[Security Solution] Make importing prebuilt rules with missing base version tests matching the test scenario #234735
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
maximpn
added
test
release_note:skip
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
jkelas
reviewed
Sep 11, 2025
| - [**Scenario: Importing a prebuilt rule with a missing base version when it's already installed but not equal to the import payload**](#scenario-importing-a-prebuilt-rule-with-a-missing-base-version-when-its-already-installed-but-not-equal-to-the-import-payload) | ||
| - [**Scenario: Importing a prebuilt rule with a missing base version when it's already installed and not customized but not equal to the import payload**](#scenario-importing-a-prebuilt-rule-with-a-missing-base-version-when-its-already-installed-and-not-customized-but-not-equal-to-the-import-payload) | ||
| - [**Scenario: Importing a prebuilt rule with a missing base version when it's already installed, is not customized, and is equal to the import payload**](#scenario-importing-a-prebuilt-rule-with-a-missing-base-version-when-its-already-installed-is-not-customized-and-is-equal-to-the-import-payload) | ||
| - [**Scenario: Importing a prebuilt rule with a missing base version when it's already installed, is customized, and is equal to the import payload**](#scenario-importing-a-prebuilt-rule-with-a-missing-base-version-when-its-already-installed-is-customized-and-is-equal-to-the-import-payload) |
There was a problem hiding this comment.
Just a question: Shouldn't we have additional case, for:
Importing a prebuilt rule with a missing base version when it's already installed, is customized, and is NOT equal to the import payload**
Now we have a test in which we check that if a rule was customized, the flag is_customized remains true even after importing a rule with the same payload. But shouldn't we also check that the same applies when payload is different? I believe the flag is_customized should still be true in that case.
There was a problem hiding this comment.
Yes, ideally we need it for full coverage. I've updated the test plan and added this test scenario implementation.
maximpn
force-pushed
the
fix-importing-prebuilt-rules-with-missing-base-version
branch
from
5683e1e to
8f643e2
Compare
|
Starting backport for target branches: 8.18, 8.19, 9.0, 9.1 |
💚 Build Succeeded
Metrics [docs]Saved Objects .kibana field count
History
cc @maximpn |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Sep 15, 2025
…ersion tests matching the test scenario (elastic#234735) **Relates to:** elastic#223421 ## Summary This PR makes little adjustments to [Importing Prebuilt Rules](elastic#223421) with missing base version test scenario implementation to make it matching test scenario steps. In particular it makes sure an installed prebuilt rule gets customized before testing import. (cherry picked from commit 10533eb)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Sep 15, 2025
…ersion tests matching the test scenario (elastic#234735) **Relates to:** elastic#223421 ## Summary This PR makes little adjustments to [Importing Prebuilt Rules](elastic#223421) with missing base version test scenario implementation to make it matching test scenario steps. In particular it makes sure an installed prebuilt rule gets customized before testing import. (cherry picked from commit 10533eb)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Sep 15, 2025
…ersion tests matching the test scenario (elastic#234735) **Relates to:** elastic#223421 ## Summary This PR makes little adjustments to [Importing Prebuilt Rules](elastic#223421) with missing base version test scenario implementation to make it matching test scenario steps. In particular it makes sure an installed prebuilt rule gets customized before testing import. (cherry picked from commit 10533eb)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Sep 15, 2025
…ersion tests matching the test scenario (elastic#234735) **Relates to:** elastic#223421 ## Summary This PR makes little adjustments to [Importing Prebuilt Rules](elastic#223421) with missing base version test scenario implementation to make it matching test scenario steps. In particular it makes sure an installed prebuilt rule gets customized before testing import. (cherry picked from commit 10533eb)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Sep 15, 2025
