Skip to content

[Security Solution][Detections] Associate Endpoint Exceptions List to Rule during rule creation/update #71794

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jul 15, 2020
Merged

[Security Solution][Detections] Associate Endpoint Exceptions List to Rule during rule creation/update #71794

merged 3 commits into from
Jul 15, 2020

Conversation

@rylnd
Copy link
Contributor

@rylnd rylnd commented Jul 15, 2020
edited
Loading

Summary

This adds the following:

  • Checkbox to associate/dissociate a given rule with the global exceptions list on create/edit
  • Changes default stacking of the Alerts Histogram to be signal.rule.name
  • Fixes a react warning on the rule creation form(s)

TODO

Followup Actions:

For maintainers

rylnd added 3 commits July 14, 2020 18:29
@rylnd
Add checkbox to associate rule with global endpoint exception list
6ef36a7 
This works on creation, now we need edit.
@rylnd
Fix DomNesting error on ML Card Description
74d6bcf 
EuiText generates a div, but this is inside of an EuiCard which is a
paragraph. Defines a span with equivalent styles, instead.
@rylnd
Change default stack of alerts histogram to signal.rule.name
d0d46aa
@rylnd rylnd self-assigned this Jul 15, 2020
@rylnd rylnd changed the title [Security Solution][Detections] Associate Endpoint Exceptions List to Rule during rule creation [Security Solution][Detections] Associate Endpoint Exceptions List to Rule during rule creation/update Jul 15, 2020
@rylnd
Copy link
Contributor Author

rylnd commented Jul 15, 2020

@benskelker this adds the "Associate Global Endpoint Exception List" option to rule creation/update.

@kibanamachine
Copy link
Contributor

kibanamachine commented Jul 15, 2020

💚 Build Succeeded

Build metrics

‼️ unable to find a baseline build for [master@8da80fe]. Try merging the upstream branch and trying again.

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@rylnd rylnd marked this pull request as ready for review July 15, 2020 01:46
@rylnd rylnd requested review from a team as code owners July 15, 2020 01:46
@elasticmachine
Copy link
Contributor

elasticmachine commented Jul 15, 2020

Pinging @elastic/siem (Team:SIEM)

spong
spong reviewed Jul 15, 2020
View reviewed changes
x-pack/plugins/security_solution/public/detections/components/alerts_histogram_panel/index.tsx
({
chartHeight,
defaultStackByOption = alertsHistogramOptions[0],
defaultStackByOption = alertsHistogramOptions[8], // signal.rule.name
Copy link
Member

@spong spong Jul 15, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! 🙂

spong
spong approved these changes Jul 15, 2020
View reviewed changes
Copy link
Member

@spong spong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks for the extra fixes here too @rylnd! 🙂

@rylnd rylnd merged commit cbe8f00 into elastic:master Jul 15, 2020
@rylnd rylnd deleted the associate_endpoint_list_to_rule branch July 15, 2020 02:28
@rylnd rylnd mentioned this pull request Jul 15, 2020
Merged
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jul 15, 2020
@gmmorris
Merge branch 'master' into alerting/consumer-based-rbac
6b090eb 
* master: (82 commits)
  Fixed the spacing of child accordion items for policy response dialog. (elastic#71677)
  [SECURITY] Timeline bug 7.9 (elastic#71748)
  use fixed isChromeVisible method (elastic#71813)
  [SIEM][Detection Engine][Lists] Adds specific endpoint_list REST API and API for abilities to auto-create the endpoint_list if it gets deleted (elastic#71792)
  [test] Skips flaky Saved Objects Management test
  [APM] Remove watcher integration (elastic#71655)
  [APM] Increase `xpack.apm.ui.transactionGroupBucketSize` (elastic#71661)
  [test] Skips Ingest Manager test preventing ES promotion
  [test] Skips flaky detection engine tests
  Revert "re-fix navigate path for master add SAML login to login_page (elastic#71337)"
  [tests] Temporarily skipped Fleet tests
  [test] Skipped monitoring test
  [Security Solution][Detections] Associate Endpoint Exceptions List to Rule during rule creation/update (elastic#71794)
  Add endpoint exception creation API validation (elastic#71791)
  Skip jest tests that timeout waiting for react (elastic#71801)
  [Security Solution][Exceptions] - Adds filtering to endpoint index patterns by exceptional fields (elastic#71757)
  [Reporting] Re-delete a file (elastic#71730)
  [Security Solution] [Detections] Fixes bug for determining when we hit max signals after filtering with lists (elastic#71768)
  [Ingest Manager] Better display of Fleet requirements (elastic#71686)
  [tests] Temporarily skipped to promote snapshot
  ...
cnasikas pushed a commit that referenced this pull request Jul 15, 2020
@rylnd @elasticmachine
[7.x] [Security Solution][Detections] Associate Endpoint Exceptions L…
0abba5b 
…ist to Rule during rule creation/update (#71794) (#71806)

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
@MindyRS MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Sep 23, 2021
@elasticmachine
Copy link
Contributor

elasticmachine commented Sep 23, 2021

Pinging @elastic/security-solution (Team: SecuritySolution)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@spong spong spong approved these changes

Assignees

@rylnd rylnd

Labels

release_note:enhancement Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM v7.9.0 v8.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@rylnd @kibanamachine @elasticmachine @spong @MindyRS