Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Request] New feature docs - Bulk Action for Rule Custom Highlighted Fields #5090

Closed
5 tasks done
Tracked by #179312
e40pud opened this issue Apr 15, 2024 · 1 comment · Fixed by #5460
Closed
5 tasks done
Tracked by #179312

[Request] New feature docs - Bulk Action for Rule Custom Highlighted Fields #5090

e40pud opened this issue Apr 15, 2024 · 1 comment · Fixed by #5460
Assignees
Labels
Effort: Small Issues that can be resolved quickly Priority: High Issues that are time-sensitive and/or are of high customer importance Team: Detection Engine v8.15.0

Comments

@e40pud
Copy link
Contributor

e40pud commented Apr 15, 2024

Description

We're introducing a new feature - Bulk Action for Rule Custom Highlighted Fields. Right now there is no option to update custom highlighted fields for multiple rules which makes our customers life harder. With these changes we will address this customer request elastic/kibana#164301 (also covered in this ticket https://github.com/elastic/security-team/issues/8958).

How it works:

  1. Select multiple rules
  2. Open bulk actions menu
  3. Select "Custom highlighted fields" menu item
  4. User can add new or delete existing custom highlighted fields

NOTE: The feature works similarly to existing Bulk Index and Bulk Tags rule actions.

Background & resources

Which documentation set does this change impact?

ESS and serverless

ESS release

8.15

Serverless release

Monday, July 15, 2024

Feature differences

This feature is identical in ESS and Serverless

API docs impact

We need to update Possible BulkEditAction object values here https://www.elastic.co/guide/en/security/current/bulk-actions-rules-api.html#bulk-edit-object-schema. There are three new values need to be added to the table:

type field value field Description
add_investigation_fields { field_names: String[] } Add custom highlighted fields to rules
delete_investigation_fields { field_names: String[] } Delete rules' custom highlighted fields
set_investigation_fields { field_names: String[] } Overwrite rules' custom highlighted fields

Prerequisites, privileges, feature flags

No pre-reqs for users in Serverless or ESS.

Required doc updates

NOTE: To enable the feature in a test deployment (ESS), will need to add the bulkCustomHighlightedFieldsEnabled: bulkCustomHighlightedFieldsEnabled feature flag to the Kibana’s configuration settings.

@banderror banderror added v8.15.0 and removed v8.14.0 labels Apr 16, 2024
e40pud added a commit to elastic/kibana that referenced this issue May 2, 2024
)

**Resolves: #164301
**Resolves: elastic/security-team#8958

## Summary

With these changes we introduce a new feature - Bulk custom highlighted
fields update. It works similarly to bulk tags and indices update.

Here is the overview of the work that has been done:


https://github.com/elastic/kibana/assets/2700761/b1ba6670-9984-43c9-9f1e-e18a2b7f071f

### Checklist

Delete any items that are not applicable to this PR.

- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
  - [ ] elastic/security-docs#5090
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [ ] [ESS 100
times](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5834)
- [ ] [Serverless 100
times](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5835)

---------

Co-authored-by: Kibana Machine <[email protected]>
Co-authored-by: Devin W. Hurley <[email protected]>
@nastasha-solomon
Copy link
Contributor

nastasha-solomon commented May 3, 2024

Notes for self:

  • Follow up with Zhenia on the API params (the field names are for bulk assigning indices) when he's back from PTO.
  • The feature is merged into main and is behind a FF. I should be able to enable the FF and test it in a future BC.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Effort: Small Issues that can be resolved quickly Priority: High Issues that are time-sensitive and/or are of high customer importance Team: Detection Engine v8.15.0
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants