[Request] New feature docs - Bulk Action for Rule Custom Highlighted Fields #5090
Labels
Effort: Small
Issues that can be resolved quickly
Priority: High
Issues that are time-sensitive and/or are of high customer importance
Team: Detection Engine
v8.15.0
Description
We're introducing a new feature - Bulk Action for Rule Custom Highlighted Fields. Right now there is no option to update custom highlighted fields for multiple rules which makes our customers life harder. With these changes we will address this customer request elastic/kibana#164301 (also covered in this ticket https://github.com/elastic/security-team/issues/8958).
How it works:
NOTE: The feature works similarly to existing Bulk Index and Bulk Tags rule actions.
Background & resources
Which documentation set does this change impact?
ESS and serverless
ESS release
8.15
Serverless release
Monday, July 15, 2024
Feature differences
This feature is identical in ESS and Serverless
API docs impact
We need to update
Possible BulkEditAction object values
here https://www.elastic.co/guide/en/security/current/bulk-actions-rules-api.html#bulk-edit-object-schema. There are three new values need to be added to the table:type
fieldvalue
fieldPrerequisites, privileges, feature flags
No pre-reqs for users in Serverless or ESS.
Required doc updates
NOTE: To enable the feature in a test deployment (ESS), will need to add the
bulkCustomHighlightedFieldsEnabled: bulkCustomHighlightedFieldsEnabled
feature flag to the Kibana’s configuration settings.The text was updated successfully, but these errors were encountered: