mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 01:38:56 -04:00
[8.12] [Security Solution][Detection Engine] removes threshold alert suppression feature flag (#173762) (#173851)
# Backport This will backport the following commits from `main` to `8.12`: - [[Security Solution][Detection Engine] removes threshold alert suppression feature flag (#173762)](https://github.com/elastic/kibana/pull/173762) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Vitalii Dmyterko","email":"92328789+vitaliidm@users.noreply.github.com"},"sourceCommit":{"committedDate":"2023-12-21T15:41:52Z","message":"[Security Solution][Detection Engine] removes threshold alert suppression feature flag (#173762)\n\n## Summary\r\n\r\n- removes threshold alert suppression experimental feature flag\r\nintroduced in https://github.com/elastic/kibana/pull/171423\r\n- docs [issue](https://github.com/elastic/security-docs/issues/4315) for\r\nreference","sha":"f1deae8bd62ecaf97d41a3078bc5c85f4df17b70","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Detections and Resp","Team: SecuritySolution","backport:prev-minor","Team:Detection Engine","v8.12.0","v8.13.0"],"number":173762,"url":"https://github.com/elastic/kibana/pull/173762","mergeCommit":{"message":"[Security Solution][Detection Engine] removes threshold alert suppression feature flag (#173762)\n\n## Summary\r\n\r\n- removes threshold alert suppression experimental feature flag\r\nintroduced in https://github.com/elastic/kibana/pull/171423\r\n- docs [issue](https://github.com/elastic/security-docs/issues/4315) for\r\nreference","sha":"f1deae8bd62ecaf97d41a3078bc5c85f4df17b70"}},"sourceBranch":"main","suggestedTargetBranches":["8.12"],"targetPullRequestStates":[{"branch":"8.12","label":"v8.12.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.13.0","labelRegex":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/173762","number":173762,"mergeCommit":{"message":"[Security Solution][Detection Engine] removes threshold alert suppression feature flag (#173762)\n\n## Summary\r\n\r\n- removes threshold alert suppression experimental feature flag\r\nintroduced in https://github.com/elastic/kibana/pull/171423\r\n- docs [issue](https://github.com/elastic/security-docs/issues/4315) for\r\nreference","sha":"f1deae8bd62ecaf97d41a3078bc5c85f4df17b70"}}]}] BACKPORT--> Co-authored-by: Vitalii Dmyterko <92328789+vitaliidm@users.noreply.github.com>
This commit is contained in:
Kibana Machine
GitHub
parent
9210a6ff8f
commit
9251d59451
11 changed files with 12 additions and 65 deletions
|
|
@ -125,11 +125,6 @@ export const allowedExperimentalValues = Object.freeze({
|
|||
*/
|
||||
protectionUpdatesEnabled: true,
|
||||
|
||||
/**
|
||||
* Enables alerts suppression for threshold rules
|
||||
*/
|
||||
alertSuppressionForThresholdRuleEnabled: false,
|
||||
|
||||
/**
|
||||
* Disables the timeline save tour.
|
||||
* This flag is used to disable the tour in cypress tests.
