## Summary
Adds UI for new Rule Fields `Related Integrations`, `Required Fields`, and `Setup` to both the Rules Table and Rule Details pages. On the Rules Table a new column is added that shows the number of related integrations, and upon clicking will show you details about those integrations and links off to the integration page in fleet. On the Rule Details page `Setup` is added as a tab pill within the About section (if provided), and `Related Integrations` and `Required Fields` are displayed in the Definition section.
Once package/integration install data is added in https://github.com/elastic/kibana/pull/132667, the UI will show the installed status of an integration, and whether or not the installed version satisfies the related integration dependency.
NOTE: Until then, please follow the test instructions below for how to add a custom rule and return mock data to test the `installed/uninstalled` UI.
##### Related Issues
* https://github.com/elastic/security-team/issues/2083 (internal)
* https://github.com/elastic/security-team/issues/558 (internal)
* https://github.com/elastic/security-team/issues/2856 (internal)
* https://github.com/elastic/security-team/issues/1801 (internal)
* https://github.com/elastic/security-team/issues/3624 (internal)
##### Related Links
* https://github.com/elastic/security-docs/issues/2015
* [Figma mocks](https://www.figma.com/file/zZs8TOrYsp13T6Z2HoMMFN/%5B8.2%5D-Associate-prebuilt-rules-with-Related-Integrations?node-id=0%3A1)
##### Steps to test
In this initial implementation these new fields are only visible with Prebuilt Rules, and so there is limited API support and currently no UI for editing them. If a Prebuilt Rule is duplicated, these fields are emptied (set to `''` or `[]`). When a Rule is exported these fields are included (as empty values), and it is possible to edit the `ndjson` and re-import and then see these fields for the Custom Rule (but still not editable in the UI). This is expected behavior, and is actually a nice and easy way to test.
Here is a sample export you can paste into an `test.ndjson` file and import to test this feature. You can modify the `package`/`version` fields to test corner cases like if a package is installed but it's the wrong version.
```
{"id":"6cc39c80-da3a-11ec-9fce-65c1a0bee904","updated_at":"2022-05-23T01:48:23.422Z","updated_by":"elastic","created_at":"2022-05-23T01:48:20.940Z","created_by":"elastic","name":"Testing #131475, don't mind me...","tags":["Elastic","Endpoint Security"],"interval":"5m","enabled":false,"description":"Generates a detection alert each time an Elastic Endpoint Security alert is received. Enabling this rule allows you to immediately begin investigating your Endpoint alerts.","risk_score":47,"severity":"medium","license":"Elastic License v2","output_index":".siem-signals-default","meta":{"from":"5m"},"rule_name_override":"message","timestamp_override":"event.ingested","author":["Elastic"],"false_positives":[],"from":"now-600s","rule_id":"2c66bf23-6ae9-4eb2-859e-446bea181ae9","max_signals":10000,"risk_score_mapping":[{"field":"event.risk_score","operator":"equals","value":""}],"severity_mapping":[{"field":"event.severity","operator":"equals","severity":"low","value":"21"},{"field":"event.severity","operator":"equals","severity":"medium","value":"47"},{"field":"event.severity","operator":"equals","severity":"high","value":"73"},{"field":"event.severity","operator":"equals","severity":"critical","value":"99"}],"threat":[],"to":"now","references":[],"version":7,"exceptions_list":[{"id":"endpoint_list","list_id":"endpoint_list","namespace_type":"agnostic","type":"endpoint"}],"immutable":false,"related_integrations":[{"package":"system","version":"1.6.4"},{"package":"aws","integration":"cloudtrail","version":"1.11.0"}],"required_fields":[{"ecs":true,"name":"event.code","type":"keyword"},{"ecs":true,"name":"message","type":"match_only_text"},{"ecs":false,"name":"winlog.event_data.AttributeLDAPDisplayName","type":"keyword"},{"ecs":false,"name":"winlog.event_data.AttributeValue","type":"keyword"},{"ecs":false,"name":"winlog.event_data.ShareName","type":"keyword"},{"ecs":false,"name":"winlog.event_data.RelativeTargetName","type":"keyword"},{"ecs":false,"name":"winlog.event_data.AccessList","type":"keyword"}],"setup":"## Config\\n\\nThe 'Audit Detailed File Share' audit policy must be configured (Success Failure).\\nSteps to implement the logging policy with with Advanced Audit Configuration:\\n\\n```\\nComputer Configuration > \\nPolicies > \\nWindows Settings > \\nSecurity Settings > \\nAdvanced Audit Policies Configuration > \\nAudit Policies > \\nObject Access > \\nAudit Detailed File Share (Success,Failure)\\n```\\n\\nThe 'Audit Directory Service Changes' audit policy must be configured (Success Failure).\\nSteps to implement the logging policy with with Advanced Audit Configuration:\\n\\n```\\nComputer Configuration > \\nPolicies > \\nWindows Settings > \\nSecurity Settings > \\nAdvanced Audit Policies Configuration > \\nAudit Policies > \\nDS Access > \\nAudit Directory Service Changes (Success,Failure)\\n```\\n","type":"query","language":"kuery","index":["logs-endpoint.alerts-*"],"query":"event.kind:alert and event.module:(endpoint and not endgame)\\n","filters":[],"throttle":"no_actions","actions":[]}
{"exported_count":1,"exported_rules_count":1,"missing_rules":[],"missing_rules_count":0,"exported_exception_list_count":0,"exported_exception_list_item_count":0,"missing_exception_list_item_count":0,"missing_exception_list_items":[],"missing_exception_lists":[],"missing_exception_lists_count":0}
```
##### Existing plumbing for showing integration install state
This PR includes a `useInstalledIntegrations` hook wired up to the `DETECTION_ENGINE_INSTALLED_INTEGRATIONS_URL` route to be added in https://github.com/elastic/kibana/pull/132667. I plumbed the initial logic as if that API returned an array of integrations in the same format stored by the rule (i.e. the `RelatedIntegrationArray` type), so this will need to be adapted when integrating this feature. There's also a `packages[]` that can be provided to `useInstalledIntegrations` to constrain the search against all installed integrations, but this may not be used in the initial API.
To test the Installed Integrations UI, just uncomment the mock data return in `use_installed_integrations.tsx`.
##### Additional Notes/Todo:
* Probably want to revisit the copy on the Rules Table integrations popover -- it reads a little off if we don't have have integration install data. Will work with docs folks on this.
* No additional overflow logic was added for `Related Integrations`/`Required Fields`. We don't really have an overflow pattern for these description list items, so instead of just adding support for these two fields (as like another description list item that's a popover), would like to solve this for generically for all items.
* TODO: Increase test coverage
*
##### Rule Details
<p align="center">
<img width="650" src="https://user-images.githubusercontent.com/2946766/169636465-fa9ac477-2175-40ea-8064-bc194e7c3cbc.png" />
</p>
<p align="center">
<img width="650" src="https://user-images.githubusercontent.com/2946766/169745657-a35cf8b8-fe9b-4580-b637-1c98e4e6f90a.png" />
</p>
<p align="center">
<img width="650" src="https://user-images.githubusercontent.com/2946766/169745451-a02612b3-dd5b-46dc-a168-8823f9b1753d.png" />
</p>
##### Rule Details without `Installed Integrations` API changes
<p align="center">
<img width="650" src="https://user-images.githubusercontent.com/2946766/169745986-6bef1d55-c305-4931-9845-96a0da76d030.png" />
</p>
##### Rules Table
<p align="center">
<img width="650" src="https://user-images.githubusercontent.com/2946766/169636693-0d10bf67-9981-4815-a069-1439a7c5e1ce.png" />
</p>
<p align="center">
<img width="650" src="https://user-images.githubusercontent.com/2946766/169636541-ac279369-c753-4184-b25b-c4352586f347.png" />
</p>
##### Rules Table without `Installed Integrations` API changes
<p align="center">
<img width="650" src="https://user-images.githubusercontent.com/2946766/169636630-983277aa-6211-487c-a50f-8cf000446436.png" />
</p>
<p align="center">
<img width="650" src="https://user-images.githubusercontent.com/2946766/169636649-fb03f44f-e28e-4a3f-8944-d3e300ed94c8.png" />
</p>
##### Version mismatch
In cases where the related package/integration is installed, but the version is not satisfied, a warning icon/tooltip will display next to the integration link letting the user know the installed vs targeted version. I just wanted to make sure this case was handled so copy/UI isn't final -- any feedback welcome here! 🙂
<p align="center">
<img width="650" src="https://user-images.githubusercontent.com/2946766/169730187-6269ce6c-6833-4455-83b8-e98c8dcfa387.png" />
</p>
<p align="center">
<img width="650" src="https://user-images.githubusercontent.com/2946766/169745221-c0ac5e90-a89b-420a-8ade-deedfc1d1194.png" />
</p>
### Checklist
Delete any items that are not applicable to this PR.
- [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials
- Collaborating with docs folks on this dedicated docs issue: https://github.com/elastic/security-docs/issues/2015
- [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
- Some added, but need to follow-up with additional tests around versioning logic once we finalize installed integrations API
- [X] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
(https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [X] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
* Add murmur3 type to fields list
To fix#129007 , naive approach.
* Add murmur3 type to fields list
* Add murmur3 type to fields list
* removed translations
* disable field preview
* [CI] Auto-commit changed files from 'node scripts/eslint --no-cache --fix'
* change icon
* add specific murmur3 message
* fix test
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Joe Reuter <johannes.reuter@elastic.co>
* [ML] Initial embed
* [ML] Initial embed props
* [ML] Add top nav link to data viz
* Add visible fields
* Add add data service to register links
* Renames, refactor, use constants
* Renames, refactor, use constants
* Update tests and mocks
* Embeddable
* Update hook to update upon time udpate
* Add filter support to query
* Refactor filter utilities
* Add filter support for embeddable
* Fix saved search data undefined
* Prototype aggregated view/document view switcher
* Prototype flyout
* Prototype save document view option in storage
* Fix filter and query conflict with saved search
* Minor styling edits
* [ML] Initial embed
* [ML] Initial embed props
* Add embeddable 1
* Add visible fields
* Embeddable 2
* Add filter support to query
* Refactor filter utilities
* Add filter support for embeddable
* Fix saved search data undefined
* Prototype aggregated view/document view switcher
* Prototype flyout
* Prototype save document view option in storage
* Fix filter and query conflict with saved search
* Minor styling edits
* Fix missing code after conflicts
* Remove dv locator and flyout
* Make types happy
* Fix types
* Rename toggle option
* Resolve conflicts
* [ML] Reduce size of chart
* [ML] Unbold name, switch icons of show distributions
* [ML] Make size consistent
* [ML] Make page size 25
* [ML] Switch to arrow right and down
* [ML] Make legend font smaller
* [ML] Add user setting
* [ML] Add show preview by default setting
* [ML] Match icon
* Add panels around the subcontent
* Add preference for aggregated vs doc
* Fix types
* Fix types, add constants for adv settings
* Change to data view type
* Temp fix for Kibana/EUI table overflow issue
* Modify line height so text is not cut off, modify widths for varying screen sizes
* Different width padders for different screens
* Fix CI
* Merge latest, move button to the right
* Fix width for bar charts previews
* Fix toggle buttons, fix maps
* Delete unused file
* Fix boolean styling
* Change to enum, discover mode
* Hide field stats
* Hide field stats
* Persist show mini preview/distribution settings
* Remove window size, use size observer instead
* Default to document view
* Remove bold, switch icon
* Set fixed width for top values, reduce font size in table
* Fix custom url tests
* Update width styling for panels
* Fix missing flag for Discover sidebar, jest tests
* Fix max width
* Workaround for sorting
* Fix import
* Fix styling
* Make height uniform, center alignment, fix map and keyword map not same size
Move styling
* Revert "Make height uniform, center alignment, fix map and keyword map not same size"
This reverts commit 8fc42e2f
* Revert "Make height uniform, center alignment, fix map and keyword map not same size"
This reverts commit 8fc42e2f
* Uniform height, left aligned, flex grid
* Switch top values to have labels
* Center content
* Replace fixed widths with percentage
* Fix table missing field types
* Add dashboard embeddable and filter support
* Fix file data viz styling and tests, lean up imports, remove hard coded pixels
* Add search panel/kql filter bar
* Temporarily fix scrolling
* New kql filters for data visualizer
* Set map height so it will fit the sampler shard size text
* Use eui progress labels
* Fix spacer
* Add beta badge
* Temporarily fix scrolling
* Fix grow for Top Values for
* [ML] Update functional tests to reflect new arrow icons
* [ML] Add filter buttons and KQL bars
* [ML] Update filter bar onChange behavior
* [ML] Update top values filter onChange behavior
* [ML] Update search filters when opening saved search
* [ML] Clean up
* [ML] Remove fit content for height
* [ML] Fix boolean legend
* [ML] Fix header section when browser width is small to large and when index pattern title is too large
* [ML] Hide expander icon when dimension is xs or s & css fixes
* [ML] Delete embeddables because they are not use
* [ML] Rename view mode, refactor to separate hook, add error prompt if can't show, rename wrapper, clean up & fix tests
* [ML] Make doc count 0 for empty fields, update t/f test
* [ML] Add unit testing for search utils
* Fix missing unsubscribe for embeddable output
* Remove redundant onAddFilter for this PR, fix width
* Rename Field Stats to Field stats to match convention
* [ML] Fix expand all/collapse all behavior to override individual setting
* [ML] Fix functional tests should be 0/0%
* [ML] Fix docs content spacing, rename classnames, add filters to Discover, lens, and maps
* [ML] Fix doc count for fields that exists but have no stats
* [ML] Fix icon styling to match Discover but have text/keyword/histogram
* [ML] Fix doc count for fields that exists but have no stats
* [ML] Rename classnames to BEM style
* Resolve latest changes
* Add in place ss
* Refactor helper functions
* Refactor helper functions
* Add error log
* Migrate overall stats to data's search
* Better handle errors
* Fix url so restore session brings back correct view
* Add progress bar
* [ML] Add tests for data viz in Discover
* [ML] Change to combinelatest
* Update tests & dashboard behavior to reflect new advanced settings
* Update telemetry
* Remove workaround after eui bump fix
* Remove dataloader
* Snapshot
* Migrate search to client side
* Consolidate types
* Change back to forkjoin instead of combinelatest for overallstats
* Fix missing bool clause
* Add login
* Fix saved search attributes broken with latest changes
* Update tests
* Fix import
* Match the no results found
* Reset field stats so it reloads when query is refreshed
* Reset field stats so it reloads when query is refreshed
* Add doc stats
* Merge to use hook completely
* Merge to use hook completely
* Fix doc chart doesn't show up when page is first mounted
* Fix Discover auto refresh previously didn't update
* Fix query util to return search source's results right away. Fix texts.
* Refactor documentStats
* Fix doc stats not showing upon page mount
* Fix types
* Delete old files
* Update tests & i18n
* Fix examples, tests
* Remove old files & routes
* Add telemetry, clean up, rename components for clarity
* Fix size of callout message
* Fix texts field
* Consolidate field type
* Consolidate field type, add count to top values
* Clean up
* Update tests
* Remove progress on embedadble
* Update snapshot
* Clean up, consolidate searchOptions
* Fix new es client types
* Fix types
* Fix loading state in Discover
* Remove unused services, Change switchMap to map, mergeMap -> switchMap, update types
* Fix missing filters
* Fix message of table to show searching instead of no items found
* Fix dashboard saved search source persisting time range
* [ML] Fix table message state
* [ML] Fix to not fetch field stats if cardinality is 0
* [ML] Fix locator missing view mode
* [ML] Quit right away if field doesn't exist in docs
* [ML] Change to use batch and only retry with individual field if failed
* [ML] Batch requests for speed and retry failures for resiliency
* No need to fetch field stats if overall stats haven't completed
* Wait on overallStats to complete
* Fix types after merge
* Fix payload size too big 413, num of requests
* Update field icon to using kbn/react-field package
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