…base version tests matching the test scenario (#234735) (#235114) # Backport This will backport the following commits from `main` to `9.1`: - [[Security Solution] Make importing prebuilt rules with missing base version tests matching the test scenario (#234735)](#234735) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Maxim Palenov","email":"maxim.palenov@elastic.co"},"sourceCommit":{"committedDate":"2025-09-15T16:36:35Z","message":"[Security Solution] Make importing prebuilt rules with missing base version tests matching the test scenario (#234735)\n\n**Relates to:** https://github.com/elastic/kibana/pull/223421\n\n## Summary\n\nThis PR makes little adjustments to [Importing Prebuilt\nRules](#223421) with missing base\nversion test scenario implementation to make it matching test scenario\nsteps. In particular it makes sure an installed prebuilt rule gets\ncustomized before testing import.","sha":"10533ebfa440c6ac91166cc1d6d33b72d7102dc9","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["test","release_note:skip","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v9.2.0","v9.1.3","v8.19.3","v9.0.6","v8.18.7"],"title":"[Security Solution] Make importing prebuilt rules with missing base version tests matching the test scenario","number":234735,"url":"https://github.com/elastic/kibana/pull/234735","mergeCommit":{"message":"[Security Solution] Make importing prebuilt rules with missing base version tests matching the test scenario (#234735)\n\n**Relates to:** https://github.com/elastic/kibana/pull/223421\n\n## Summary\n\nThis PR makes little adjustments to [Importing Prebuilt\nRules](#223421) with missing base\nversion test scenario implementation to make it matching test scenario\nsteps. In particular it makes sure an installed prebuilt rule gets\ncustomized before testing import.","sha":"10533ebfa440c6ac91166cc1d6d33b72d7102dc9"}},"sourceBranch":"main","suggestedTargetBranches":["9.1","8.19","9.0","8.18"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/234735","number":234735,"mergeCommit":{"message":"[Security Solution] Make importing prebuilt rules with missing base version tests matching the test scenario (#234735)\n\n**Relates to:** https://github.com/elastic/kibana/pull/223421\n\n## Summary\n\nThis PR makes little adjustments to [Importing Prebuilt\nRules](#223421) with missing base\nversion test scenario implementation to make it matching test scenario\nsteps. In particular it makes sure an installed prebuilt rule gets\ncustomized before testing import.","sha":"10533ebfa440c6ac91166cc1d6d33b72d7102dc9"}},{"branch":"9.1","label":"v9.1.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.0","label":"v9.0.6","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.7","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Maxim Palenov <maxim.palenov@elastic.co>
kibanamachine
added a commit
that referenced
this pull request
Sep 15, 2025
… base version tests matching the test scenario (#234735) (#235112) # Backport This will backport the following commits from `main` to `8.19`: - [[Security Solution] Make importing prebuilt rules with missing base version tests matching the test scenario (#234735)](#234735) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Maxim Palenov","email":"maxim.palenov@elastic.co"},"sourceCommit":{"committedDate":"2025-09-15T16:36:35Z","message":"[Security Solution] Make importing prebuilt rules with missing base version tests matching the test scenario (#234735)\n\n**Relates to:** https://github.com/elastic/kibana/pull/223421\n\n## Summary\n\nThis PR makes little adjustments to [Importing Prebuilt\nRules](#223421) with missing base\nversion test scenario implementation to make it matching test scenario\nsteps. In particular it makes sure an installed prebuilt rule gets\ncustomized before testing import.","sha":"10533ebfa440c6ac91166cc1d6d33b72d7102dc9","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["test","release_note:skip","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v9.2.0","v9.1.3","v8.19.3","v9.0.6","v8.18.7"],"title":"[Security Solution] Make importing prebuilt rules with missing base version tests matching the test scenario","number":234735,"url":"https://github.com/elastic/kibana/pull/234735","mergeCommit":{"message":"[Security Solution] Make importing prebuilt rules with missing base version tests matching the test scenario (#234735)\n\n**Relates to:** https://github.com/elastic/kibana/pull/223421\n\n## Summary\n\nThis PR makes little adjustments to [Importing Prebuilt\nRules](#223421) with missing base\nversion test scenario implementation to make it matching test scenario\nsteps. In particular it makes sure an installed prebuilt rule gets\ncustomized before testing import.","sha":"10533ebfa440c6ac91166cc1d6d33b72d7102dc9"}},"sourceBranch":"main","suggestedTargetBranches":["9.1","8.19","9.0","8.18"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/234735","number":234735,"mergeCommit":{"message":"[Security Solution] Make importing prebuilt rules with missing base version tests matching the test scenario (#234735)\n\n**Relates to:** https://github.com/elastic/kibana/pull/223421\n\n## Summary\n\nThis PR makes little adjustments to [Importing Prebuilt\nRules](#223421) with missing base\nversion test scenario implementation to make it matching test scenario\nsteps. In particular it makes sure an installed prebuilt rule gets\ncustomized before testing import.","sha":"10533ebfa440c6ac91166cc1d6d33b72d7102dc9"}},{"branch":"9.1","label":"v9.1.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.0","label":"v9.0.6","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.7","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Maxim Palenov <maxim.palenov@elastic.co>
kibanamachine
added a commit
that referenced
this pull request
Sep 15, 2025
…base version tests matching the test scenario (#234735) (#235113) # Backport This will backport the following commits from `main` to `9.0`: - [[Security Solution] Make importing prebuilt rules with missing base version tests matching the test scenario (#234735)](#234735) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Maxim Palenov","email":"maxim.palenov@elastic.co"},"sourceCommit":{"committedDate":"2025-09-15T16:36:35Z","message":"[Security Solution] Make importing prebuilt rules with missing base version tests matching the test scenario (#234735)\n\n**Relates to:** https://github.com/elastic/kibana/pull/223421\n\n## Summary\n\nThis PR makes little adjustments to [Importing Prebuilt\nRules](#223421) with missing base\nversion test scenario implementation to make it matching test scenario\nsteps. In particular it makes sure an installed prebuilt rule gets\ncustomized before testing import.","sha":"10533ebfa440c6ac91166cc1d6d33b72d7102dc9","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["test","release_note:skip","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v9.2.0","v9.1.3","v8.19.3","v9.0.6","v8.18.7"],"title":"[Security Solution] Make importing prebuilt rules with missing base version tests matching the test scenario","number":234735,"url":"https://github.com/elastic/kibana/pull/234735","mergeCommit":{"message":"[Security Solution] Make importing prebuilt rules with missing base version tests matching the test scenario (#234735)\n\n**Relates to:** https://github.com/elastic/kibana/pull/223421\n\n## Summary\n\nThis PR makes little adjustments to [Importing Prebuilt\nRules](#223421) with missing base\nversion test scenario implementation to make it matching test scenario\nsteps. In particular it makes sure an installed prebuilt rule gets\ncustomized before testing import.","sha":"10533ebfa440c6ac91166cc1d6d33b72d7102dc9"}},"sourceBranch":"main","suggestedTargetBranches":["9.1","8.19","9.0","8.18"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/234735","number":234735,"mergeCommit":{"message":"[Security Solution] Make importing prebuilt rules with missing base version tests matching the test scenario (#234735)\n\n**Relates to:** https://github.com/elastic/kibana/pull/223421\n\n## Summary\n\nThis PR makes little adjustments to [Importing Prebuilt\nRules](#223421) with missing base\nversion test scenario implementation to make it matching test scenario\nsteps. In particular it makes sure an installed prebuilt rule gets\ncustomized before testing import.","sha":"10533ebfa440c6ac91166cc1d6d33b72d7102dc9"}},{"branch":"9.1","label":"v9.1.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.0","label":"v9.0.6","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.7","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Maxim Palenov <maxim.palenov@elastic.co>
banderror
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Sep 16, 2025
…ersion tests matching the test scenario (elastic#234735) **Relates to:** elastic#223421 ## Summary This PR makes little adjustments to [Importing Prebuilt Rules](elastic#223421) with missing base version test scenario implementation to make it matching test scenario steps. In particular it makes sure an installed prebuilt rule gets customized before testing import. (cherry picked from commit 10533eb)
kibanamachine
added a commit
that referenced
this pull request
Sep 16, 2025
… base version tests matching the test scenario (#234735) (#235111) # Backport This will backport the following commits from `main` to `8.18`: - [[Security Solution] Make importing prebuilt rules with missing base version tests matching the test scenario (#234735)](#234735) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Maxim Palenov","email":"maxim.palenov@elastic.co"},"sourceCommit":{"committedDate":"2025-09-15T16:36:35Z","message":"[Security Solution] Make importing prebuilt rules with missing base version tests matching the test scenario (#234735)\n\n**Relates to:** https://github.com/elastic/kibana/pull/223421\n\n## Summary\n\nThis PR makes little adjustments to [Importing Prebuilt\nRules](#223421) with missing base\nversion test scenario implementation to make it matching test scenario\nsteps. In particular it makes sure an installed prebuilt rule gets\ncustomized before testing import.","sha":"10533ebfa440c6ac91166cc1d6d33b72d7102dc9","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["test","release_note:skip","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v9.2.0","v9.1.3","v8.19.3","v9.0.6","v8.18.7"],"title":"[Security Solution] Make importing prebuilt rules with missing base version tests matching the test scenario","number":234735,"url":"https://github.com/elastic/kibana/pull/234735","mergeCommit":{"message":"[Security Solution] Make importing prebuilt rules with missing base version tests matching the test scenario (#234735)\n\n**Relates to:** https://github.com/elastic/kibana/pull/223421\n\n## Summary\n\nThis PR makes little adjustments to [Importing Prebuilt\nRules](#223421) with missing base\nversion test scenario implementation to make it matching test scenario\nsteps. In particular it makes sure an installed prebuilt rule gets\ncustomized before testing import.","sha":"10533ebfa440c6ac91166cc1d6d33b72d7102dc9"}},"sourceBranch":"main","suggestedTargetBranches":["9.1","8.19","9.0","8.18"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/234735","number":234735,"mergeCommit":{"message":"[Security Solution] Make importing prebuilt rules with missing base version tests matching the test scenario (#234735)\n\n**Relates to:** https://github.com/elastic/kibana/pull/223421\n\n## Summary\n\nThis PR makes little adjustments to [Importing Prebuilt\nRules](#223421) with missing base\nversion test scenario implementation to make it matching test scenario\nsteps. In particular it makes sure an installed prebuilt rule gets\ncustomized before testing import.","sha":"10533ebfa440c6ac91166cc1d6d33b72d7102dc9"}},{"branch":"9.1","label":"v9.1.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.0","label":"v9.0.6","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.7","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Maxim Palenov <maxim.palenov@elastic.co>
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this pull request
Sep 24, 2025
…ersion tests matching the test scenario (elastic#234735) **Relates to:** elastic#223421 ## Summary This PR makes little adjustments to [Importing Prebuilt Rules](elastic#223421) with missing base version test scenario implementation to make it matching test scenario steps. In particular it makes sure an installed prebuilt rule gets customized before testing import.
niros1
pushed a commit
that referenced
this pull request
Sep 30, 2025
…ersion tests matching the test scenario (#234735) **Relates to:** #223421 ## Summary This PR makes little adjustments to [Importing Prebuilt Rules](#223421) with missing base version test scenario implementation to make it matching test scenario steps. In particular it makes sure an installed prebuilt rule gets customized before testing import.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Relates to: #223421
Summary
This PR makes little adjustments to Importing Prebuilt Rules with missing base version test scenario implementation to make it matching test scenario steps. In particular it makes sure an installed prebuilt rule gets customized before testing import.