|
||||
|
|
|
|||
|
|
@ -54,7 +54,6 @@ import { TechnicalPreviewBadge } from '../../../../detections/components/rules/t
|
|||
import { BadgeList } from './badge_list';
|
||||
import { DEFAULT_DESCRIPTION_LIST_COLUMN_WIDTHS } from './constants';
|
||||
import * as i18n from './translations';
|
||||
import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
|
||||
import type { ExperimentalFeatures } from '../../../../../common/experimental_features';
|
||||
|
||||
interface SavedQueryNameProps {
|
||||
|
|
@ -427,7 +426,7 @@ const prepareDefinitionSectionListItems = (
|
|||
rule: Partial<RuleResponse>,
|
||||
isInteractive: boolean,
|
||||
savedQuery: SavedQuery | undefined,
|
||||
{ alertSuppressionForThresholdRuleEnabled }: Partial<ExperimentalFeatures>
|
||||
experimentalFeatures?: Partial<ExperimentalFeatures>
|
||||
): EuiDescriptionListProps['listItems'] => {
|
||||
const definitionSectionListItems: EuiDescriptionListProps['listItems'] = [];
|
||||
|
||||
|
|
@ -669,16 +668,14 @@ const prepareDefinitionSectionListItems = (
|
|||
});
|
||||
}
|
||||
|
||||
if (rule.type !== 'threshold' || alertSuppressionForThresholdRuleEnabled) {
|
||||
definitionSectionListItems.push({
|
||||
title: (
|
||||
<span data-test-subj="alertSuppressionDurationPropertyTitle">
|
||||
<AlertSuppressionTitle title={i18n.SUPPRESS_ALERTS_DURATION_FIELD_LABEL} />
|
||||
</span>
|
||||
),
|
||||
description: <SuppressAlertsDuration duration={rule.alert_suppression.duration} />,
|
||||
});
|
||||
}
|
||||
definitionSectionListItems.push({
|
||||
title: (
|
||||
<span data-test-subj="alertSuppressionDurationPropertyTitle">
|
||||
<AlertSuppressionTitle title={i18n.SUPPRESS_ALERTS_DURATION_FIELD_LABEL} />
|
||||
</span>
|
||||
),
|
||||
description: <SuppressAlertsDuration duration={rule.alert_suppression.duration} />,
|
||||
});
|
||||
|
||||
if ('missing_fields_strategy' in rule.alert_suppression) {
|
||||
definitionSectionListItems.push({
|
||||
|
|
@ -741,15 +738,10 @@ export const RuleDefinitionSection = ({
|
|||
ruleType: rule.type,
|
||||
});
|
||||
|
||||
const alertSuppressionForThresholdRuleEnabled = useIsExperimentalFeatureEnabled(
|
||||
'alertSuppressionForThresholdRuleEnabled'
|
||||
);
|
||||
|
||||
const definitionSectionListItems = prepareDefinitionSectionListItems(
|
||||
rule,
|
||||
isInteractive,
|
||||
savedQuery,
|
||||
{ alertSuppressionForThresholdRuleEnabled }
|
||||
savedQuery
|
||||
);
|
||||
|
||||
return (
|
||||
|
|
|
|||
|
|
@ -83,7 +83,6 @@ import { useLicense } from '../../../../common/hooks/use_license';
|
|||
import { AlertSuppressionMissingFieldsStrategyEnum } from '../../../../../common/api/detection_engine/model/rule_schema';
|
||||
import { DurationInput } from '../duration_input';
|
||||
import { MINIMUM_LICENSE_FOR_SUPPRESSION } from '../../../../../common/detection_engine/constants';
|
||||
import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
|
||||
import { useUpsellingMessage } from '../../../../common/hooks/use_upselling';
|
||||
|
||||
const CommonUseField = getUseField({ component: Field });
|
||||
|
|
@ -182,9 +181,6 @@ const StepDefineRuleComponent: FC<StepDefineRuleProps> = ({
|
|||
|
||||
const esqlQueryRef = useRef<DefineStepRule['queryBar'] | undefined>(undefined);
|
||||
|
||||
const isAlertSuppressionForThresholdRuleFeatureEnabled = useIsExperimentalFeatureEnabled(
|
||||
'alertSuppressionForThresholdRuleEnabled'
|
||||
);
|
||||
const isAlertSuppressionLicenseValid = license.isAtLeast(MINIMUM_LICENSE_FOR_SUPPRESSION);
|
||||
|
||||
const isThresholdRule = getIsThresholdRule(ruleType);
|
||||
|
|
@ -808,8 +804,7 @@ const StepDefineRuleComponent: FC<StepDefineRuleProps> = ({
|
|||
[isUpdateView, mlCapabilities]
|
||||
);
|
||||
|
||||
const isAlertSuppressionEnabled =
|
||||
isQueryRule(ruleType) || (isThresholdRule && isAlertSuppressionForThresholdRuleFeatureEnabled);
|
||||
const isAlertSuppressionEnabled = isQueryRule(ruleType) || isThresholdRule;
|
||||
|
||||
return (
|
||||
<>
|
||||
|
|
|
|||
|
|
@ -156,11 +156,7 @@ export const thresholdExecutor = async ({
|
|||
let createResult: GenericBulkCreateResponse<BaseFieldsLatest>;
|
||||
let newSignalHistory: ThresholdSignalHistory;
|
||||
|
||||
if (
|
||||
alertSuppression?.duration &&
|
||||
runOpts?.experimentalFeatures?.alertSuppressionForThresholdRuleEnabled &&
|
||||
hasPlatinumLicense
|
||||
) {
|
||||
if (alertSuppression?.duration && hasPlatinumLicense) {
|
||||
const suppressedResults = await bulkCreateSuppressedThresholdAlerts({
|
||||
buckets,
|
||||
completeRule,
|
||||
|
|
|
|||
|
|
@ -81,7 +81,6 @@ export function createTestConfig(options: CreateTestConfigOptions, testFiles?: s
|
|||
'previewTelemetryUrlEnabled',
|
||||
'riskScoringPersistence',
|
||||
'riskScoringRoutesEnabled',
|
||||
'alertSuppressionForThresholdRuleEnabled',
|
||||
])}`,
|
||||
'--xpack.task_manager.poll_interval=1000',
|
||||
`--xpack.actions.preconfigured=${JSON.stringify({
|
||||
|
|
|
|||
|
|
@ -16,8 +16,5 @@ export default createTestConfig({
|
|||
'testing_ignored.constant',
|
||||
'/testing_regex*/',
|
||||
])}`, // See tests within the file "ignore_fields.ts" which use these values in "alertIgnoreFields"
|
||||
`--xpack.securitySolution.enableExperimental=${JSON.stringify([
|
||||
'alertSuppressionForThresholdRuleEnabled',
|
||||
])}`,
|
||||
],
|
||||
});
|
||||
|
|
|
|||
|
|
@ -46,7 +46,6 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
|
|||
'--xpack.ruleRegistry.unsafe.legacyMultiTenancy.enabled=true',
|
||||
`--xpack.securitySolution.enableExperimental=${JSON.stringify([
|
||||
'chartEmbeddablesEnabled',
|
||||
'alertSuppressionForThresholdRuleEnabled',
|
||||
])}`,
|
||||
// mock cloud to enable the guided onboarding tour in e2e tests
|
||||
'--xpack.cloud.id=test',
|
||||
|
|
|
|||
|
|
@ -72,15 +72,6 @@ describe(
|
|||
'Threshold rules',
|
||||
{
|
||||
tags: ['@ess', '@serverless'],
|
||||
env: {
|
||||
ftrConfig: {
|
||||
kbnServerArgs: [
|
||||
`--xpack.securitySolution.enableExperimental=${JSON.stringify([
|
||||
'alertSuppressionForThresholdRuleEnabled',
|
||||
])}`,
|
||||
],
|
||||
},
|
||||
},
|
||||
},
|
||||
() => {
|
||||
const rule = getNewThresholdRule();
|
||||
|
|
|
|||
|
|
@ -23,11 +23,6 @@ describe(
|
|||
{ product_line: 'security', product_tier: 'essentials' },
|
||||
{ product_line: 'endpoint', product_tier: 'essentials' },
|
||||
],
|
||||
kbnServerArgs: [
|
||||
`--xpack.securitySolution.enableExperimental=${JSON.stringify([
|
||||
'alertSuppressionForThresholdRuleEnabled',
|
||||
])}`,
|
||||
],
|
||||
},
|
||||
},
|
||||
},
|
||||
|
|
|
|||
|
|
@ -41,15 +41,6 @@ describe(
|
|||
'Detection threshold rules, edit',
|
||||
{
|
||||
tags: ['@ess', '@serverless'],
|
||||
env: {
|
||||
ftrConfig: {
|
||||
kbnServerArgs: [
|
||||
`--xpack.securitySolution.enableExperimental=${JSON.stringify([
|
||||
'alertSuppressionForThresholdRuleEnabled',
|
||||
])}`,
|
||||
],
|
||||
},
|
||||
},
|
||||
},
|
||||
() => {
|
||||
describe('without suppression', () => {
|
||||
|
|
|
|||
|
|
@ -34,9 +34,6 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
|
|||
{ product_line: 'endpoint', product_tier: 'complete' },
|
||||
{ product_line: 'cloud', product_tier: 'complete' },
|
||||
])}`,
|
||||
`--xpack.securitySolution.enableExperimental=${JSON.stringify([
|
||||
'alertSuppressionForThresholdRuleEnabled',
|
||||
])}`,
|
||||
],
|
||||
},
|
||||
testRunner: SecuritySolutionConfigurableCypressTestRunner,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue