Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] Allow users to save rule query with non critical validation errors #202544

Merged
merged 12 commits into from
Dec 6, 2024

Conversation

maximpn
Copy link
Contributor

@maximpn maximpn commented Dec 2, 2024

Addresses: #171520

Summary

This PR adds functionality to allow users save EQL and ES|QL queries in Prebuilt Rule Customization workflow by displaying a confirmation modal with non critical validation errors (a.k.a warnings). It also refactors confirmation modal usage in rule creation/editing forms for better reusability.

Screenshots

Screenshot 2024-12-03 at 14 01 36
Screen.Recording.2024-12-03.at.14.01.57.mov
Screen.Recording.2024-12-03.at.14.05.29.mov
Screenshot 2024-12-03 at 14 06 29 Screenshot 2024-12-03 at 14 06 51 Screenshot 2024-12-03 at 14 07 52 Screenshot 2024-12-03 at 14 08 18

@maximpn maximpn added release_note:skip Skip the PR/issue when compiling release notes v9.0.0 Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Detection Rule Management Security Detection Rule Management Team Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area backport:version Backport to applied version labels v8.18.0 labels Dec 2, 2024
@maximpn maximpn self-assigned this Dec 2, 2024
@maximpn maximpn marked this pull request as ready for review December 3, 2024 13:14
@maximpn maximpn requested review from a team as code owners December 3, 2024 13:14
@maximpn maximpn requested review from dhurley14 and dplumlee December 3, 2024 13:14
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

@maximpn maximpn force-pushed the implement-non-blocking-query-validation branch from 743a712 to 8203aa2 Compare December 3, 2024 13:46
Copy link
Contributor

@dplumlee dplumlee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM @maximpn, left a couple minor comments but couldn't find any implementation bugs

Tested with a prebuilt ESQL and EQL rule in the

  • create rule form
  • edit rule form
  • upgrade flyout

as well as a custom EQL and ESQL rule in the create/edit forms.

Something I noticed (and maybe it was just because I was down a rabbit hole for testing) but it might be nice to have something differentiating the different validation types (blocking vs non-blocking). Right now they're identically presented but one allows saving and one doesn't unless the user knows the different types just by the EQL error message. I'm not sure if we'd want to label them as "warnings" instead of errors like we do for some of the other fields (e.g. required_fields) but either way probably not in the scope of this PR

Comment on lines 15 to 18
interface SubmitHandlerWithWarnExtras {
errors: ValidationError[];
warnings: ValidationError[];
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: this same interface is defined multiple places in this PR, could use a common one

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are there any plans to update and replace these tests?

@maximpn
Copy link
Contributor Author

maximpn commented Dec 4, 2024

Something I noticed (and maybe it was just because I was down a rabbit hole for testing) but it might be nice to have something differentiating the different validation types (blocking vs non-blocking). Right now they're identically presented but one allows saving and one doesn't unless the user knows the different types just by the EQL error message. I'm not sure if we'd want to label them as "warnings" instead of errors like we do for some of the other fields (e.g. required_fields) but either way probably not in the scope of this PR

@dplumlee,

Thanks for review 🙏 Earlier I created #201095 to discuss the approach. Warnings look like better UX. And we still can can show a confirmation modal before saving. Anyway it's a longer story than Milestone 3. But it's a good improvement to be included in for Milestone 4.

@maximpn maximpn changed the title [Security Solution] Allow users save rule query with non critical validation errors [Security Solution] Allow users to save rule query with non critical validation errors Dec 4, 2024
@maximpn maximpn force-pushed the implement-non-blocking-query-validation branch from 2045273 to 754c361 Compare December 4, 2024 21:28
@elasticmachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 6308 6314 +6

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 14.6MB 14.6MB -274.0B

History

cc @maximpn

@maximpn
Copy link
Contributor Author

maximpn commented Dec 5, 2024

Are there any plans to update and replace these tests?

@dplumlee

Tests in public/detection_engine/rule_creation_ui/pages/form.test.ts didn't test the form behavior. It was just a suite of primitive unit tests. To have real coverage we should set up UI integration tests for rule creation/editing forms. My preliminary research has shown that it might take significant amount of time. Additionally it'd be nice addressing technical debt impacting rule creation/editing forms we introduced while working on Prebuil Rule Customization workflow. We should get back to that after finishing Prebuil Rule Customization feature. I'll create necessary tickets for that. There is one I created to improve Form lib #203097.

Copy link
Contributor

@rylnd rylnd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tested the upgrade/resolution path with a few rules and everything looks as presented in your videos 👍 .

I had similar feedback to @dplumlee in that I think the UI distinction between warnings/errors could be more obvious, but I also agree that it's a relatively minor issue and can be addressed later.

I would love to see discussion on #203097; it would be great to have some/all of this functionality moved upstream into the form lib itself, but this is a great intermediate step 👍 .

I had a few nits about naming, but overall this LGTM.


import type { FormHook, FormData, ValidationError } from '../../../shared_imports';

export interface FormHookWithWarn<T extends FormData = FormData, I extends FormData = T>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this naming is a little ambiguous. Why not use the full word for clarity?

Suggested change
export interface FormHookWithWarn<T extends FormData = FormData, I extends FormData = T>
export interface FormHookWithWarnings<T extends FormData = FormData, I extends FormData = T>

* `isBlocking`. Validators marked as `isBlocking` will produce non blocking validation errors
* a.k.a. warnings.
*
* The problem with the supported approach is lack of flexibility and necessary API like one for getting
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@maximpn have you discussed these limitations (and #203097) with @sebelga? This looks like good feedback for the form-lib team.

Copy link
Contributor Author

@maximpn maximpn Dec 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I shared the ticket with Sébastien. Will see how it could be tackled.

My goal was to move incrementally and the first step was existing functionality refactoring to reuse it in Prebuilt Rules Customization workflow. I'd be happy to reiterate on that when I get a chance.

* `message` and `code` fields from a validator function. Attempts to reuse `__isBlocking__` internal
* field lead to inconsistent behavior.
*
* `useFormWithWarn` implements warnings (non blocking errors) on top of `FormHook` using validation
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is an excellent explanation for this hook, thank you for writing this up!

@@ -19,15 +19,10 @@ import * as i18n from './translations';

interface EsqlQueryValidatorFactoryParams {
queryClient: QueryClient;
/**
* This is a temporal fix to unlock prebuilt rule customization workflow
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

}
);

export const NON_BLOCKING_ERROR_CODES = [
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: we now use both "non-blocking error" and "warning" interchangeably in this domain. I think we should strive to consolidate to a single term, and "warning" makes the most sense as we're diverging from the "blocking" concept of the form lib.

@maximpn maximpn removed the request for review from dhurley14 December 6, 2024 09:17
@maximpn maximpn force-pushed the implement-non-blocking-query-validation branch from fa0b2ba to c3e5c91 Compare December 6, 2024 09:31
@maximpn maximpn enabled auto-merge (squash) December 6, 2024 09:31
@maximpn maximpn merged commit b0c7a8c into elastic:main Dec 6, 2024
8 checks passed
@kibanamachine
Copy link
Contributor

Starting backport for target branches: 8.x

https://github.com/elastic/kibana/actions/runs/12198497959

@maximpn maximpn deleted the implement-non-blocking-query-validation branch December 6, 2024 12:10
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Dec 6, 2024
…validation errors (elastic#202544)

**Addresses:** elastic#171520

## Summary

This PR adds functionality to allow users save EQL and ES|QL queries in Prebuilt Rule Customization workflow by displaying a confirmation modal with non critical validation errors (a.k.a warnings). It also refactors confirmation modal usage in rule creation/editing forms for better reusability.

## Screenshots

<img width="1909" alt="Screenshot 2024-12-03 at 14 01 36" src="https://github.com/user-attachments/assets/c0054fc1-b52b-400f-80d7-af42391f4e18">

https://github.com/user-attachments/assets/2a20fcfe-ffc0-4547-8621-7ac6873c8dc9

https://github.com/user-attachments/assets/50b5cf5a-ea3f-4c22-a443-b5d4056a92c8

<img width="2541" alt="Screenshot 2024-12-03 at 14 06 29" src="https://github.com/user-attachments/assets/dde3fd60-6c69-4f8e-a65a-837b2319e4ac">

<img width="2552" alt="Screenshot 2024-12-03 at 14 06 51" src="https://github.com/user-attachments/assets/220817a6-991f-4361-88d2-ee3a47a36ad6">

<img width="2555" alt="Screenshot 2024-12-03 at 14 07 52" src="https://github.com/user-attachments/assets/c46fc49c-9ce1-4472-bdea-f9507aa62ece">

<img width="2553" alt="Screenshot 2024-12-03 at 14 08 18" src="https://github.com/user-attachments/assets/92388c56-8644-4c54-8727-b9a73b3497d1">

(cherry picked from commit b0c7a8c)
@kibanamachine
Copy link
Contributor

💚 All backports created successfully

Status Branch Result
8.x

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

kibanamachine added a commit that referenced this pull request Dec 6, 2024
…tical validation errors (#202544) (#203233)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[Security Solution] Allow users to save rule query with non critical
validation errors
(#202544)](#202544)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Maxim
Palenov","email":"maxim.palenov@elastic.co"},"sourceCommit":{"committedDate":"2024-12-06T12:06:39Z","message":"[Security
Solution] Allow users to save rule query with non critical validation
errors (#202544)\n\n**Addresses:**
https://github.com/elastic/kibana/issues/171520\r\n\r\n##
Summary\r\n\r\nThis PR adds functionality to allow users save EQL and
ES|QL queries in Prebuilt Rule Customization workflow by displaying a
confirmation modal with non critical validation errors (a.k.a warnings).
It also refactors confirmation modal usage in rule creation/editing
forms for better reusability.\r\n\r\n## Screenshots\r\n\r\n<img
width=\"1909\" alt=\"Screenshot 2024-12-03 at 14 01 36\"
src=\"https://github.com/user-attachments/assets/c0054fc1-b52b-400f-80d7-af42391f4e18\">\r\n\r\nhttps://github.com/user-attachments/assets/2a20fcfe-ffc0-4547-8621-7ac6873c8dc9\r\n\r\nhttps://github.com/user-attachments/assets/50b5cf5a-ea3f-4c22-a443-b5d4056a92c8\r\n\r\n<img
width=\"2541\" alt=\"Screenshot 2024-12-03 at 14 06 29\"
src=\"https://github.com/user-attachments/assets/dde3fd60-6c69-4f8e-a65a-837b2319e4ac\">\r\n\r\n<img
width=\"2552\" alt=\"Screenshot 2024-12-03 at 14 06 51\"
src=\"https://github.com/user-attachments/assets/220817a6-991f-4361-88d2-ee3a47a36ad6\">\r\n\r\n<img
width=\"2555\" alt=\"Screenshot 2024-12-03 at 14 07 52\"
src=\"https://github.com/user-attachments/assets/c46fc49c-9ce1-4472-bdea-f9507aa62ece\">\r\n\r\n<img
width=\"2553\" alt=\"Screenshot 2024-12-03 at 14 08 18\"
src=\"https://github.com/user-attachments/assets/92388c56-8644-4c54-8727-b9a73b3497d1\">","sha":"b0c7a8ce4f0ea528a7f96246e7f2a46d17f61d3f","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection Rule
Management","Feature:Prebuilt Detection
Rules","backport:version","v8.18.0"],"title":"[Security Solution] Allow
users to save rule query with non critical validation
errors","number":202544,"url":"https://github.com/elastic/kibana/pull/202544","mergeCommit":{"message":"[Security
Solution] Allow users to save rule query with non critical validation
errors (#202544)\n\n**Addresses:**
https://github.com/elastic/kibana/issues/171520\r\n\r\n##
Summary\r\n\r\nThis PR adds functionality to allow users save EQL and
ES|QL queries in Prebuilt Rule Customization workflow by displaying a
confirmation modal with non critical validation errors (a.k.a warnings).
It also refactors confirmation modal usage in rule creation/editing
forms for better reusability.\r\n\r\n## Screenshots\r\n\r\n<img
width=\"1909\" alt=\"Screenshot 2024-12-03 at 14 01 36\"
src=\"https://github.com/user-attachments/assets/c0054fc1-b52b-400f-80d7-af42391f4e18\">\r\n\r\nhttps://github.com/user-attachments/assets/2a20fcfe-ffc0-4547-8621-7ac6873c8dc9\r\n\r\nhttps://github.com/user-attachments/assets/50b5cf5a-ea3f-4c22-a443-b5d4056a92c8\r\n\r\n<img
width=\"2541\" alt=\"Screenshot 2024-12-03 at 14 06 29\"
src=\"https://github.com/user-attachments/assets/dde3fd60-6c69-4f8e-a65a-837b2319e4ac\">\r\n\r\n<img
width=\"2552\" alt=\"Screenshot 2024-12-03 at 14 06 51\"
src=\"https://github.com/user-attachments/assets/220817a6-991f-4361-88d2-ee3a47a36ad6\">\r\n\r\n<img
width=\"2555\" alt=\"Screenshot 2024-12-03 at 14 07 52\"
src=\"https://github.com/user-attachments/assets/c46fc49c-9ce1-4472-bdea-f9507aa62ece\">\r\n\r\n<img
width=\"2553\" alt=\"Screenshot 2024-12-03 at 14 08 18\"
src=\"https://github.com/user-attachments/assets/92388c56-8644-4c54-8727-b9a73b3497d1\">","sha":"b0c7a8ce4f0ea528a7f96246e7f2a46d17f61d3f"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/202544","number":202544,"mergeCommit":{"message":"[Security
Solution] Allow users to save rule query with non critical validation
errors (#202544)\n\n**Addresses:**
https://github.com/elastic/kibana/issues/171520\r\n\r\n##
Summary\r\n\r\nThis PR adds functionality to allow users save EQL and
ES|QL queries in Prebuilt Rule Customization workflow by displaying a
confirmation modal with non critical validation errors (a.k.a warnings).
It also refactors confirmation modal usage in rule creation/editing
forms for better reusability.\r\n\r\n## Screenshots\r\n\r\n<img
width=\"1909\" alt=\"Screenshot 2024-12-03 at 14 01 36\"
src=\"https://github.com/user-attachments/assets/c0054fc1-b52b-400f-80d7-af42391f4e18\">\r\n\r\nhttps://github.com/user-attachments/assets/2a20fcfe-ffc0-4547-8621-7ac6873c8dc9\r\n\r\nhttps://github.com/user-attachments/assets/50b5cf5a-ea3f-4c22-a443-b5d4056a92c8\r\n\r\n<img
width=\"2541\" alt=\"Screenshot 2024-12-03 at 14 06 29\"
src=\"https://github.com/user-attachments/assets/dde3fd60-6c69-4f8e-a65a-837b2319e4ac\">\r\n\r\n<img
width=\"2552\" alt=\"Screenshot 2024-12-03 at 14 06 51\"
src=\"https://github.com/user-attachments/assets/220817a6-991f-4361-88d2-ee3a47a36ad6\">\r\n\r\n<img
width=\"2555\" alt=\"Screenshot 2024-12-03 at 14 07 52\"
src=\"https://github.com/user-attachments/assets/c46fc49c-9ce1-4472-bdea-f9507aa62ece\">\r\n\r\n<img
width=\"2553\" alt=\"Screenshot 2024-12-03 at 14 08 18\"
src=\"https://github.com/user-attachments/assets/92388c56-8644-4c54-8727-b9a73b3497d1\">","sha":"b0c7a8ce4f0ea528a7f96246e7f2a46d17f61d3f"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Maxim Palenov <maxim.palenov@elastic.co>
markov00 pushed a commit to markov00/kibana that referenced this pull request Dec 7, 2024
…validation errors (elastic#202544)

**Addresses:** elastic#171520

## Summary

This PR adds functionality to allow users save EQL and ES|QL queries in Prebuilt Rule Customization workflow by displaying a confirmation modal with non critical validation errors (a.k.a warnings). It also refactors confirmation modal usage in rule creation/editing forms for better reusability.

## Screenshots

<img width="1909" alt="Screenshot 2024-12-03 at 14 01 36" src="https://github.com/user-attachments/assets/c0054fc1-b52b-400f-80d7-af42391f4e18">

https://github.com/user-attachments/assets/2a20fcfe-ffc0-4547-8621-7ac6873c8dc9

https://github.com/user-attachments/assets/50b5cf5a-ea3f-4c22-a443-b5d4056a92c8

<img width="2541" alt="Screenshot 2024-12-03 at 14 06 29" src="https://github.com/user-attachments/assets/dde3fd60-6c69-4f8e-a65a-837b2319e4ac">

<img width="2552" alt="Screenshot 2024-12-03 at 14 06 51" src="https://github.com/user-attachments/assets/220817a6-991f-4361-88d2-ee3a47a36ad6">

<img width="2555" alt="Screenshot 2024-12-03 at 14 07 52" src="https://github.com/user-attachments/assets/c46fc49c-9ce1-4472-bdea-f9507aa62ece">

<img width="2553" alt="Screenshot 2024-12-03 at 14 08 18" src="https://github.com/user-attachments/assets/92388c56-8644-4c54-8727-b9a73b3497d1">
SoniaSanzV pushed a commit to SoniaSanzV/kibana that referenced this pull request Dec 9, 2024
…validation errors (elastic#202544)

**Addresses:** elastic#171520

## Summary

This PR adds functionality to allow users save EQL and ES|QL queries in Prebuilt Rule Customization workflow by displaying a confirmation modal with non critical validation errors (a.k.a warnings). It also refactors confirmation modal usage in rule creation/editing forms for better reusability.

## Screenshots

<img width="1909" alt="Screenshot 2024-12-03 at 14 01 36" src="https://github.com/user-attachments/assets/c0054fc1-b52b-400f-80d7-af42391f4e18">

https://github.com/user-attachments/assets/2a20fcfe-ffc0-4547-8621-7ac6873c8dc9

https://github.com/user-attachments/assets/50b5cf5a-ea3f-4c22-a443-b5d4056a92c8

<img width="2541" alt="Screenshot 2024-12-03 at 14 06 29" src="https://github.com/user-attachments/assets/dde3fd60-6c69-4f8e-a65a-837b2319e4ac">

<img width="2552" alt="Screenshot 2024-12-03 at 14 06 51" src="https://github.com/user-attachments/assets/220817a6-991f-4361-88d2-ee3a47a36ad6">

<img width="2555" alt="Screenshot 2024-12-03 at 14 07 52" src="https://github.com/user-attachments/assets/c46fc49c-9ce1-4472-bdea-f9507aa62ece">

<img width="2553" alt="Screenshot 2024-12-03 at 14 08 18" src="https://github.com/user-attachments/assets/92388c56-8644-4c54-8727-b9a73b3497d1">
SoniaSanzV pushed a commit to SoniaSanzV/kibana that referenced this pull request Dec 9, 2024
…validation errors (elastic#202544)

**Addresses:** elastic#171520

## Summary

This PR adds functionality to allow users save EQL and ES|QL queries in Prebuilt Rule Customization workflow by displaying a confirmation modal with non critical validation errors (a.k.a warnings). It also refactors confirmation modal usage in rule creation/editing forms for better reusability.

## Screenshots

<img width="1909" alt="Screenshot 2024-12-03 at 14 01 36" src="https://github.com/user-attachments/assets/c0054fc1-b52b-400f-80d7-af42391f4e18">

https://github.com/user-attachments/assets/2a20fcfe-ffc0-4547-8621-7ac6873c8dc9

https://github.com/user-attachments/assets/50b5cf5a-ea3f-4c22-a443-b5d4056a92c8

<img width="2541" alt="Screenshot 2024-12-03 at 14 06 29" src="https://github.com/user-attachments/assets/dde3fd60-6c69-4f8e-a65a-837b2319e4ac">

<img width="2552" alt="Screenshot 2024-12-03 at 14 06 51" src="https://github.com/user-attachments/assets/220817a6-991f-4361-88d2-ee3a47a36ad6">

<img width="2555" alt="Screenshot 2024-12-03 at 14 07 52" src="https://github.com/user-attachments/assets/c46fc49c-9ce1-4472-bdea-f9507aa62ece">

<img width="2553" alt="Screenshot 2024-12-03 at 14 08 18" src="https://github.com/user-attachments/assets/92388c56-8644-4c54-8727-b9a73b3497d1">
CAWilson94 pushed a commit to CAWilson94/kibana that referenced this pull request Dec 9, 2024
…validation errors (elastic#202544)

**Addresses:** elastic#171520

## Summary

This PR adds functionality to allow users save EQL and ES|QL queries in Prebuilt Rule Customization workflow by displaying a confirmation modal with non critical validation errors (a.k.a warnings). It also refactors confirmation modal usage in rule creation/editing forms for better reusability.

## Screenshots

<img width="1909" alt="Screenshot 2024-12-03 at 14 01 36" src="https://github.com/user-attachments/assets/c0054fc1-b52b-400f-80d7-af42391f4e18">

https://github.com/user-attachments/assets/2a20fcfe-ffc0-4547-8621-7ac6873c8dc9

https://github.com/user-attachments/assets/50b5cf5a-ea3f-4c22-a443-b5d4056a92c8

<img width="2541" alt="Screenshot 2024-12-03 at 14 06 29" src="https://github.com/user-attachments/assets/dde3fd60-6c69-4f8e-a65a-837b2319e4ac">

<img width="2552" alt="Screenshot 2024-12-03 at 14 06 51" src="https://github.com/user-attachments/assets/220817a6-991f-4361-88d2-ee3a47a36ad6">

<img width="2555" alt="Screenshot 2024-12-03 at 14 07 52" src="https://github.com/user-attachments/assets/c46fc49c-9ce1-4472-bdea-f9507aa62ece">

<img width="2553" alt="Screenshot 2024-12-03 at 14 08 18" src="https://github.com/user-attachments/assets/92388c56-8644-4c54-8727-b9a73b3497d1">
Samiul-TheSoccerFan pushed a commit to Samiul-TheSoccerFan/kibana that referenced this pull request Dec 10, 2024
…validation errors (elastic#202544)

**Addresses:** elastic#171520

## Summary

This PR adds functionality to allow users save EQL and ES|QL queries in Prebuilt Rule Customization workflow by displaying a confirmation modal with non critical validation errors (a.k.a warnings). It also refactors confirmation modal usage in rule creation/editing forms for better reusability.

## Screenshots

<img width="1909" alt="Screenshot 2024-12-03 at 14 01 36" src="https://github.com/user-attachments/assets/c0054fc1-b52b-400f-80d7-af42391f4e18">

https://github.com/user-attachments/assets/2a20fcfe-ffc0-4547-8621-7ac6873c8dc9

https://github.com/user-attachments/assets/50b5cf5a-ea3f-4c22-a443-b5d4056a92c8

<img width="2541" alt="Screenshot 2024-12-03 at 14 06 29" src="https://github.com/user-attachments/assets/dde3fd60-6c69-4f8e-a65a-837b2319e4ac">

<img width="2552" alt="Screenshot 2024-12-03 at 14 06 51" src="https://github.com/user-attachments/assets/220817a6-991f-4361-88d2-ee3a47a36ad6">

<img width="2555" alt="Screenshot 2024-12-03 at 14 07 52" src="https://github.com/user-attachments/assets/c46fc49c-9ce1-4472-bdea-f9507aa62ece">

<img width="2553" alt="Screenshot 2024-12-03 at 14 08 18" src="https://github.com/user-attachments/assets/92388c56-8644-4c54-8727-b9a73b3497d1">
mykolaharmash pushed a commit to mykolaharmash/kibana that referenced this pull request Dec 11, 2024
…validation errors (elastic#202544)

**Addresses:** elastic#171520

## Summary

This PR adds functionality to allow users save EQL and ES|QL queries in Prebuilt Rule Customization workflow by displaying a confirmation modal with non critical validation errors (a.k.a warnings). It also refactors confirmation modal usage in rule creation/editing forms for better reusability.

## Screenshots

<img width="1909" alt="Screenshot 2024-12-03 at 14 01 36" src="https://github.com/user-attachments/assets/c0054fc1-b52b-400f-80d7-af42391f4e18">

https://github.com/user-attachments/assets/2a20fcfe-ffc0-4547-8621-7ac6873c8dc9

https://github.com/user-attachments/assets/50b5cf5a-ea3f-4c22-a443-b5d4056a92c8

<img width="2541" alt="Screenshot 2024-12-03 at 14 06 29" src="https://github.com/user-attachments/assets/dde3fd60-6c69-4f8e-a65a-837b2319e4ac">

<img width="2552" alt="Screenshot 2024-12-03 at 14 06 51" src="https://github.com/user-attachments/assets/220817a6-991f-4361-88d2-ee3a47a36ad6">

<img width="2555" alt="Screenshot 2024-12-03 at 14 07 52" src="https://github.com/user-attachments/assets/c46fc49c-9ce1-4472-bdea-f9507aa62ece">

<img width="2553" alt="Screenshot 2024-12-03 at 14 08 18" src="https://github.com/user-attachments/assets/92388c56-8644-4c54-8727-b9a73b3497d1">
CAWilson94 pushed a commit to CAWilson94/kibana that referenced this pull request Dec 12, 2024
…validation errors (elastic#202544)

**Addresses:** elastic#171520

## Summary

This PR adds functionality to allow users save EQL and ES|QL queries in Prebuilt Rule Customization workflow by displaying a confirmation modal with non critical validation errors (a.k.a warnings). It also refactors confirmation modal usage in rule creation/editing forms for better reusability.

## Screenshots

<img width="1909" alt="Screenshot 2024-12-03 at 14 01 36" src="https://github.com/user-attachments/assets/c0054fc1-b52b-400f-80d7-af42391f4e18">

https://github.com/user-attachments/assets/2a20fcfe-ffc0-4547-8621-7ac6873c8dc9

https://github.com/user-attachments/assets/50b5cf5a-ea3f-4c22-a443-b5d4056a92c8

<img width="2541" alt="Screenshot 2024-12-03 at 14 06 29" src="https://github.com/user-attachments/assets/dde3fd60-6c69-4f8e-a65a-837b2319e4ac">

<img width="2552" alt="Screenshot 2024-12-03 at 14 06 51" src="https://github.com/user-attachments/assets/220817a6-991f-4361-88d2-ee3a47a36ad6">

<img width="2555" alt="Screenshot 2024-12-03 at 14 07 52" src="https://github.com/user-attachments/assets/c46fc49c-9ce1-4472-bdea-f9507aa62ece">

<img width="2553" alt="Screenshot 2024-12-03 at 14 08 18" src="https://github.com/user-attachments/assets/92388c56-8644-4c54-8727-b9a73b3497d1">
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport:version Backport to applied version labels Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area release_note:skip Skip the PR/issue when compiling release notes Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.18.0 v9.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants