github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 09:19:04 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Security Solution] Add AlertSuppression and Investigation Fields to Rule Upgrade workflow (#195499)

Browse source 
Resolves: https://github.com/elastic/kibana/issues/190597

## Summary

Adds `AlertSuppression` and `Investigation Fields` to Rule Upgrade
workflow:
- Fields had already been added to DiffableRule schema and diffing
algorithms in https://github.com/elastic/kibana/pull/190128
- Current PR adds them to the UI field list so they get displayed in the
diff

## Screenshots

#### Investigation Fields


![image](https://github.com/user-attachments/assets/bff90832-cbf7-4804-888f-b62db5d08127)

#### Alert Suppression


![image](https://github.com/user-attachments/assets/a46fc2db-53d1-4aab-92fc-c92ff88a60b0)


## Testing

Little bit tricky: no prebuilt rules have these fields, so no matter
which packages you install you wont' see this upgrade. You'll need to
tinker with the security-rule assets, for example:
```ts
POST .kibana_security_solution/_update_by_query
{
  "script": {
    "source": """
        ctx._source['security-rule']['alert_suppression'] = [
        'group_by': ['agent.hostname'],
        'missing_fields_strategy': 'suppress'
      ];
    """,
    "lang": "painless"
  },
  "query": {
    "bool": {
      "must": [
        {
          "term": {
            "type": {
              "value": "security-rule"
            }
          }
        },
        {
          "term": {
            "security-rule.rule_id": {
              "value": "0564fb9d-90b9-4234-a411-82a546dc1343"
            }
          }
        },
        {
          "term": {
            "security-rule.version": {
              "value": "111"
            }
          }
        }
      ]
    }
  }
}
```

### For maintainers

- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
This commit is contained in:
Juan Pablo Djeredjian 2024-10-11 10:44:50 -03:00 committed by GitHub
parent e4dec3942a
commit ed144bdba4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/constants.ts
View file

@ -16,6 +16,7 @@ export const ABOUT_UPGRADE_FIELD_ORDER: Array<keyof DiffableAllFields> = [
'description',
'author',
'building_block',
'investigation_fields',
'severity',
'severity_mapping',
'risk_score',
@ -52,6 +53,7 @@ export const DEFINITION_UPGRADE_FIELD_ORDER: Array<keyof DiffableAllFields> = [
'new_terms_fields',
'history_window_start',
'max_signals',
'alert_suppression',
];
export const SCHEDULE_UPGRADE_FIELD_ORDER: Array<keyof DiffableAllFields> = ['rule_schedule'];