From ed144bdba48585754de6b89f80b5dbba37f19edf Mon Sep 17 00:00:00 2001
From: Juan Pablo Djeredjian <jpdjeredjian@gmail.com>
Date: Fri, 11 Oct 2024 10:44:50 -0300
Subject: [PATCH] [Security Solution] Add `AlertSuppression` and `Investigation
 Fields` to Rule Upgrade workflow (#195499)

Resolves: https://github.com/elastic/kibana/issues/190597

## Summary

Adds `AlertSuppression` and `Investigation Fields` to Rule Upgrade
workflow:
- Fields had already been added to DiffableRule schema and diffing
algorithms in https://github.com/elastic/kibana/pull/190128
- Current PR adds them to the UI field list so they get displayed in the
diff

## Screenshots

#### Investigation Fields


![image](https://github.com/user-attachments/assets/bff90832-cbf7-4804-888f-b62db5d08127)

#### Alert Suppression


![image](https://github.com/user-attachments/assets/a46fc2db-53d1-4aab-92fc-c92ff88a60b0)


## Testing

Little bit tricky: no prebuilt rules have these fields, so no matter
which packages you install you wont' see this upgrade. You'll need to
tinker with the security-rule assets, for example:
```ts
POST .kibana_security_solution/_update_by_query
{
  "script": {
    "source": """
        ctx._source['security-rule']['alert_suppression'] = [
        'group_by': ['agent.hostname'],
        'missing_fields_strategy': 'suppress'
      ];
    """,
    "lang": "painless"
  },
  "query": {
    "bool": {
      "must": [
        {
          "term": {
            "type": {
              "value": "security-rule"
            }
          }
        },
        {
          "term": {
            "security-rule.rule_id": {
              "value": "0564fb9d-90b9-4234-a411-82a546dc1343"
            }
          }
        },
        {
          "term": {
            "security-rule.version": {
              "value": "111"
            }
          }
        }
      ]
    }
  }
}
```

### For maintainers

- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
---
 .../rule_management/components/rule_details/constants.ts        | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/constants.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/constants.ts
index 07805dfbb1000..5d42c8d73fd84 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/constants.ts
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/constants.ts
@@ -16,6 +16,7 @@ export const ABOUT_UPGRADE_FIELD_ORDER: Array<keyof DiffableAllFields> = [
   'description',
   'author',
   'building_block',
+  'investigation_fields',
   'severity',
   'severity_mapping',
   'risk_score',
@@ -52,6 +53,7 @@ export const DEFINITION_UPGRADE_FIELD_ORDER: Array<keyof DiffableAllFields> = [
   'new_terms_fields',
   'history_window_start',
   'max_signals',
+  'alert_suppression',
 ];
 
 export const SCHEDULE_UPGRADE_FIELD_ORDER: Array<keyof DiffableAllFields> = ['rule_schedule'];