[Security Solution] Allows editing and exporting prebuilt rules from the Rule Management and Rule Details pages #198202
+19
−11
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dplumlee
added
release_note:skip
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Tested with both FF on and off. All features working as expected 👍 LGTM ✅ |
|
@elasticmachine merge upstream |
dplumlee
force-pushed
the
allow-editing-prebuilt-in-ui
branch
from
bfee024
to
9ef2f4f
Compare
|
@dplumlee Can you please add screenshots and/or video showing the changes made in this PR? |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
💚 Build Succeeded
Metrics [docs]Async chunks
History
cc @dplumlee |
banderror
approved these changes
Nov 13, 2024
There was a problem hiding this comment.
Code changes LGTM.
I did some extended manual testing locally with both feature flags ON and OFF. First, I checked many scenarios with the flag ON. Then I kept the prebuilt customized, prebuilt non-customized, and custom rules created when the flag was ON, turned it OFF, and continued testing the app. I did this to check if the "new" data breaks the app without the flag.
- Feature flag is ON
- Rule Management page
- Should be possible to edit:
- A single non-customized prebuilt rule (only rule actions).
- A single customized prebuilt rule (only rule actions).
- A custom rule (any parameter).
- Should be possible to bulk edit prebuilt rules:
- Add index patterns.
- Delete index patterns.
- Add tags.
- Delete tags.
- Add custom highlighted fields.
- Delete custom highlighted fields.
- Add rule actions.
- Update rule schedules.
- Apply timeline template.
- Should be possible to export:
- A single non-customized prebuilt rule.
- A single customized prebuilt rule.
- A custom rule.
- Should be possible to bulk export:
- A mixture of prebuilt non-customized, prebuilt customized, and custom rules.
- Only prebuilt non-customized rules.
- Only prebuilt customized rules.
- Only custom rules.
- Should be possible to bulk import:
- A mixture of prebuilt non-customized, prebuilt customized, and custom rules.
- Only prebuilt non-customized rules.
- Only prebuilt customized rules.
- Only custom rules.
- Should be possible to edit:
- Rule Details page
- Should be possible to edit:
- A non-customized prebuilt rule.
- A customized prebuilt rule.
- A custom rule.
- Should be possible to export:
- A non-customized prebuilt rule.
- A customized prebuilt rule.
- A custom rule.
- Should be possible to edit:
- Rule Management page
- Feature flag is OFF
- Rule Management page
- Should be possible to edit:
- A single prebuilt rule (only rule actions).
- A custom rule (any parameter).
- Should NOT be possible to bulk edit prebuilt rules, except adding rule actions:
- NO: Add index patterns.
- NO: Delete index patterns.
- NO: Add tags.
- NO: Delete tags.
- NO: Add custom highlighted fields.
- NO: Delete custom highlighted fields.
- YES: Add rule actions.
- NO: Update rule schedules.
- NO: Apply timeline template.
- Should NOT be possible to export prebuilt rules.
- Should be possible to export custom rules.
- Should NOT be possible to bulk export prebuilt rules.
- Should be possible to bulk export custom rules.
- Should NOT be possible to bulk import prebuilt rules.
- Should be possible to bulk import custom rules.
- Should be possible to edit:
- Rule Details page
- Should be possible to edit:
- A single prebuilt rule (only rule actions).
- A custom rule (any parameter).
- Should NOT be possible to export a prebuilt rule.
- Should be possible to export a custom rule.
- Should be possible to edit:
- Rule Management page
Let's use this checklist as a base for writing a test plan in the near future. I'm thinking about creating a few separate tickets for writing test plans so we could close the ones that this PR refers to in the description.
Thank you @dplumlee, let's 🚢 it!
|
Starting backport for target branches: 8.x |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Nov 13, 2024
…the Rule Management and Rule Details pages (elastic#198202) **Resolves: elastic#180171 **Resolves: elastic#180176 **Resolves: elastic#180173 ## Summary > [!NOTE] > Feature is behind the `prebuiltRulesCustomizationEnabled` feature flag. Adds logic to allow users to edit and export prebuilt rules from both the Rule management page and Rule details page via the bulk action menu and the singular overflow menu ### Acceptance criteria - [x] Feature is hidden behind prebuiltRulesCustomizationEnabled feature flag - [x] Modified components still work as expected when feature flag is off - [x] Bulk actions are able to performed on all rule types from Rule management page bulk actions menu - [x] Editing - [x] Index patterns - [x] Tags - [x] Highlighted fields - [x] Schedule - [x] Export - [x] Singular rule actions are able to be performed on all rule types from rule management page overflow column - [x] Export - [x] Singular rule actions are able to be performed on all rule types from rule details page - [x] Export ### Screenshots *** ### Rule management table overflow menu #### Before **Export button is disabled for prebuilt rules**  #### After **Export button is enabled for all rule types**  ### Rule details page overflow menu #### Before **Export button is disabled for prebuilt rules**  #### After **Export button is enabled for all rule types**  --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> (cherry picked from commit 02e4edc)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
3 tasks
kibanamachine
added a commit
that referenced
this pull request
Nov 14, 2024
… from the Rule Management and Rule Details pages (#198202) (#200103) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] Allows editing and exporting prebuilt rules from the Rule Management and Rule Details pages (#198202)](#198202) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Davis Plumlee","email":"56367316+dplumlee@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-11-13T22:11:48Z","message":"[Security Solution] Allows editing and exporting prebuilt rules from the Rule Management and Rule Details pages (#198202)\n\n**Resolves: https://github.com/elastic/kibana/issues/180171**\r\n**Resolves: https://github.com/elastic/kibana/issues/180176**\r\n**Resolves: https://github.com/elastic/kibana/issues/180173**\r\n\r\n## Summary\r\n\r\n> [!NOTE] \r\n> Feature is behind the `prebuiltRulesCustomizationEnabled` feature\r\nflag.\r\n\r\nAdds logic to allow users to edit and export prebuilt rules from both\r\nthe Rule management page and Rule details page via the bulk action menu\r\nand the singular overflow menu\r\n\r\n\r\n### Acceptance criteria\r\n\r\n- [x] Feature is hidden behind prebuiltRulesCustomizationEnabled feature\r\nflag\r\n- [x] Modified components still work as expected when feature flag is\r\noff\r\n- [x] Bulk actions are able to performed on all rule types from Rule\r\nmanagement page bulk actions menu\r\n - [x] Editing\r\n - [x] Index patterns\r\n - [x] Tags\r\n - [x] Highlighted fields\r\n - [x] Schedule\r\n - [x] Export\r\n- [x] Singular rule actions are able to be performed on all rule types\r\nfrom rule management page overflow column\r\n - [x] Export\r\n- [x] Singular rule actions are able to be performed on all rule types\r\nfrom rule details page\r\n - [x] Export\r\n \r\n\r\n### Screenshots\r\n***\r\n\r\n### Rule management table overflow menu\r\n\r\n#### Before\r\n**Export button is disabled for prebuilt rules**\r\n\r\n\r\n\r\n#### After\r\n**Export button is enabled for all rule types**\r\n\r\n\r\n### Rule details page overflow menu\r\n\r\n#### Before\r\n**Export button is disabled for prebuilt rules**\r\n\r\n\r\n\r\n#### After\r\n**Export button is enabled for all rule types**\r\n\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"02e4edc458749ca286c2b03eb71c248c7ef5b335","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v8.17.0"],"title":"[Security Solution] Allows editing and exporting prebuilt rules from the Rule Management and Rule Details pages","number":198202,"url":"https://github.com/elastic/kibana/pull/198202","mergeCommit":{"message":"[Security Solution] Allows editing and exporting prebuilt rules from the Rule Management and Rule Details pages (#198202)\n\n**Resolves: https://github.com/elastic/kibana/issues/180171**\r\n**Resolves: https://github.com/elastic/kibana/issues/180176**\r\n**Resolves: https://github.com/elastic/kibana/issues/180173**\r\n\r\n## Summary\r\n\r\n> [!NOTE] \r\n> Feature is behind the `prebuiltRulesCustomizationEnabled` feature\r\nflag.\r\n\r\nAdds logic to allow users to edit and export prebuilt rules from both\r\nthe Rule management page and Rule details page via the bulk action menu\r\nand the singular overflow menu\r\n\r\n\r\n### Acceptance criteria\r\n\r\n- [x] Feature is hidden behind prebuiltRulesCustomizationEnabled feature\r\nflag\r\n- [x] Modified components still work as expected when feature flag is\r\noff\r\n- [x] Bulk actions are able to performed on all rule types from Rule\r\nmanagement page bulk actions menu\r\n - [x] Editing\r\n - [x] Index patterns\r\n - [x] Tags\r\n - [x] Highlighted fields\r\n - [x] Schedule\r\n - [x] Export\r\n- [x] Singular rule actions are able to be performed on all rule types\r\nfrom rule management page overflow column\r\n - [x] Export\r\n- [x] Singular rule actions are able to be performed on all rule types\r\nfrom rule details page\r\n - [x] Export\r\n \r\n\r\n### Screenshots\r\n***\r\n\r\n### Rule management table overflow menu\r\n\r\n#### Before\r\n**Export button is disabled for prebuilt rules**\r\n\r\n\r\n\r\n#### After\r\n**Export button is enabled for all rule types**\r\n\r\n\r\n### Rule details page overflow menu\r\n\r\n#### Before\r\n**Export button is disabled for prebuilt rules**\r\n\r\n\r\n\r\n#### After\r\n**Export button is enabled for all rule types**\r\n\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"02e4edc458749ca286c2b03eb71c248c7ef5b335"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/198202","number":198202,"mergeCommit":{"message":"[Security Solution] Allows editing and exporting prebuilt rules from the Rule Management and Rule Details pages (#198202)\n\n**Resolves: https://github.com/elastic/kibana/issues/180171**\r\n**Resolves: https://github.com/elastic/kibana/issues/180176**\r\n**Resolves: https://github.com/elastic/kibana/issues/180173**\r\n\r\n## Summary\r\n\r\n> [!NOTE] \r\n> Feature is behind the `prebuiltRulesCustomizationEnabled` feature\r\nflag.\r\n\r\nAdds logic to allow users to edit and export prebuilt rules from both\r\nthe Rule management page and Rule details page via the bulk action menu\r\nand the singular overflow menu\r\n\r\n\r\n### Acceptance criteria\r\n\r\n- [x] Feature is hidden behind prebuiltRulesCustomizationEnabled feature\r\nflag\r\n- [x] Modified components still work as expected when feature flag is\r\noff\r\n- [x] Bulk actions are able to performed on all rule types from Rule\r\nmanagement page bulk actions menu\r\n - [x] Editing\r\n - [x] Index patterns\r\n - [x] Tags\r\n - [x] Highlighted fields\r\n - [x] Schedule\r\n - [x] Export\r\n- [x] Singular rule actions are able to be performed on all rule types\r\nfrom rule management page overflow column\r\n - [x] Export\r\n- [x] Singular rule actions are able to be performed on all rule types\r\nfrom rule details page\r\n - [x] Export\r\n \r\n\r\n### Screenshots\r\n***\r\n\r\n### Rule management table overflow menu\r\n\r\n#### Before\r\n**Export button is disabled for prebuilt rules**\r\n\r\n\r\n\r\n#### After\r\n**Export button is enabled for all rule types**\r\n\r\n\r\n### Rule details page overflow menu\r\n\r\n#### Before\r\n**Export button is disabled for prebuilt rules**\r\n\r\n\r\n\r\n#### After\r\n**Export button is enabled for all rule types**\r\n\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"02e4edc458749ca286c2b03eb71c248c7ef5b335"}},{"branch":"8.x","label":"v8.17.0","branchLabelMappingKey":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Davis Plumlee <56367316+dplumlee@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolves: #180171
Resolves: #180176
Resolves: #180173
Summary
Note
Feature is behind the
prebuiltRulesCustomizationEnabledfeature flag.Adds logic to allow users to edit and export prebuilt rules from both the Rule management page and Rule details page via the bulk action menu and the singular overflow menu
Acceptance criteria
Screenshots
Rule management table overflow menu
Before
Export button is disabled for prebuilt rules
After
Export button is enabled for all rule types
Rule details page overflow menu
Before
Export button is disabled for prebuilt rules
After
Export button is enabled for all rule types
