 +66,14 @@ export const THRESHOLD_TYPE_DESCRIPTION = i18n.translate( export const THREAT_MATCH_TYPE_TITLE = i18n.translate( 'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ruleTypeField.threatMatchTitle', { - defaultMessage: 'Threat Match', + defaultMessage: 'Indicator Match', } ); export const THREAT_MATCH_TYPE_DESCRIPTION = i18n.translate( 'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ruleTypeField.threatMatchDescription', { - defaultMessage: 'Configure rules matching fields from threat feed indices.', + defaultMessage: + 'Use indicators from intelligence sources to detect matching events and alerts.', } ); diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/schema.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/schema.tsx index ebffb1abf4787..9763125776be2 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/schema.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/schema.tsx @@ -235,7 +235,7 @@ export const schema: FormSchema = { label: i18n.translate( 'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldThreatIndexPatternsLabel', { - defaultMessage: 'Threat index patterns', + defaultMessage: 'Indicator Index Patterns', } ), helpText: {THREAT_MATCH_INDEX_HELPER_TEXT}, @@ -265,7 +265,7 @@ export const schema: FormSchema = { label: i18n.translate( 'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldThreatMappingLabel', { - defaultMessage: 'Threat Mapping', + defaultMessage: 'Indicator Mapping', } ), validations: [ @@ -301,7 +301,7 @@ export const schema: FormSchema = { label: i18n.translate( 'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldThreatQueryBarLabel', { - defaultMessage: 'Threat index query', + defaultMessage: 'Indicator Index Query', } ), validations: [ diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/rules/queries/query_with_threat_mapping.json b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/rules/queries/query_with_threat_mapping.json index 1e2f217751e96..ed9356f46501c 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/rules/queries/query_with_threat_mapping.json +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/rules/queries/query_with_threat_mapping.json @@ -1,5 +1,5 @@ { - "name": "Query with a threat mapping", + "name": "Query with a indicator mapping", "description": "Query with a threat mapping", "rule_id": "threat-mapping", "risk_score": 1, From 684c0f59389075750a75c96be2de8251dbc5b7c5 Mon Sep 17 00:00:00 2001 From: FrankHassanabad Date: Thu, 22 Oct 2020 18:00:11 -0600 Subject: [PATCH 3/6] Changes the wording for an extra field --- .../public/common/components/threat_match/translations.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/plugins/security_solution/public/common/components/threat_match/translations.ts b/x-pack/plugins/security_solution/public/common/components/threat_match/translations.ts index ca9f6a13856cf..57e7416731486 100644 --- a/x-pack/plugins/security_solution/public/common/components/threat_match/translations.ts +++ b/x-pack/plugins/security_solution/public/common/components/threat_match/translations.ts @@ -13,7 +13,7 @@ export const FIELD = i18n.translate('xpack.securitySolution.threatMatch.fieldDes export const THREAT_FIELD = i18n.translate( 'xpack.securitySolution.threatMatch.threatFieldDescription', { - defaultMessage: 'Threat index field', + defaultMessage: 'Indicator index field', } ); From da629988e88fa95a817472a7ab4f48d43e3b906b Mon Sep 17 00:00:00 2001 From: FrankHassanabad Date: Fri, 23 Oct 2020 07:47:12 -0600 Subject: [PATCH 4/6] Changed wording to Indicator Match for tests --- .../components/rules/description_step/helpers.test.tsx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/description_step/helpers.test.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/description_step/helpers.test.tsx index ebdfdcc262b34..ee1edecbdc54a 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/description_step/helpers.test.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/rules/description_step/helpers.test.tsx @@ -437,7 +437,7 @@ describe('helpers', () => { it('returns a humanized description for a threat_match type', () => { const [result]: ListItems[] = buildRuleTypeDescription('Test label', 'threat_match'); - expect(result.description).toEqual('Threat Match'); + expect(result.description).toEqual('Indicator Match'); }); }); }); From ef0cf3bc64c7fef9be6207cff552fa4a9c143114 Mon Sep 17 00:00:00 2001 From: FrankHassanabad Date: Fri, 23 Oct 2020 09:39:18 -0600 Subject: [PATCH 5/6] Added some form reset logic for the threat match --- .../components/rules/step_define_rule/index.tsx | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/index.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/index.tsx index 8a5966c71aa28..1005647a17500 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/index.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/index.tsx @@ -163,9 +163,19 @@ const StepDefineRuleComponent: FC = ({ ] = useFetchIndex(threatIndex); // reset form when rule type changes + const { setFieldValue } = form; useEffect(() => { + if (isThreatMatchRule(ruleType)) { + setFieldValue('queryBar', { + query: { query: '*:*', language: 'kuery' }, + filters: [], + saved_id: undefined, + }); + } else { + setFieldValue('queryBar', stepDefineDefaultValue.queryBar); + } reset({ resetValues: false }); - }, [reset, ruleType]); + }, [reset, ruleType, setFieldValue]); useEffect(() => { setIndexModified(!isEqual(index, indicesConfig)); From be87c7da56452c1cf85c275e8bc2f6cce28f594b Mon Sep 17 00:00:00 2001 From: FrankHassanabad Date: Mon, 26 Oct 2020 22:06:20 -0600 Subject: [PATCH 6/6] Backed out change that was risky and instead am going to push the change into another PR --- .../components/rules/step_define_rule/index.tsx | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/index.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/index.tsx index 1005647a17500..8a5966c71aa28 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/index.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/index.tsx @@ -163,19 +163,9 @@ const StepDefineRuleComponent: FC = ({ ] = useFetchIndex(threatIndex); // reset form when rule type changes - const { setFieldValue } = form; useEffect(() => { - if (isThreatMatchRule(ruleType)) { - setFieldValue('queryBar', { - query: { query: '*:*', language: 'kuery' }, - filters: [], - saved_id: undefined, - }); - } else { - setFieldValue('queryBar', stepDefineDefaultValue.queryBar); - } reset({ resetValues: false }); - }, [reset, ruleType, setFieldValue]); + }, [reset, ruleType]); useEffect(() => { setIndexModified(!isEqual(index, indicesConfig));