-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Rules migration][UI] Basic rule migrations UI (#10820) #200978
[Rules migration][UI] Basic rule migrations UI (#10820) #200978
Conversation
Pinging @elastic/security-threat-hunting (Team:Threat Hunting) |
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
Pinging @elastic/security-solution (Team: SecuritySolution) |
x-pack/plugins/security_solution/public/detection_engine/rule_management/api/api.ts
Outdated
Show resolved
Hide resolved
@e40pud The SIEM rule migrations process generates detection rules as a result, but it is not part of any security detection workflow, it would be better if we decouple the code from Detections completely. This way we have explicit ownership, RBAC, licensing... The code organization is independent of where we locate the link in the nav tree, we can still place the link inside the Rules category/landing. |
x-pack/plugins/security_solution/public/siem_migrations/routes.tsx
Outdated
Show resolved
Hide resolved
.../security_solution/public/siem_migrations/rules/components/siem_migrations_table_context.tsx
Outdated
Show resolved
Hide resolved
...curity_solution/public/siem_migrations/rules/components/siem_migrations_no_items_message.tsx
Outdated
Show resolved
Hide resolved
.../plugins/security_solution/public/siem_migrations/rules/api/hooks/use_get_rule_migrations.ts
Outdated
Show resolved
Hide resolved
Additionally: * updated folder structure * simplified namings
|
||
export type TableFilterOptions = Pick<FilterOptions, 'filter'>; | ||
|
||
export const useFilterRulesToInstall = ({ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We'll need to do this on the ES side once we add pagination, but it's ok for the initial PR
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Module Count
Async chunks
Page load bundle
History
cc @e40pud |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure which file I had to review as a code owner and what was the initial code structure in this PR, but @semd's suggestion makes sense and was an important one to address.
The final code structure LGTM 👍 I left a couple of minor comments. I'd recommend to clean up the code in a follow-up PR to make sure you use descriptive names specific to the siem_migrations
subdomain. Names like RulesPage
, RulesTable
, useRulesColumns
etc are way too generic and conflict with the rule management terminology, which would make code search more difficult.
Other than that, I'm really glad we're creating a separate page and organizing the code properly 👍 Should allow us to move forward way easier.
Small reminder: when you get to researching and planning how you're going to deal with prebuilt rules, please don't forget to share your plan with me and @xcrzx before starting to work on the implementation 🙏 This would likely save all of us some time.
🚀
export const RulesTable = React.memo(RulesTableComponent); | ||
RulesTable.displayName = 'RulesTable'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we avoid ambiguity with the Rules table in the Rule management subdomain? Could be something like that:
export const RulesTable = React.memo(RulesTableComponent); | |
RulesTable.displayName = 'RulesTable'; | |
export const RuleMigrationResultsTable = React.memo(RuleMigrationResultsTableComponent); | |
RuleMigrationResultsTable.displayName = 'RuleMigrationResultsTable'; |
import { useRulePreviewFlyout } from '../hooks/use_rule_preview_flyout'; | ||
import { NoMigrations } from '../components/no_migrations'; | ||
|
||
const RulesPageComponent: React.FC = () => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please make sure we don't leave any copy-pasted names from the rule management / prebuilt rules areas...
Starting backport for target branches: 8.x https://github.com/elastic/kibana/actions/runs/11974804649 |
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…ic#200978) ## Summary [Internal link](elastic/security-team#10820) to the feature details This is a very first version of the SIEM rules migrations UI functionality. The main goal is to setup and agree on a folder structure where the feature gonna live. Tests covering feature will follow in a separate PR (see [internal link](elastic/security-team#11232) for more details). The code follows the structure of prebuilt rules feature https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/add_prebuilt_rules_table and hidden behind `siemMigrationsEnabled` feature flag. ### Key UI changes * New "SIEM Rules Migrations." rules management sub-page * Navigation between different "finished" migrations * InMemory table with all the translations within the selected migration * Translation details preview flyout with `Translation` and `Overview` tabs * User cannot modify translations via UI ### Testing locally Enable the flag ``` xpack.securitySolution.enableExperimental: ['siemMigrationsEnabled'] ``` ### Screenshot https://github.com/user-attachments/assets/a5a7e777-c5f8-40b4-be1d-1bd07a2729ac (cherry picked from commit a627e01) # Conflicts: # .github/CODEOWNERS
… (#201545) # Backport This will backport the following commits from `main` to `8.x`: - [[Rules migration][UI] Basic rule migrations UI (#10820) (#200978)](#200978) <!--- Backport version: 8.9.8 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Ievgen Sorokopud","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-22T14:48:14Z","message":"[Rules migration][UI] Basic rule migrations UI (#10820) (#200978)\n\n## Summary\r\n\r\n[Internal link](https://github.com/elastic/security-team/issues/10820)\r\nto the feature details\r\n\r\nThis is a very first version of the SIEM rules migrations UI\r\nfunctionality. The main goal is to setup and agree on a folder structure\r\nwhere the feature gonna live. Tests covering feature will follow in a\r\nseparate PR (see [internal\r\nlink](elastic/security-team#11232) for more\r\ndetails).\r\n\r\nThe code follows the structure of prebuilt rules feature\r\nhttps://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/add_prebuilt_rules_table\r\nand hidden behind `siemMigrationsEnabled` feature flag.\r\n\r\n### Key UI changes\r\n\r\n* New \"SIEM Rules Migrations.\" rules management sub-page\r\n* Navigation between different \"finished\" migrations\r\n* InMemory table with all the translations within the selected migration\r\n* Translation details preview flyout with `Translation` and `Overview`\r\ntabs\r\n* User cannot modify translations via UI\r\n\r\n### Testing locally\r\n\r\nEnable the flag\r\n\r\n```\r\nxpack.securitySolution.enableExperimental: ['siemMigrationsEnabled']\r\n```\r\n### Screenshot\r\n\r\n\r\nhttps://github.com/user-attachments/assets/a5a7e777-c5f8-40b4-be1d-1bd07a2729ac","sha":"a627e011a892e9eaa7ec234b7a08fc5572801bbc","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Threat Hunting","Team: SecuritySolution","backport:prev-minor"],"number":200978,"url":"https://github.com/elastic/kibana/pull/200978","mergeCommit":{"message":"[Rules migration][UI] Basic rule migrations UI (#10820) (#200978)\n\n## Summary\r\n\r\n[Internal link](https://github.com/elastic/security-team/issues/10820)\r\nto the feature details\r\n\r\nThis is a very first version of the SIEM rules migrations UI\r\nfunctionality. The main goal is to setup and agree on a folder structure\r\nwhere the feature gonna live. Tests covering feature will follow in a\r\nseparate PR (see [internal\r\nlink](elastic/security-team#11232) for more\r\ndetails).\r\n\r\nThe code follows the structure of prebuilt rules feature\r\nhttps://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/add_prebuilt_rules_table\r\nand hidden behind `siemMigrationsEnabled` feature flag.\r\n\r\n### Key UI changes\r\n\r\n* New \"SIEM Rules Migrations.\" rules management sub-page\r\n* Navigation between different \"finished\" migrations\r\n* InMemory table with all the translations within the selected migration\r\n* Translation details preview flyout with `Translation` and `Overview`\r\ntabs\r\n* User cannot modify translations via UI\r\n\r\n### Testing locally\r\n\r\nEnable the flag\r\n\r\n```\r\nxpack.securitySolution.enableExperimental: ['siemMigrationsEnabled']\r\n```\r\n### Screenshot\r\n\r\n\r\nhttps://github.com/user-attachments/assets/a5a7e777-c5f8-40b4-be1d-1bd07a2729ac","sha":"a627e011a892e9eaa7ec234b7a08fc5572801bbc"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/200978","number":200978,"mergeCommit":{"message":"[Rules migration][UI] Basic rule migrations UI (#10820) (#200978)\n\n## Summary\r\n\r\n[Internal link](https://github.com/elastic/security-team/issues/10820)\r\nto the feature details\r\n\r\nThis is a very first version of the SIEM rules migrations UI\r\nfunctionality. The main goal is to setup and agree on a folder structure\r\nwhere the feature gonna live. Tests covering feature will follow in a\r\nseparate PR (see [internal\r\nlink](elastic/security-team#11232) for more\r\ndetails).\r\n\r\nThe code follows the structure of prebuilt rules feature\r\nhttps://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/add_prebuilt_rules_table\r\nand hidden behind `siemMigrationsEnabled` feature flag.\r\n\r\n### Key UI changes\r\n\r\n* New \"SIEM Rules Migrations.\" rules management sub-page\r\n* Navigation between different \"finished\" migrations\r\n* InMemory table with all the translations within the selected migration\r\n* Translation details preview flyout with `Translation` and `Overview`\r\ntabs\r\n* User cannot modify translations via UI\r\n\r\n### Testing locally\r\n\r\nEnable the flag\r\n\r\n```\r\nxpack.securitySolution.enableExperimental: ['siemMigrationsEnabled']\r\n```\r\n### Screenshot\r\n\r\n\r\nhttps://github.com/user-attachments/assets/a5a7e777-c5f8-40b4-be1d-1bd07a2729ac","sha":"a627e011a892e9eaa7ec234b7a08fc5572801bbc"}}]}] BACKPORT-->
…ic#200978) ## Summary [Internal link](elastic/security-team#10820) to the feature details This is a very first version of the SIEM rules migrations UI functionality. The main goal is to setup and agree on a folder structure where the feature gonna live. Tests covering feature will follow in a separate PR (see [internal link](elastic/security-team#11232) for more details). The code follows the structure of prebuilt rules feature https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/add_prebuilt_rules_table and hidden behind `siemMigrationsEnabled` feature flag. ### Key UI changes * New "SIEM Rules Migrations." rules management sub-page * Navigation between different "finished" migrations * InMemory table with all the translations within the selected migration * Translation details preview flyout with `Translation` and `Overview` tabs * User cannot modify translations via UI ### Testing locally Enable the flag ``` xpack.securitySolution.enableExperimental: ['siemMigrationsEnabled'] ``` ### Screenshot https://github.com/user-attachments/assets/a5a7e777-c5f8-40b4-be1d-1bd07a2729ac
## Summary These are the followup updated to address feedback from my previous PRs: * Make sure to use descriptive names specific to the `siem_migrations` subdomain ([comment](#200978 (review))): > Make sure you use descriptive names specific to the siem_migrations subdomain. Names like RulesPage, RulesTable, useRulesColumns etc are way too generic and conflict with the rule management terminology, which would make code search more difficult. * Export the memo component directly everywhere ([comment](#201597 (comment))): > Could we export the memo component directly everywhere? It's shorter and it makes it easier to find the references in the IDE. * Use one hook to access APIs instead of two ([comment](#202494 (comment))): > I see that for every API request we have to implement 2 separate hooks. Why don't we add error handling to the same hook that does the useQuery? so we have everything in one hook. Or is there a reason to have them separate?
## Summary These are the followup updated to address feedback from my previous PRs: * Make sure to use descriptive names specific to the `siem_migrations` subdomain ([comment](elastic#200978 (review))): > Make sure you use descriptive names specific to the siem_migrations subdomain. Names like RulesPage, RulesTable, useRulesColumns etc are way too generic and conflict with the rule management terminology, which would make code search more difficult. * Export the memo component directly everywhere ([comment](elastic#201597 (comment))): > Could we export the memo component directly everywhere? It's shorter and it makes it easier to find the references in the IDE. * Use one hook to access APIs instead of two ([comment](elastic#202494 (comment))): > I see that for every API request we have to implement 2 separate hooks. Why don't we add error handling to the same hook that does the useQuery? so we have everything in one hook. Or is there a reason to have them separate? (cherry picked from commit 4d8f711)
## Summary These are the followup updated to address feedback from my previous PRs: * Make sure to use descriptive names specific to the `siem_migrations` subdomain ([comment](elastic#200978 (review))): > Make sure you use descriptive names specific to the siem_migrations subdomain. Names like RulesPage, RulesTable, useRulesColumns etc are way too generic and conflict with the rule management terminology, which would make code search more difficult. * Export the memo component directly everywhere ([comment](elastic#201597 (comment))): > Could we export the memo component directly everywhere? It's shorter and it makes it easier to find the references in the IDE. * Use one hook to access APIs instead of two ([comment](elastic#202494 (comment))): > I see that for every API request we have to implement 2 separate hooks. Why don't we add error handling to the same hook that does the useQuery? so we have everything in one hook. Or is there a reason to have them separate?
## Summary These are the followup updated to address feedback from my previous PRs: * Make sure to use descriptive names specific to the `siem_migrations` subdomain ([comment](elastic#200978 (review))): > Make sure you use descriptive names specific to the siem_migrations subdomain. Names like RulesPage, RulesTable, useRulesColumns etc are way too generic and conflict with the rule management terminology, which would make code search more difficult. * Export the memo component directly everywhere ([comment](elastic#201597 (comment))): > Could we export the memo component directly everywhere? It's shorter and it makes it easier to find the references in the IDE. * Use one hook to access APIs instead of two ([comment](elastic#202494 (comment))): > I see that for every API request we have to implement 2 separate hooks. Why don't we add error handling to the same hook that does the useQuery? so we have everything in one hook. Or is there a reason to have them separate?
## Summary These are the followup updated to address feedback from my previous PRs: * Make sure to use descriptive names specific to the `siem_migrations` subdomain ([comment](elastic#200978 (review))): > Make sure you use descriptive names specific to the siem_migrations subdomain. Names like RulesPage, RulesTable, useRulesColumns etc are way too generic and conflict with the rule management terminology, which would make code search more difficult. * Export the memo component directly everywhere ([comment](elastic#201597 (comment))): > Could we export the memo component directly everywhere? It's shorter and it makes it easier to find the references in the IDE. * Use one hook to access APIs instead of two ([comment](elastic#202494 (comment))): > I see that for every API request we have to implement 2 separate hooks. Why don't we add error handling to the same hook that does the useQuery? so we have everything in one hook. Or is there a reason to have them separate?
## Summary These are the followup updated to address feedback from my previous PRs: * Make sure to use descriptive names specific to the `siem_migrations` subdomain ([comment](elastic#200978 (review))): > Make sure you use descriptive names specific to the siem_migrations subdomain. Names like RulesPage, RulesTable, useRulesColumns etc are way too generic and conflict with the rule management terminology, which would make code search more difficult. * Export the memo component directly everywhere ([comment](elastic#201597 (comment))): > Could we export the memo component directly everywhere? It's shorter and it makes it easier to find the references in the IDE. * Use one hook to access APIs instead of two ([comment](elastic#202494 (comment))): > I see that for every API request we have to implement 2 separate hooks. Why don't we add error handling to the same hook that does the useQuery? so we have everything in one hook. Or is there a reason to have them separate?
…ic#200978) ## Summary [Internal link](elastic/security-team#10820) to the feature details This is a very first version of the SIEM rules migrations UI functionality. The main goal is to setup and agree on a folder structure where the feature gonna live. Tests covering feature will follow in a separate PR (see [internal link](elastic/security-team#11232) for more details). The code follows the structure of prebuilt rules feature https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/add_prebuilt_rules_table and hidden behind `siemMigrationsEnabled` feature flag. ### Key UI changes * New "SIEM Rules Migrations." rules management sub-page * Navigation between different "finished" migrations * InMemory table with all the translations within the selected migration * Translation details preview flyout with `Translation` and `Overview` tabs * User cannot modify translations via UI ### Testing locally Enable the flag ``` xpack.securitySolution.enableExperimental: ['siemMigrationsEnabled'] ``` ### Screenshot https://github.com/user-attachments/assets/a5a7e777-c5f8-40b4-be1d-1bd07a2729ac
## Summary These are the followup updated to address feedback from my previous PRs: * Make sure to use descriptive names specific to the `siem_migrations` subdomain ([comment](elastic#200978 (review))): > Make sure you use descriptive names specific to the siem_migrations subdomain. Names like RulesPage, RulesTable, useRulesColumns etc are way too generic and conflict with the rule management terminology, which would make code search more difficult. * Export the memo component directly everywhere ([comment](elastic#201597 (comment))): > Could we export the memo component directly everywhere? It's shorter and it makes it easier to find the references in the IDE. * Use one hook to access APIs instead of two ([comment](elastic#202494 (comment))): > I see that for every API request we have to implement 2 separate hooks. Why don't we add error handling to the same hook that does the useQuery? so we have everything in one hook. Or is there a reason to have them separate?
Summary
Internal link to the feature details
This is a very first version of the SIEM rules migrations UI functionality. The main goal is to setup and agree on a folder structure where the feature gonna live. Tests covering feature will follow in a separate PR (see internal link for more details).
The code follows the structure of prebuilt rules feature https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/add_prebuilt_rules_table and hidden behind
siemMigrationsEnabled
feature flag.Key UI changes
Translation
andOverview
tabsTesting locally
Enable the flag
Screenshot
Screen.Recording.2024-11-20.at.17.06.50.mov