Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] Editing rules independently of source data (#180407) #191487

Merged
merged 10 commits into from
Aug 30, 2024

Conversation

e40pud
Copy link
Contributor

@e40pud e40pud commented Aug 27, 2024

Summary

Addresses #180407
Addresses #178611

With these changes we allow user to create and update a rule even if there are certain query bar validation error exist. Right now, we will make any non-syntax validation errors in EQL and ES|QL rules types to be non-blocking during the rule creation and rule updating workflows.

Screenshot of the EQL rule creation workflow with existing non-blocking validation errors:

Screen.Recording.2024-08-27.at.13.44.14.mov

Screenshot of the EQL rule updating workflow with existing non-blocking validation errors:

Screen.Recording.2024-08-27.at.13.46.19.mov

UPDATE

After discussing confirmation modal with @approksiu, we decided to simplify it and show only title with generic description to avoid too be too literal in the modal. User can see the full error description during rule creation/editing workflows in the query bar where we show each validation error as part of the query bar form item.

Screenshot 2024-08-28 at 12 50 14

Some test cases for local testing

Create EQL rule with missing data source

Steps:

  1. Open rules management page
  2. Click create new rule button
  3. Select EQL rule type
  4. Set non-existing index in index patterns field
  5. Add some valid EQL query (for example any where true)
  6. Continue with other steps
  7. Click create rule button

Expected: You will see the confirmation modal that warns user about potentially failing rule executions. Clicking Confirm button will create a rule.

Create EQL rule with missing data field

Steps:

  1. Open rules management page
  2. Click create new rule button
  3. Select EQL rule type
  4. Set existing indices in index patterns field
  5. Add some valid EQL query referring non-existing data field (for example any where agent.non_existing_field)
  6. Continue with other steps
  7. Click create rule button

Expected: You will see the confirmation modal that warns user about potentially failing rule executions. Clicking Confirm button will create a rule.

Create EQL rule with syntax error in the query

Steps:

  1. Open rules management page
  2. Click create new rule button
  3. Select EQL rule type
  4. Set existing indices in index patterns field
  5. Add some syntactically invalid EQL query (for example hello world)

Expected: The continue button does not allow user to proceed to the About step due to existing syntax error.

Create ES|QL rule with missing data source

Steps:

  1. Open rules management page
  2. Click create new rule button
  3. Select ES|QL rule type
  4. Add some valid ES|QL query with non-existing data source (for example from non-existing-index-* metadata _id, _version, _index | SORT @timestamp)
  5. Continue with other steps
  6. Click create rule button

Expected: You will see the confirmation modal that warns user about potentially failing rule executions. Clicking Confirm button will create a rule.

Create ES|QL rule with missing data field

Steps:

  1. Open rules management page
  2. Click create new rule button
  3. Select ES|QL rule type
  4. Add some valid ES|QL query with non-existing data field (for example from logs-* metadata _id, _version, _index | SORT agent.non_existing_field)
  5. Continue with other steps
  6. Click create rule button

Expected: You will see the confirmation modal that warns user about potentially failing rule executions. Clicking Confirm button will create a rule.

Create ES|QL rule with syntax error in the query

Steps:

  1. Open rules management page
  2. Click create new rule button
  3. Select ES|QL rule type
  4. Add some syntactically invalid ES|QL query (for example hello world)

Expected: The continue button does not allow user to proceed to the About step due to existing syntax error.

Same behaviour applies to the rule updating workflow. For example, you can try to install one of the EQL or ES|QL rules that point to non-existing data source or uses non-existing data field. User can still update (add rule actions) to such installed pre-built rules.

Checklist

Delete any items that are not applicable to this PR.

@e40pud e40pud added Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. release_note:feature Makes this part of the condensed release notes ci:cloud-deploy Create or update a Cloud deployment Team:Detection Engine Security Solution Detection Engine Area ci:project-deploy-security Create a Security Serverless Project labels Aug 27, 2024
@e40pud e40pud self-assigned this Aug 27, 2024
@e40pud
Copy link
Contributor Author

e40pud commented Aug 27, 2024

/ci

@e40pud
Copy link
Contributor Author

e40pud commented Aug 27, 2024

/ci

@e40pud
Copy link
Contributor Author

e40pud commented Aug 27, 2024

@elasticmachine merge upstream

@e40pud
Copy link
Contributor Author

e40pud commented Aug 27, 2024

/ci

@e40pud
Copy link
Contributor Author

e40pud commented Aug 27, 2024

/ci

@e40pud e40pud requested review from jpdjere and vitaliidm August 27, 2024 18:07
@e40pud e40pud marked this pull request as ready for review August 27, 2024 18:07
@e40pud e40pud requested a review from a team as a code owner August 27, 2024 18:07
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-engine (Team:Detection Engine)

@e40pud
Copy link
Contributor Author

e40pud commented Aug 28, 2024

@elasticmachine merge upstream

@elastic elastic deleted a comment from kibanamachine Aug 29, 2024
@elastic elastic deleted a comment from kibanamachine Aug 29, 2024
Copy link
Contributor

@vitaliidm vitaliidm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for implementing this @e40pud
Looks good, just few minor comments from me

@@ -559,7 +633,8 @@ const CreateRulePageComponent: React.FC = () => {
);
const memoDefineStepExtraAction = useMemo(
() =>
defineStepForm.isValid && (
defineStepForm.isValid !== undefined &&
activeStep !== RuleStep.defineRule && (
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why extra condition is needed here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added comments

* 2.0.
*/

import React from 'react';
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@e40pud

is this fine user that user sees some error, but can't go to Definition tab or see error itself?

Screenshot 2024-08-29 at 10 24 40

I imagine it will be a case until full support of prebuilt rule editing will be released.
But before that, it can affect Serverless releases

Copy link
Contributor Author

@e40pud e40pud Aug 29, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What you see right now is the current behaviour on both ESS and Serverless. Users are unable to modify prebuilt rules. They have to duplicate prebuilt rules right now to be able to adjust rule's properties.

The whole "rule customization" effort will allow user to do that without duplication.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am aware, prebuilt rule can't be modified.
It's the fact that we show user step is invalid without showing actual error and additional information how that can affect rule's behavior.

Is there a way for user in this situation to see actual error?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As discussed here is the ticket to discuss this behaviour #191832

…creation_ui/pages/translations.ts

Co-authored-by: Vitalii Dmyterko <[email protected]>
@e40pud
Copy link
Contributor Author

e40pud commented Aug 29, 2024

@elasticmachine merge upstream

@e40pud
Copy link
Contributor Author

e40pud commented Aug 29, 2024

@elasticmachine merge upstream

elasticmachine and others added 2 commits August 29, 2024 15:34
- memoize callbacks
- clarify multiple EQL validation errors functionality
- comments to clarify step editing button visibility conditions
- add unit tests for `useRuleFormsErrors`
@e40pud e40pud requested a review from a team as a code owner August 29, 2024 14:35
@elastic elastic deleted a comment from kibanamachine Aug 29, 2024
@kibana-ci
Copy link
Collaborator

kibana-ci commented Aug 29, 2024

💛 Build succeeded, but was flaky

Failed CI Steps

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 5725 5727 +2

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 18.0MB 18.0MB +7.6KB

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @e40pud

@kibanamachine
Copy link
Contributor

Flaky Test Runner Stats

🟠 Some tests failed. - kibana-flaky-test-suite-runner#6830

[❌] Security Solution Rule Management - Cypress: 75/100 tests passed.
[✅] [Serverless] Security Solution Rule Management - Cypress: 100/100 tests passed.

see run history

@vitaliidm vitaliidm self-requested a review August 30, 2024 09:53
@e40pud e40pud merged commit 32fb434 into elastic:main Aug 30, 2024
43 checks passed
@kibanamachine kibanamachine added v8.16.0 backport:skip This commit does not require backporting labels Aug 30, 2024
@kibanamachine
Copy link
Contributor

Flaky Test Runner Stats

🟠 Some tests failed. - kibana-flaky-test-suite-runner#6828

[❌] Security Solution Detection Engine - Cypress: 30/100 tests passed.
[❌] [Serverless] Security Solution Detection Engine - Cypress: 42/100 tests passed.

see run history

@kibanamachine
Copy link
Contributor

Flaky Test Runner Stats

🟠 Some tests failed. - kibana-flaky-test-suite-runner#6831

[❌] Security Solution Detection Engine - Cypress: 49/100 tests passed.
[❌] [Serverless] Security Solution Detection Engine - Cypress: 36/100 tests passed.

see run history

e40pud added a commit that referenced this pull request Sep 13, 2024
… editing (#191832) (#192683)

## Summary

Partially addressed #191832

With these changes:
- We revert to the
#180407 (comment).
Specifically, we return back the validation errors to the modal window.
An example of this modal is in the ticket description.
- Additionally, on the Rule Editing page and **only for prebuilt rules**
we: 1) hide the callout that says "You have an invalid input in this
tab: ...", and 2) we don't show the modal if there are any data
validation errors. We shouldn't show this modal and this callout until
we release the prebuilt rule customization feature. 3) We will only
validate the Actions tab.
- Fix MKI flaky cypress tests introduced in
#191487
([1](https://buildkite.com/organizations/elastic/analytics/suites/serverless-mki-cypress-detection-engine/tests/b1f442af-db44-8029-a9fb-7e3d988303b3?branch=main),
[2](https://buildkite.com/organizations/elastic/analytics/suites/serverless-mki-cypress-detection-engine/tests/995655b6-ae70-86fd-b483-c65846cd8d66?branch=main),
[3](https://buildkite.com/organizations/elastic/analytics/suites/serverless-mki-cypress-detection-engine/tests/02318f5c-6ca1-8779-a5a4-60f52a55b344?branch=main)).
All three tests are failing due to missing
`[data-test-subj="eqlRuleType"]` element. After checking and comparing
my tests to other similar tests in the file, the only difference that
I've found was extra `login();` call. Thus removing those.

Here is the screen recording showing the new behaviour for prebuilt
rules. The has missing data source query validation error, though we do
not show it and allow user just to save the rule. Only Actions tab is
validated on rule save action.


https://github.com/user-attachments/assets/ce968f51-1a53-41b2-ad06-1b31dec085a6


### Checklist

Delete any items that are not applicable to this PR.

- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
* [Detection Engine -
Cypress](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6925)
(100 ESS & 100 Serverless)
* [Rule Management -
Cypress](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6926)
(100 ESS & 100 Serverless)
* [Prebuilt Rules -
Cypress](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6927)
(100 ESS & 100 Serverless)
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Sep 13, 2024
… editing (elastic#191832) (elastic#192683)

## Summary

Partially addressed elastic#191832

With these changes:
- We revert to the
elastic#180407 (comment).
Specifically, we return back the validation errors to the modal window.
An example of this modal is in the ticket description.
- Additionally, on the Rule Editing page and **only for prebuilt rules**
we: 1) hide the callout that says "You have an invalid input in this
tab: ...", and 2) we don't show the modal if there are any data
validation errors. We shouldn't show this modal and this callout until
we release the prebuilt rule customization feature. 3) We will only
validate the Actions tab.
- Fix MKI flaky cypress tests introduced in
elastic#191487
([1](https://buildkite.com/organizations/elastic/analytics/suites/serverless-mki-cypress-detection-engine/tests/b1f442af-db44-8029-a9fb-7e3d988303b3?branch=main),
[2](https://buildkite.com/organizations/elastic/analytics/suites/serverless-mki-cypress-detection-engine/tests/995655b6-ae70-86fd-b483-c65846cd8d66?branch=main),
[3](https://buildkite.com/organizations/elastic/analytics/suites/serverless-mki-cypress-detection-engine/tests/02318f5c-6ca1-8779-a5a4-60f52a55b344?branch=main)).
All three tests are failing due to missing
`[data-test-subj="eqlRuleType"]` element. After checking and comparing
my tests to other similar tests in the file, the only difference that
I've found was extra `login();` call. Thus removing those.

Here is the screen recording showing the new behaviour for prebuilt
rules. The has missing data source query validation error, though we do
not show it and allow user just to save the rule. Only Actions tab is
validated on rule save action.

https://github.com/user-attachments/assets/ce968f51-1a53-41b2-ad06-1b31dec085a6

### Checklist

Delete any items that are not applicable to this PR.

- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
* [Detection Engine -
Cypress](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6925)
(100 ESS & 100 Serverless)
* [Rule Management -
Cypress](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6926)
(100 ESS & 100 Serverless)
* [Prebuilt Rules -
Cypress](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6927)
(100 ESS & 100 Serverless)

(cherry picked from commit c937e95)
kibanamachine added a commit that referenced this pull request Sep 13, 2024
…t rule editing (#191832) (#192683) (#192819)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[Security Solution] Add validation error description on prebuilt rule
editing (#191832)
(#192683)](#192683)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Ievgen
Sorokopud","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-09-13T08:37:39Z","message":"[Security
Solution] Add validation error description on prebuilt rule editing
(#191832) (#192683)\n\n## Summary\r\n\r\nPartially addressed
https://github.com/elastic/kibana/issues/191832\r\n\r\nWith these
changes:\r\n- We revert to
the\r\nhttps://github.com//issues/180407#issuecomment-2312891214.\r\nSpecifically,
we return back the validation errors to the modal window.\r\nAn example
of this modal is in the ticket description.\r\n- Additionally, on the
Rule Editing page and **only for prebuilt rules**\r\nwe: 1) hide the
callout that says \"You have an invalid input in this\r\ntab: ...\", and
2) we don't show the modal if there are any data\r\nvalidation errors.
We shouldn't show this modal and this callout until\r\nwe release the
prebuilt rule customization feature. 3) We will only\r\nvalidate the
Actions tab.\r\n- Fix MKI flaky cypress tests introduced
in\r\nhttps://github.com//pull/191487\r\n([1](https://buildkite.com/organizations/elastic/analytics/suites/serverless-mki-cypress-detection-engine/tests/b1f442af-db44-8029-a9fb-7e3d988303b3?branch=main),\r\n[2](https://buildkite.com/organizations/elastic/analytics/suites/serverless-mki-cypress-detection-engine/tests/995655b6-ae70-86fd-b483-c65846cd8d66?branch=main),\r\n[3](https://buildkite.com/organizations/elastic/analytics/suites/serverless-mki-cypress-detection-engine/tests/02318f5c-6ca1-8779-a5a4-60f52a55b344?branch=main)).\r\nAll
three tests are failing due to
missing\r\n`[data-test-subj=\"eqlRuleType\"]` element. After checking
and comparing\r\nmy tests to other similar tests in the file, the only
difference that\r\nI've found was extra `login();` call. Thus removing
those.\r\n\r\nHere is the screen recording showing the new behaviour for
prebuilt\r\nrules. The has missing data source query validation error,
though we do\r\nnot show it and allow user just to save the rule. Only
Actions tab is\r\nvalidated on rule save
action.\r\n\r\n\r\nhttps://github.com/user-attachments/assets/ce968f51-1a53-41b2-ad06-1b31dec085a6\r\n\r\n\r\n###
Checklist\r\n\r\nDelete any items that are not applicable to this
PR.\r\n\r\n- [ ] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests changed\r\n* [Detection Engine
-\r\nCypress](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6925)\r\n(100
ESS & 100 Serverless)\r\n* [Rule Management
-\r\nCypress](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6926)\r\n(100
ESS & 100 Serverless)\r\n* [Prebuilt Rules
-\r\nCypress](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6927)\r\n(100
ESS & 100
Serverless)","sha":"c937e95e3137821b510fa480ee28f0cf3afb85ad","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:
SecuritySolution","ci:cloud-deploy","Team:Detection
Engine","ci:project-deploy-security","v8.16.0"],"title":"[Security
Solution] Add validation error description on prebuilt rule editing
(#191832)","number":192683,"url":"https://github.com/elastic/kibana/pull/192683","mergeCommit":{"message":"[Security
Solution] Add validation error description on prebuilt rule editing
(#191832) (#192683)\n\n## Summary\r\n\r\nPartially addressed
https://github.com/elastic/kibana/issues/191832\r\n\r\nWith these
changes:\r\n- We revert to
the\r\nhttps://github.com//issues/180407#issuecomment-2312891214.\r\nSpecifically,
we return back the validation errors to the modal window.\r\nAn example
of this modal is in the ticket description.\r\n- Additionally, on the
Rule Editing page and **only for prebuilt rules**\r\nwe: 1) hide the
callout that says \"You have an invalid input in this\r\ntab: ...\", and
2) we don't show the modal if there are any data\r\nvalidation errors.
We shouldn't show this modal and this callout until\r\nwe release the
prebuilt rule customization feature. 3) We will only\r\nvalidate the
Actions tab.\r\n- Fix MKI flaky cypress tests introduced
in\r\nhttps://github.com//pull/191487\r\n([1](https://buildkite.com/organizations/elastic/analytics/suites/serverless-mki-cypress-detection-engine/tests/b1f442af-db44-8029-a9fb-7e3d988303b3?branch=main),\r\n[2](https://buildkite.com/organizations/elastic/analytics/suites/serverless-mki-cypress-detection-engine/tests/995655b6-ae70-86fd-b483-c65846cd8d66?branch=main),\r\n[3](https://buildkite.com/organizations/elastic/analytics/suites/serverless-mki-cypress-detection-engine/tests/02318f5c-6ca1-8779-a5a4-60f52a55b344?branch=main)).\r\nAll
three tests are failing due to
missing\r\n`[data-test-subj=\"eqlRuleType\"]` element. After checking
and comparing\r\nmy tests to other similar tests in the file, the only
difference that\r\nI've found was extra `login();` call. Thus removing
those.\r\n\r\nHere is the screen recording showing the new behaviour for
prebuilt\r\nrules. The has missing data source query validation error,
though we do\r\nnot show it and allow user just to save the rule. Only
Actions tab is\r\nvalidated on rule save
action.\r\n\r\n\r\nhttps://github.com/user-attachments/assets/ce968f51-1a53-41b2-ad06-1b31dec085a6\r\n\r\n\r\n###
Checklist\r\n\r\nDelete any items that are not applicable to this
PR.\r\n\r\n- [ ] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests changed\r\n* [Detection Engine
-\r\nCypress](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6925)\r\n(100
ESS & 100 Serverless)\r\n* [Rule Management
-\r\nCypress](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6926)\r\n(100
ESS & 100 Serverless)\r\n* [Prebuilt Rules
-\r\nCypress](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6927)\r\n(100
ESS & 100
Serverless)","sha":"c937e95e3137821b510fa480ee28f0cf3afb85ad"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/192683","number":192683,"mergeCommit":{"message":"[Security
Solution] Add validation error description on prebuilt rule editing
(#191832) (#192683)\n\n## Summary\r\n\r\nPartially addressed
https://github.com/elastic/kibana/issues/191832\r\n\r\nWith these
changes:\r\n- We revert to
the\r\nhttps://github.com//issues/180407#issuecomment-2312891214.\r\nSpecifically,
we return back the validation errors to the modal window.\r\nAn example
of this modal is in the ticket description.\r\n- Additionally, on the
Rule Editing page and **only for prebuilt rules**\r\nwe: 1) hide the
callout that says \"You have an invalid input in this\r\ntab: ...\", and
2) we don't show the modal if there are any data\r\nvalidation errors.
We shouldn't show this modal and this callout until\r\nwe release the
prebuilt rule customization feature. 3) We will only\r\nvalidate the
Actions tab.\r\n- Fix MKI flaky cypress tests introduced
in\r\nhttps://github.com//pull/191487\r\n([1](https://buildkite.com/organizations/elastic/analytics/suites/serverless-mki-cypress-detection-engine/tests/b1f442af-db44-8029-a9fb-7e3d988303b3?branch=main),\r\n[2](https://buildkite.com/organizations/elastic/analytics/suites/serverless-mki-cypress-detection-engine/tests/995655b6-ae70-86fd-b483-c65846cd8d66?branch=main),\r\n[3](https://buildkite.com/organizations/elastic/analytics/suites/serverless-mki-cypress-detection-engine/tests/02318f5c-6ca1-8779-a5a4-60f52a55b344?branch=main)).\r\nAll
three tests are failing due to
missing\r\n`[data-test-subj=\"eqlRuleType\"]` element. After checking
and comparing\r\nmy tests to other similar tests in the file, the only
difference that\r\nI've found was extra `login();` call. Thus removing
those.\r\n\r\nHere is the screen recording showing the new behaviour for
prebuilt\r\nrules. The has missing data source query validation error,
though we do\r\nnot show it and allow user just to save the rule. Only
Actions tab is\r\nvalidated on rule save
action.\r\n\r\n\r\nhttps://github.com/user-attachments/assets/ce968f51-1a53-41b2-ad06-1b31dec085a6\r\n\r\n\r\n###
Checklist\r\n\r\nDelete any items that are not applicable to this
PR.\r\n\r\n- [ ] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests changed\r\n* [Detection Engine
-\r\nCypress](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6925)\r\n(100
ESS & 100 Serverless)\r\n* [Rule Management
-\r\nCypress](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6926)\r\n(100
ESS & 100 Serverless)\r\n* [Prebuilt Rules
-\r\nCypress](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6927)\r\n(100
ESS & 100
Serverless)","sha":"c937e95e3137821b510fa480ee28f0cf3afb85ad"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Ievgen Sorokopud <[email protected]>
dplumlee added a commit that referenced this pull request Nov 13, 2024
…e Editing page (#199550)

**Resolves: #180172

## Summary

> [!NOTE]  
> Feature is behind the `prebuiltRulesCustomizationEnabled` feature
flag.

Removes the logic gates preventing prebuilt rules from being edited via
the Rule Edit page behind the `prebuiltRulesCustomizationEnabled`
feature flag. This allows all rules types to be fully editable via the
UI.

Also removes the muting logic we had in place for `Definition` tab
warnings ([implemented
here](#191487))

### Screenshots

#### _Before_

**Prebuilt rule only has the "Actions" tab enabled, users cannot
customize anything else in the form**
![Screenshot 2024-11-08 at 3 08
15 PM](https://github.com/user-attachments/assets/b83836e6-f78f-4b3a-9fbc-55a5208250dd)


#### _After_

**Prebuilt rule now has all tabs/fields available for editing and rule
info is populated into the form**
![Screenshot 2024-11-08 at 3 02
43 PM](https://github.com/user-attachments/assets/184f6fc4-b64c-4e20-a987-76e460c61786)

### Checklist

Delete any items that are not applicable to this PR.

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios



### For maintainers

- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)
- [ ] This will appear in the **Release Notes** and follow the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

---------

Co-authored-by: Elastic Machine <[email protected]>
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Nov 13, 2024
…e Editing page (elastic#199550)

**Resolves: elastic#180172

## Summary

> [!NOTE]
> Feature is behind the `prebuiltRulesCustomizationEnabled` feature
flag.

Removes the logic gates preventing prebuilt rules from being edited via
the Rule Edit page behind the `prebuiltRulesCustomizationEnabled`
feature flag. This allows all rules types to be fully editable via the
UI.

Also removes the muting logic we had in place for `Definition` tab
warnings ([implemented
here](elastic#191487))

### Screenshots

#### _Before_

**Prebuilt rule only has the "Actions" tab enabled, users cannot
customize anything else in the form**
![Screenshot 2024-11-08 at 3 08
15 PM](https://github.com/user-attachments/assets/b83836e6-f78f-4b3a-9fbc-55a5208250dd)

#### _After_

**Prebuilt rule now has all tabs/fields available for editing and rule
info is populated into the form**
![Screenshot 2024-11-08 at 3 02
43 PM](https://github.com/user-attachments/assets/184f6fc4-b64c-4e20-a987-76e460c61786)

### Checklist

Delete any items that are not applicable to this PR.

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

### For maintainers

- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)
- [ ] This will appear in the **Release Notes** and follow the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

---------

Co-authored-by: Elastic Machine <[email protected]>
(cherry picked from commit d6e6145)
CAWilson94 pushed a commit to CAWilson94/kibana that referenced this pull request Nov 18, 2024
…e Editing page (elastic#199550)

**Resolves: elastic#180172

## Summary

> [!NOTE]  
> Feature is behind the `prebuiltRulesCustomizationEnabled` feature
flag.

Removes the logic gates preventing prebuilt rules from being edited via
the Rule Edit page behind the `prebuiltRulesCustomizationEnabled`
feature flag. This allows all rules types to be fully editable via the
UI.

Also removes the muting logic we had in place for `Definition` tab
warnings ([implemented
here](elastic#191487))

### Screenshots

#### _Before_

**Prebuilt rule only has the "Actions" tab enabled, users cannot
customize anything else in the form**
![Screenshot 2024-11-08 at 3 08
15 PM](https://github.com/user-attachments/assets/b83836e6-f78f-4b3a-9fbc-55a5208250dd)


#### _After_

**Prebuilt rule now has all tabs/fields available for editing and rule
info is populated into the form**
![Screenshot 2024-11-08 at 3 02
43 PM](https://github.com/user-attachments/assets/184f6fc4-b64c-4e20-a987-76e460c61786)

### Checklist

Delete any items that are not applicable to this PR.

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios



### For maintainers

- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)
- [ ] This will appear in the **Release Notes** and follow the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

---------

Co-authored-by: Elastic Machine <[email protected]>
CAWilson94 pushed a commit to CAWilson94/kibana that referenced this pull request Nov 18, 2024
…e Editing page (elastic#199550)

**Resolves: elastic#180172

## Summary

> [!NOTE]  
> Feature is behind the `prebuiltRulesCustomizationEnabled` feature
flag.

Removes the logic gates preventing prebuilt rules from being edited via
the Rule Edit page behind the `prebuiltRulesCustomizationEnabled`
feature flag. This allows all rules types to be fully editable via the
UI.

Also removes the muting logic we had in place for `Definition` tab
warnings ([implemented
here](elastic#191487))

### Screenshots

#### _Before_

**Prebuilt rule only has the "Actions" tab enabled, users cannot
customize anything else in the form**
![Screenshot 2024-11-08 at 3 08
15 PM](https://github.com/user-attachments/assets/b83836e6-f78f-4b3a-9fbc-55a5208250dd)


#### _After_

**Prebuilt rule now has all tabs/fields available for editing and rule
info is populated into the form**
![Screenshot 2024-11-08 at 3 02
43 PM](https://github.com/user-attachments/assets/184f6fc4-b64c-4e20-a987-76e460c61786)

### Checklist

Delete any items that are not applicable to this PR.

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios



### For maintainers

- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)
- [ ] This will appear in the **Release Notes** and follow the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

---------

Co-authored-by: Elastic Machine <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport:skip This commit does not require backporting ci:cloud-deploy Create or update a Cloud deployment ci:project-deploy-security Create a Security Serverless Project release_note:feature Makes this part of the condensed release notes Team:Detection Engine Security Solution Detection Engine Area Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.16.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants