Skip to content

Commit

Permalink
[Security Solution] Disables author and license fields in rule ed…
Browse files Browse the repository at this point in the history 
…it form for prebuilt rule types (elastic#201887)

## Summary

Fixes elastic#200251

> [!NOTE]
> This bug/related fix is only visible with the
`prebuiltRulesCustomizationEnabled` feature flag turned on.

Disables `author` and `license` fields in rule edit form for prebuilt
rule types as we throw API errors when they are changed from the
existing rule value if the rule source is external.

### Screenshots - the same prebuilt rule in the Rule edit form
**Before**
<img width="738" alt="Screenshot 2024-11-26 at 5 32 00 PM"
src="https://github.com/user-attachments/assets/6262cdb2-750a-47fb-b6b8-ec07f4acd8aa">

**After**
![Screenshot 2024-12-03 at 3 22
34 PM](https://github.com/user-attachments/assets/bfb4c468-3ea2-4fa0-bd36-a90c32eacce4)

### Checklist

Check the PR satisfies following conditions.

Reviewers should verify this PR satisfies this list as well.

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

(cherry picked from commit 13fa525)
  • Loading branch information
@dplumlee
dplumlee committed Dec 4, 2024
1 parent 03a5843 commit 2e7fe0a
Show file tree
Hide file tree
Showing 3 changed files with 64 additions and 25 deletions.
73 changes: 48 additions & 25 deletions ...ty_solution/public/detection_engine/rule_creation_ui/components/step_about_rule/index.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,14 +5,15 @@
* 2.0.
*/

import { EuiAccordion, EuiFlexItem, EuiSpacer, EuiFormRow } from '@elastic/eui';
import { EuiAccordion, EuiFlexItem, EuiSpacer, EuiFormRow, EuiToolTip } from '@elastic/eui';
import type { FC } from 'react';
import React, { memo, useCallback, useEffect, useState, useMemo } from 'react';
import styled from 'styled-components';

import type { DataViewBase } from '@kbn/es-query';
import type { Severity, Type } from '@kbn/securitysolution-io-ts-alerting-types';

import type { RuleSource } from '../../../../../common/api/detection_engine';
import { isThreatMatchRule, isEsqlRule } from '../../../../../common/detection_engine/utils';
import type {
RuleStepProps,
Expand Down Expand Up @@ -55,6 +56,7 @@ interface StepAboutRuleProps extends RuleStepProps {
timestampOverride: string;
form: FormHook<AboutStepRule>;
esqlQuery?: string | undefined;
ruleSource?: RuleSource;
}

interface StepAboutRuleReadOnlyProps {
Expand Down Expand Up @@ -85,6 +87,7 @@ const StepAboutRuleComponent: FC<StepAboutRuleProps> = ({
isLoading,
form,
esqlQuery,
ruleSource,
}) => {
const { data } = useKibana().services;

Expand Down Expand Up @@ -280,31 +283,51 @@ const StepAboutRuleComponent: FC<StepAboutRuleProps> = ({
}}
/>
<EuiSpacer size="l" />
<CommonUseField
path="author"
componentProps={{
idAria: 'detectionEngineStepAboutRuleAuthor',
'data-test-subj': 'detectionEngineStepAboutRuleAuthor',
euiFieldProps: {
fullWidth: true,
isDisabled: isLoading,
placeholder: '',
},
}}
/>
<EuiToolTip
content={
ruleSource?.type === 'external'
? I18n.AUTHOR_IMMUTABLE_FIELD_TOOLTIP_TEXT
: undefined
}
display="block"
position="right"
>
<CommonUseField
path="author"
componentProps={{
idAria: 'detectionEngineStepAboutRuleAuthor',
'data-test-subj': 'detectionEngineStepAboutRuleAuthor',
euiFieldProps: {
fullWidth: true,
isDisabled: isLoading || ruleSource?.type === 'external', // We don't allow "author" customization if this is a prebuilt rule
placeholder: '',
},
}}
/>
</EuiToolTip>
<EuiSpacer size="l" />
<CommonUseField
path="license"
componentProps={{
idAria: 'detectionEngineStepAboutRuleLicense',
'data-test-subj': 'detectionEngineStepAboutRuleLicense',
euiFieldProps: {
fullWidth: true,
disabled: isLoading,
placeholder: '',
},
}}
/>
<EuiToolTip
content={
ruleSource?.type === 'external'
? I18n.LICENSE_IMMUTABLE_FIELD_TOOLTIP_TEXT
: undefined
}
display="block"
position="right"
>
<CommonUseField
path="license"
componentProps={{
idAria: 'detectionEngineStepAboutRuleLicense',
'data-test-subj': 'detectionEngineStepAboutRuleLicense',
euiFieldProps: {
fullWidth: true,
disabled: isLoading || ruleSource?.type === 'external', // We don't allow "license" customization if this is a prebuilt rule
placeholder: '',
},
}}
/>
</EuiToolTip>
<EuiSpacer size="l" />
<EuiFormRow label={I18n.GLOBAL_ENDPOINT_EXCEPTION_LIST} fullWidth>
<CommonUseField
Expand Down
14 changes: 14 additions & 0 deletions ...ution/public/detection_engine/rule_creation_ui/components/step_about_rule/translations.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,3 +97,17 @@ export const ADD_RULE_SETUP_HELP_TEXT = i18n.translate(
defaultMessage: 'Add rule setup guide...',
}
);

export const AUTHOR_IMMUTABLE_FIELD_TOOLTIP_TEXT = i18n.translate(
'xpack.securitySolution.detectionEngine.createRule.stepAboutrule.authorImmutableFieldTooltipText',
{
defaultMessage: 'Author is not editable for Elastic rules',
}
);

export const LICENSE_IMMUTABLE_FIELD_TOOLTIP_TEXT = i18n.translate(
'xpack.securitySolution.detectionEngine.createRule.stepAboutrule.licenseImmutableFieldTooltipText',
{
defaultMessage: 'License is not editable for Elastic rules',
}
);
2 changes: 2 additions & 0 deletions ...s/security_solution/public/detection_engine/rule_creation_ui/pages/rule_editing/index.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -281,6 +281,7 @@ const EditRulePageComponent: FC<{ rule: RuleResponse }> = ({ rule }) => {
form={aboutStepForm}
esqlQuery={esqlQueryForAboutStep}
key="aboutStep"
ruleSource={rule.rule_source}
/>
)}
<EuiSpacer />
Expand Down Expand Up @@ -346,6 +347,7 @@ const EditRulePageComponent: FC<{ rule: RuleResponse }> = ({ rule }) => {
[
isPrebuiltRulesCustomizationEnabled,
rule?.immutable,
rule.rule_source,
rule?.id,
activeStep,
loading,
Expand Down

0 comments on commit 2e7fe0a

Please sign in to comment.