-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Users can Customize Prebuilt Detection Rules: Milestone 3 #174168
Open
64 of 80 tasks
Labels
8.18 candidate
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules area
Meta
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
v8.14.0
v8.15.0
v8.16.0
v8.17.0
v8.18.0
Comments
banderror
added
Meta
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Team:Detection Rule Management
Security Detection Rule Management Team
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules area
labels
Jan 3, 2024
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
Pinging @elastic/security-solution (Team: SecuritySolution) |
This was referenced Jan 26, 2024
Closed
[Security Solution] [PRC Milestone 3] Update Prebuilt Rules endpoints to new Prebuilt schema
#175771
Closed
Draft plan for Milestone 3UPD: the plan has been moved to the ticket description. |
This was referenced Mar 6, 2024
13 tasks
maximpn
added a commit
that referenced
this issue
Sep 27, 2024
…Update Workflow (#193531) **Epic:** #174168 **Addresses:** #171520 ## Summary This PR introduces a new `Update` tab allowing users to resolve rule upgrade conflicts. It's a result of combination of read-only components implemented in #193261 and rule upgrade state implemented in #191721. ## Details The goal of this PR is to provide intermediate integration between rule upgrade state ([PR](#191721)) and components displaying the diff and read-only state ([PR](#193261)). It will facilitate further development of rule field editable components and streamline rule upgrade functionality developing. ## How to test? The functionality is hidden under `prebuiltRulesCustomizationEnabled` feature flag. Add the following to your Kibana config ```yaml xpack.securitySolution.enableExperimental: - prebuiltRulesCustomizationEnabled ``` When the above feature flag enabled the new `Update` tab is displayed instead of the old one. ## Screenshots Suggested components design ![image](https://github.com/user-attachments/assets/b5aaf571-286a-4595-9bd4-fdaf9a423b03) New `Update` tab <img width="1718" alt="image" src="https://github.com/user-attachments/assets/28aa6bb3-f805-4109-a808-d67e58c7c5b8">
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Sep 27, 2024
…Update Workflow (elastic#193531) **Epic:** elastic#174168 **Addresses:** elastic#171520 ## Summary This PR introduces a new `Update` tab allowing users to resolve rule upgrade conflicts. It's a result of combination of read-only components implemented in elastic#193261 and rule upgrade state implemented in elastic#191721. ## Details The goal of this PR is to provide intermediate integration between rule upgrade state ([PR](elastic#191721)) and components displaying the diff and read-only state ([PR](elastic#193261)). It will facilitate further development of rule field editable components and streamline rule upgrade functionality developing. ## How to test? The functionality is hidden under `prebuiltRulesCustomizationEnabled` feature flag. Add the following to your Kibana config ```yaml xpack.securitySolution.enableExperimental: - prebuiltRulesCustomizationEnabled ``` When the above feature flag enabled the new `Update` tab is displayed instead of the old one. ## Screenshots Suggested components design ![image](https://github.com/user-attachments/assets/b5aaf571-286a-4595-9bd4-fdaf9a423b03) New `Update` tab <img width="1718" alt="image" src="https://github.com/user-attachments/assets/28aa6bb3-f805-4109-a808-d67e58c7c5b8"> (cherry picked from commit 878ba13)
This was referenced Oct 9, 2024
Closed
This was referenced Nov 23, 2024
banderror
assigned banderror, xcrzx, maximpn, nikitaindik, dplumlee, jkelas, rylnd and e40pud
Nov 23, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
8.18 candidate
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules area
Meta
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
v8.14.0
v8.15.0
v8.16.0
v8.17.0
v8.18.0
Epic: https://github.com/elastic/security-team/issues/1974 (internal)
Milestones: << • >>
Status: In development.
Summary
Milestone 3: Add support for customizing prebuilt rules. Extend the rule upgrade workflow with full support for 3-way diffs and conflict resolution. Allow users to:
User stories
Prebuilt rule customization workflow:
Prebuilt rule upgrade workflow:
Prebuilt rule export/import workflow:
Useful info
Design
Technical design
UI/UX design
Preparatory changes
Preparatory changes is something we can work on before starting to hide functionality behind a feature flag. This will reduce the overall complexity introduced by feature toggling.
Missing UI for editing certain rule fields
Missing UI for editing certain rule fields (docs)
Schema-related changes
rule_source
to the API schema #180122rule_source
field together withimmutable
#180141DetectionRulesClient
refactoring. Part 2 #184364rule_source
andimmutable
fields #180140Rule customization, API changes
ruleSource.isCustomized
in API endpoint handlers #180145ruleSource.isCustomized
in bulk edit API #187706rule_source
field required inRuleResponse
#180270Rule upgrade, API changes
POST /prebuilt_rules/upgrade/_review
API endpoint even if they haven't been updated by Elastic in the target version #180154POST /upgrade/_review
API endpoint's contract and functionality #180153/upgrade/_review
upgrade workflow #180393MissingVersion
symbol in theThreeWayDiff
object with a boolean #188277POST /upgrade/_perform
API endpoint's contract and functionality #166376/upgrade/_perform
endpoint upgrade workflow #186544exceptions_list
,author
andlicense
from Diffable Rule #196213Rule upgrade, diff algorithms
concurrent_searches
anditems_per_search
fields diff algorithms #188061Fleet package with prebuilt rules
Changes hidden behind the feature flag
These are changes that will need to be hidden behind the
prebuiltRulesCustomizationEnabled
feature flag.Rule customization, UI changes
prebuiltRulesCustomizationEnabled
#180130Rule upgrade, UI changes
Rule export and import, API and UI changes
Licensing
Telemetry
Before release
Bugs
Testing
Documentation
rule_source
property for rules in the API schema (DRAFT) security-docs#5063Release
After release
Last changes after releasing the feature
prebuiltRulesCustomizationEnabled
feature flag #180272The text was updated successfully, but these errors were encountered: