github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 09:48:58 -04:00
Code Issues Projects Releases Packages Wiki Activity

[8.x] [Detection Engine] Remove technical preview for certain rule types of alert suppression (#195425) (#195694)

Browse source 
# Backport

This will backport the following commits from `main` to `8.x`:
- [[Detection Engine] Remove technical preview for certain rule types of
alert suppression
(#195425)](https://github.com/elastic/kibana/pull/195425)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Yara
Tercero","email":"yctercero@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-10-10T00:14:03Z","message":"[Detection
Engine] Remove technical preview for certain rule types of alert
suppression (#195425)\n\n## Summary\r\n\r\nGA-ing alert suppression for
IM rule, ML rule, Threshold rule, ES|QL\r\nrule and New Terms rule.
Thanks to @vitaliidm for setting up the\r\ngroundwork to easily update
which rules GA.\r\n\r\nRules that remain in technical preview are:
EQL.","sha":"65ed9899de2733ec7017ef7277bd24723131684a","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detection
Engine","v8.16.0","backport:version"],"title":"[Detection Engine] Remove
technical preview for certain rule types of alert
suppression","number":195425,"url":"https://github.com/elastic/kibana/pull/195425","mergeCommit":{"message":"[Detection
Engine] Remove technical preview for certain rule types of alert
suppression (#195425)\n\n## Summary\r\n\r\nGA-ing alert suppression for
IM rule, ML rule, Threshold rule, ES|QL\r\nrule and New Terms rule.
Thanks to @vitaliidm for setting up the\r\ngroundwork to easily update
which rules GA.\r\n\r\nRules that remain in technical preview are:
EQL.","sha":"65ed9899de2733ec7017ef7277bd24723131684a"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/195425","number":195425,"mergeCommit":{"message":"[Detection
Engine] Remove technical preview for certain rule types of alert
suppression (#195425)\n\n## Summary\r\n\r\nGA-ing alert suppression for
IM rule, ML rule, Threshold rule, ES|QL\r\nrule and New Terms rule.
Thanks to @vitaliidm for setting up the\r\ngroundwork to easily update
which rules GA.\r\n\r\nRules that remain in technical preview are:
EQL.","sha":"65ed9899de2733ec7017ef7277bd24723131684a"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Yara Tercero <yctercero@users.noreply.github.com>
This commit is contained in:
Kibana Machine 2024-10-10 13:02:51 +11:00 committed by GitHub
parent 090c150963
commit 20c0c9c0b5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
13 changed files with 18 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

10
x-pack/plugins/security_solution/common/detection_engine/constants.ts
View file

@ -51,4 +51,12 @@ export const SUPPRESSIBLE_ALERT_RULES: Type[] = [
'machine_learning',
];
export const SUPPRESSIBLE_ALERT_RULES_GA: Type[] = ['saved_query', 'query'];
export const SUPPRESSIBLE_ALERT_RULES_GA: Type[] = [
'threshold',
'esql',
'saved_query',
'query',
'new_terms',
'threat_match',
'machine_learning',
];

10
x-pack/plugins/security_solution/common/detection_engine/utils.test.ts
View file

@ -250,14 +250,14 @@ describe('Alert Suppression Rules', () => {
test('should return true for rule type suppression in global availability', () => {
expect(isSuppressionRuleInGA('saved_query')).toBe(true);
expect(isSuppressionRuleInGA('query')).toBe(true);
expect(isSuppressionRuleInGA('esql')).toBe(true);
expect(isSuppressionRuleInGA('threshold')).toBe(true);
expect(isSuppressionRuleInGA('threat_match')).toBe(true);
expect(isSuppressionRuleInGA('new_terms')).toBe(true);
expect(isSuppressionRuleInGA('machine_learning')).toBe(true);
});
test('should return false for rule type suppression in tech preview', () => {
expect(isSuppressionRuleInGA('machine_learning')).toBe(false);
expect(isSuppressionRuleInGA('esql')).toBe(false);
expect(isSuppressionRuleInGA('threshold')).toBe(false);
expect(isSuppressionRuleInGA('threat_match')).toBe(false);
expect(isSuppressionRuleInGA('new_terms')).toBe(false);
expect(isSuppressionRuleInGA('eql')).toBe(false);
});
});

8
x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/translations.tsx
View file

@ -205,15 +205,15 @@ export const THRESHOLD_SUPPRESSION_PER_RULE_EXECUTION_WARNING = i18n.translate(
export const getEnableThresholdSuppressionLabel = (fields: string[] | undefined) =>
fields?.length ? (
<FormattedMessage
id="xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionForFieldsLabel"
defaultMessage="Suppress alerts by selected fields: {fieldsString} (Technical Preview)"
id="xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ga.enableThresholdSuppressionForFieldsLabel"
defaultMessage="Suppress alerts by selected fields: {fieldsString}"
values={{ fieldsString: <strong>{fields.join(', ')}</strong> }}
/>
) : (
i18n.translate(
'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionLabel',
'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ga.enableThresholdSuppressionLabel',
{
defaultMessage: 'Suppress alerts (Technical Preview)',
defaultMessage: 'Suppress alerts',
}
)
);

2
x-pack/plugins/translations/translations/fr-FR.json
View file

@ -36145,8 +36145,6 @@
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredEmptyError": "Toutes les correspondances requièrent un champ et un champ d'index des menaces.",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredError": "Au moins une correspondance d'indicateur est requise.",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.dataViewSelectorFieldRequired": "Veuillez sélectionner une vue des données ou un modèle d'index disponible.",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionForFieldsLabel": "Supprimer les alertes par champs sélectionnés : {fieldsString} (version d'évaluation technique)",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionLabel": "Supprimer les alertes (version d'évaluation technique)",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.EqlQueryBarLabel": "Requête EQL",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlQueryFieldRequiredError": "Une requête EQL est requise.",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlSequenceSuppressionDisableText": "La suppression n'est pas prise en charge pour les requêtes de séquence EQL.",

2
x-pack/plugins/translations/translations/ja-JP.json
View file

@ -35889,8 +35889,6 @@
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredEmptyError": "すべての一致には、フィールドと脅威インデックスフィールドの両方が必要です。",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredError": "1 つ以上のインジケーター一致が必要です。",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.dataViewSelectorFieldRequired": "使用可能なデータビューまたはインデックスパターンを選択してください。",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionForFieldsLabel": "選択したフィールドでアラートを非表示:{fieldsString}(テクニカルプレビュー)",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionLabel": "アラートを抑制(テクニカルプレビュー)",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.EqlQueryBarLabel": "EQL クエリ",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlQueryFieldRequiredError": "EQLクエリは必須です。",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlSequenceSuppressionDisableText": "EQLシーケンスクエリでは抑制はサポートされていません。",

2
x-pack/plugins/translations/translations/zh-CN.json
View file

@ -35933,8 +35933,6 @@
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredEmptyError": "所有匹配项都需要字段和威胁索引字段。",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredError": "至少需要一个指标匹配。",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.dataViewSelectorFieldRequired": "请选择可用的数据视图或索引模式。",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionForFieldsLabel": "选定字段阻止告警:{fieldsString}(技术预览)",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionLabel": "阻止告警(技术预览)",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.EqlQueryBarLabel": "EQL 查询",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlQueryFieldRequiredError": "EQL 查询必填。",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlSequenceSuppressionDisableText": "EQL 序列查询不支持阻止。",

4
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule_suppression.cy.ts
View file

@ -12,7 +12,6 @@ import {
SUPPRESS_FOR_DETAILS,
SUPPRESS_BY_DETAILS,
SUPPRESS_MISSING_FIELD,
DETAILS_TITLE,
} from '../../../../screens/rule_details';
import {
@ -67,9 +66,6 @@ describe(
'have.text',
'Suppress and group alerts for events with missing fields'
);
// suppression functionality should be under Tech Preview
cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
});
fillAboutRuleMinimumAndContinue(rule);

4
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule_suppression_ess_basic.cy.ts
View file

@ -9,7 +9,6 @@ import { getNewThreatIndicatorRule } from '../../../../objects/rule';
import {
SUPPRESS_FOR_DETAILS,
DETAILS_TITLE,
SUPPRESS_BY_DETAILS,
SUPPRESS_MISSING_FIELD,
DEFINITION_DETAILS,
@ -62,9 +61,6 @@ describe(
'have.text',
'Do not suppress alerts for events with missing fields'
);
// suppression functionality should be under Tech Preview
cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
});
// Platinum license is required for configuration to apply

7
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/machine_learning_rule_suppression.cy.ts
View file

@ -13,7 +13,6 @@ import {
} from '../../../../screens/create_new_rule';
import {
DEFINITION_DETAILS,
DETAILS_TITLE,
SUPPRESS_BY_DETAILS,
SUPPRESS_FOR_DETAILS,
SUPPRESS_MISSING_FIELD,
@ -129,9 +128,6 @@ describe(
'have.text',
'Suppress and group alerts for events with missing fields'
);
// suppression functionality should be under Tech Preview
cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
});
fillAboutRuleMinimumAndContinue(mlRule);
@ -163,9 +159,6 @@ describe(
'have.text',
'Do not suppress alerts for events with missing fields'
);
// suppression functionality should be under Tech Preview
cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
});
fillAboutRuleMinimumAndContinue(mlRule);

4
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/esql_rule.cy.ts
View file

@ -14,7 +14,6 @@ import {
DEFINITION_DETAILS,
SUPPRESS_MISSING_FIELD,
SUPPRESS_BY_DETAILS,
DETAILS_TITLE,
} from '../../../../screens/rule_details';
import {
@ -191,9 +190,6 @@ describe(
'have.text',
'Suppress and group alerts for events with missing fields'
);
// suppression functionality should be under Tech Preview
cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
});
});
});

4
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/indicator_match_rule.cy.ts
View file

@ -9,7 +9,6 @@ import { getNewThreatIndicatorRule } from '../../../../objects/rule';
import {
SUPPRESS_FOR_DETAILS,
DETAILS_TITLE,
SUPPRESS_BY_DETAILS,
SUPPRESS_MISSING_FIELD,
DEFINITION_DETAILS,
@ -81,9 +80,6 @@ describe(
'have.text',
'Suppress and group alerts for events with missing fields'
);
// suppression functionality should be under Tech Preview
cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
});
});
});

4
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/machine_learning_rule.cy.ts
View file

@ -13,7 +13,6 @@ import {
} from '../../../../screens/create_new_rule';
import {
DEFINITION_DETAILS,
DETAILS_TITLE,
SUPPRESS_BY_DETAILS,
SUPPRESS_FOR_DETAILS,
SUPPRESS_MISSING_FIELD,
@ -88,9 +87,6 @@ describe(
'have.text',
'Suppress and group alerts for events with missing fields'
);
// suppression functionality should be under Tech Preview
cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
});
});
});

3
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/threshold_rule.cy.ts
View file

@ -9,7 +9,6 @@ import { getNewThresholdRule } from '../../../../objects/rule';
import {
SUPPRESS_FOR_DETAILS,
DETAILS_TITLE,
SUPPRESS_BY_DETAILS,
SUPPRESS_MISSING_FIELD,
} from '../../../../screens/rule_details';
@ -63,8 +62,6 @@ describe(
// ensure typed interval is displayed on details page
getDetails(SUPPRESS_FOR_DETAILS).should('have.text', '60m');
// suppression functionality should be under Tech Preview
cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
// the rest of suppress properties do not exist for threshold rule
assertDetailsNotExist(SUPPRESS_BY_DETAILS);