[SIEM][Detections Engine] - Add rule markdown field to rule create, detail, and edit flows (#60108)

* add rule note markdown field to rule creation, rule details, and rule edit flows

Co-authored-by: Gloria Hornero <snootchie.boochies@gmail.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>

Author: 3 people

x-pack/legacy/plugins/siem/cypress/integration/signal_detection_rules.spec.ts

@@ -7,30 +7,30 @@
 import { newRule } from '../objects/rule';
 
 import {
-  ABOUT_DESCRIPTION,
-  ABOUT_EXPECTED_URLS,
   ABOUT_FALSE_POSITIVES,
   ABOUT_MITRE,
   ABOUT_RISK,
-  ABOUT_RULE_DESCRIPTION,
   ABOUT_SEVERITY,
+  ABOUT_STEP,
   ABOUT_TAGS,
   ABOUT_TIMELINE,
+  ABOUT_URLS,
   DEFINITION_CUSTOM_QUERY,
-  DEFINITION_DESCRIPTION,
   DEFINITION_INDEX_PATTERNS,
+  DEFINITION_STEP,
   RULE_NAME_HEADER,
-  SCHEDULE_DESCRIPTION,
   SCHEDULE_LOOPBACK,
   SCHEDULE_RUNS,
+  SCHEDULE_STEP,
+  ABOUT_RULE_DESCRIPTION,
 } from '../screens/rule_details';
 import {
   CUSTOM_RULES_BTN,
   ELASTIC_RULES_BTN,
   RISK_SCORE,
   RULE_NAME,
-  RULES_TABLE,
   RULES_ROW,
+  RULES_TABLE,
   SEVERITY,
 } from '../screens/signal_detection_rules';
 
@@ -127,10 +127,25 @@ describe('Signal detection rules', () => {
 
     goToRuleDetails();
 
-    cy.get(RULE_NAME_HEADER)
-      .invoke('text')
-      .should('eql', `${newRule.name} Beta`);
-
+    let expectedUrls = '';
+    newRule.referenceUrls.forEach(url => {
+      expectedUrls = expectedUrls + url;
+    });
+    let expectedFalsePositives = '';
+    newRule.falsePositivesExamples.forEach(falsePositive => {
+      expectedFalsePositives = expectedFalsePositives + falsePositive;
+    });
+    let expectedTags = '';
+    newRule.tags.forEach(tag => {
+      expectedTags = expectedTags + tag;
+    });
+    let expectedMitre = '';
+    newRule.mitre.forEach(mitre => {
+      expectedMitre = expectedMitre + mitre.tactic;
+      mitre.techniques.forEach(technique => {
+        expectedMitre = expectedMitre + technique;
+      });
+    });
     const expectedIndexPatterns = [
       'apm-*-transaction*',
       'auditbeat-*',
@@ -139,77 +154,60 @@ describe('Signal detection rules', () => {
       'packetbeat-*',
       'winlogbeat-*',
     ];
-    cy.get(DEFINITION_INDEX_PATTERNS).then(patterns => {
-      cy.wrap(patterns).each((pattern, index) => {
-        cy.wrap(pattern)
-          .invoke('text')
-          .should('eql', expectedIndexPatterns[index]);
-      });
-    });
-    cy.get(DEFINITION_DESCRIPTION)
-      .eq(DEFINITION_CUSTOM_QUERY)
+
+    cy.get(RULE_NAME_HEADER)
       .invoke('text')
-      .should('eql', `${newRule.customQuery} `);
-    cy.get(ABOUT_DESCRIPTION)
-      .eq(ABOUT_RULE_DESCRIPTION)
+      .should('eql', `${newRule.name} Beta`);
+
+    cy.get(ABOUT_RULE_DESCRIPTION)
       .invoke('text')
       .should('eql', newRule.description);
-    cy.get(ABOUT_DESCRIPTION)
+    cy.get(ABOUT_STEP)
       .eq(ABOUT_SEVERITY)
       .invoke('text')
       .should('eql', newRule.severity);
-    cy.get(ABOUT_DESCRIPTION)
+    cy.get(ABOUT_STEP)
       .eq(ABOUT_RISK)
       .invoke('text')
       .should('eql', newRule.riskScore);
-    cy.get(ABOUT_DESCRIPTION)
+    cy.get(ABOUT_STEP)
       .eq(ABOUT_TIMELINE)
       .invoke('text')
       .should('eql', 'Default blank timeline');
-
-    let expectedUrls = '';
-    newRule.referenceUrls.forEach(url => {
-      expectedUrls = expectedUrls + url;
-    });
-    cy.get(ABOUT_DESCRIPTION)
-      .eq(ABOUT_EXPECTED_URLS)
+    cy.get(ABOUT_STEP)
+      .eq(ABOUT_URLS)
       .invoke('text')
       .should('eql', expectedUrls);
-
-    let expectedFalsePositives = '';
-    newRule.falsePositivesExamples.forEach(falsePositive => {
-      expectedFalsePositives = expectedFalsePositives + falsePositive;
-    });
-    cy.get(ABOUT_DESCRIPTION)
+    cy.get(ABOUT_STEP)
       .eq(ABOUT_FALSE_POSITIVES)
       .invoke('text')
       .should('eql', expectedFalsePositives);
-
-    let expectedMitre = '';
-    newRule.mitre.forEach(mitre => {
-      expectedMitre = expectedMitre + mitre.tactic;
-      mitre.techniques.forEach(technique => {
-        expectedMitre = expectedMitre + technique;
-      });
-    });
-    cy.get(ABOUT_DESCRIPTION)
+    cy.get(ABOUT_STEP)
       .eq(ABOUT_MITRE)
       .invoke('text')
       .should('eql', expectedMitre);
-
-    let expectedTags = '';
-    newRule.tags.forEach(tag => {
-      expectedTags = expectedTags + tag;
-    });
-    cy.get(ABOUT_DESCRIPTION)
+    cy.get(ABOUT_STEP)
       .eq(ABOUT_TAGS)
       .invoke('text')
       .should('eql', expectedTags);
-    cy.get(SCHEDULE_DESCRIPTION)
+
+    cy.get(DEFINITION_INDEX_PATTERNS).then(patterns => {
+      cy.wrap(patterns).each((pattern, index) => {
+        cy.wrap(pattern)
+          .invoke('text')
+          .should('eql', expectedIndexPatterns[index]);
+      });
+    });
+    cy.get(DEFINITION_STEP)
+      .eq(DEFINITION_CUSTOM_QUERY)
+      .invoke('text')
+      .should('eql', `${newRule.customQuery} `);
+
+    cy.get(SCHEDULE_STEP)
       .eq(SCHEDULE_RUNS)
       .invoke('text')
       .should('eql', '5m');
-    cy.get(SCHEDULE_DESCRIPTION)
+    cy.get(SCHEDULE_STEP)
       .eq(SCHEDULE_LOOPBACK)
       .invoke('text')
       .should('eql', '1m');

x-pack/legacy/plugins/siem/cypress/screens/rule_details.ts

@@ -4,35 +4,35 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-export const ABOUT_DESCRIPTION = '[data-test-subj="aboutRule"] .euiDescriptionList__description';
+export const ABOUT_FALSE_POSITIVES = 4;
 
-export const ABOUT_EXPECTED_URLS = 4;
+export const ABOUT_MITRE = 5;
 
-export const ABOUT_FALSE_POSITIVES = 5;
+export const ABOUT_RULE_DESCRIPTION = '[data-test-subj=stepAboutRuleDetailsToggleDescriptionText]';
 
-export const ABOUT_MITRE = 6;
+export const ABOUT_RISK = 1;
 
-export const ABOUT_RULE_DESCRIPTION = 0;
+export const ABOUT_SEVERITY = 0;
 
-export const ABOUT_RISK = 2;
+export const ABOUT_STEP = '[data-test-subj="aboutRule"] .euiDescriptionList__description';
 
-export const ABOUT_SEVERITY = 1;
+export const ABOUT_TAGS = 6;
 
-export const ABOUT_TAGS = 7;
+export const ABOUT_TIMELINE = 2;
 
-export const ABOUT_TIMELINE = 3;
+export const ABOUT_URLS = 3;
 
 export const DEFINITION_CUSTOM_QUERY = 1;
 
-export const DEFINITION_DESCRIPTION =
-  '[data-test-subj="definition"] .euiDescriptionList__description';
-
 export const DEFINITION_INDEX_PATTERNS =
-  '[data-test-subj="definition"] .euiDescriptionList__description .euiBadge__text';
+  '[data-test-subj=definitionRule] [data-test-subj="listItemColumnStepRuleDescription"] .euiDescriptionList__description .euiBadge__text';
+
+export const DEFINITION_STEP =
+  '[data-test-subj=definitionRule] [data-test-subj="listItemColumnStepRuleDescription"] .euiDescriptionList__description';
 
 export const RULE_NAME_HEADER = '[data-test-subj="header-page-title"]';
 
-export const SCHEDULE_DESCRIPTION = '[data-test-subj="schedule"]  .euiDescriptionList__description';
+export const SCHEDULE_STEP = '[data-test-subj="schedule"]  .euiDescriptionList__description';
 
 export const SCHEDULE_RUNS = 0;
 

x-pack/legacy/plugins/siem/dev_tools/circular_deps/run_check_circular_deps_cli.js

@@ -17,6 +17,16 @@ run(
       [resolve(__dirname, '../../public'), resolve(__dirname, '../../common')],
       {
         fileExtensions: ['ts', 'js', 'tsx'],
+        excludeRegExp: [
+          'test.ts$',
+          'test.tsx$',
+          'containers/detection_engine/rules/types.ts$',
+          'core/public/chrome/chrome_service.tsx$',
+          'src/core/server/types.ts$',
+          'src/core/server/saved_objects/types.ts$',
+          'src/core/public/overlays/banners/banners_service.tsx$',
+          'src/core/public/saved_objects/saved_objects_client.ts$',
+        ],
       }
     );
 

x-pack/legacy/plugins/siem/public/containers/detection_engine/rules/types.ts

@@ -33,6 +33,7 @@ export const NewRuleSchema = t.intersection([
     threat: t.array(t.unknown),
     to: t.string,
     updated_by: t.string,
+    note: t.string,
   }),
 ]);
 
@@ -86,6 +87,7 @@ export const RuleSchema = t.intersection([
     status_date: t.string,
     timeline_id: t.string,
     timeline_title: t.string,
+    note: t.string,
     version: t.number,
   }),
 ]);