github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/.buildkite
History
Exact
Dmitrii Shevchenko 199378c60c
[Security Solution] Implement rule customization license checks (#206079) 
**Resolves:** https://github.com/elastic/security-team/issues/10410

## Summary

We want to make Rule Customization available at higher license tiers.  

### **Intended Workflows/UX**  

#### **Basic/Platinum/Security Essentials License Tiers**  
- **Editing Prebuilt Rules:**  
- Allow the 8.16 behavior: only actions, exceptions, snoozing, and
enable/disable options can be modified.
- On the rule editing page, all tabs except *Actions* are disabled.
Disabled tabs will display a hover explanation:
- "Upgrade to Enterprise to enable prebuilt rule customization" for ECH.
- "Upgrade to Security Complete to enable prebuilt rule customization"
for Serverless.
<img width="356" alt="image"
src="https://github.com/user-attachments/assets/72e60933-aaaf-45a0-9660-4cd066d3afec"
/>

- Rule editing via API is not restricted (tracked separately:
https://github.com/elastic/security-team/issues/11504.

- **Bulk Actions:**  
- Modifications to rule content via bulk actions are not allowed.
Prebuilt rules are excluded from bulk actions if the license level is
insufficient. Users will see an explanation for the exclusion.
    - Serverless
<img width="737" alt="image"
src="https://github.com/user-attachments/assets/99fef72f-dd38-4c73-a9e3-7b4c8018b4ed"
/>
    - ECH

- On the API level (`_bulk_action`), an error is returned if a user
tries to modify a prebuilt rule without the required license. Response
in this case looks like this:
    ```json
    {
      "statusCode": 500,
      "error": "Internal Server Error",
      "message": "Bulk edit failed",
      "attributes": {
         "errors": [
           {
             "message": "Elastic rule can't be edited",
             "status_code": 500,
             "rules": []
           }
         ]
      }
    }
    ```

- **Rule Updates:**  
  - Updates are restricted to Elastic’s incoming updates only.  
  - The rule upgrade flyout is in read-only mode.
<img width="949" alt="image"
src="https://github.com/user-attachments/assets/16a56430-63e6-4096-8ffd-b97f828abdd4"
/>
- For previously customized rules where customization is now disabled
due to insufficient licensing, a notification will appear on the upgrade
flyout, clarifying that only an upgrade to Elastic's version is
available.

![image](https://github.com/user-attachments/assets/34ef5168-4fe3-42d0-9444-14180ed86500)
- On the API level (`_perform`), only requests with `pick_version =
target` are permitted. Requests with `rule.fields` values are not
allowed.
    API response when `pick_version` is not `target`:
    ```json
    {
"message": "Only the 'TARGET' version can be selected for a rule update;
received: 'CURRENT'",
      "status_code": 400
    }
    ```
    API response when the `fields` value is provided:
    ```json
    {
"message": "Rule field customization is not allowed. Received fields:
name, description",
      "status_code": 400
    }
    ```

- **Customized Rules:**  
- Existing customizations remain intact, and the “Modified” badge is
retained
    - On the rule management, monitoring, and update tables:

![image](https://github.com/user-attachments/assets/c7990c8f-5ed3-40ab-b0c6-ddc329e69b09)
    - On the rule update flyout:

![image](https://github.com/user-attachments/assets/f74cb0bc-e7e5-49d5-8fec-b447517b5b52)
    - On the rule details page:

![image](https://github.com/user-attachments/assets/b28990f1-9e84-481e-b966-0232495f4882)

- When we edit a rule with customizations (e.g., change rule's actions),
the rule should stay marked as customized


- **Import/Export Scenarios:**  
- These are handled separately
(https://github.com/elastic/security-team/issues/11502)

#### **Enterprise/Security Complete License Tiers**  
- All rules can be fully edited
- Upgraded prebuilt or customized rules will have an editable view,
enabling full customization
2025-01-29 18:20:47 +01:00
..
hooks [Ops] Refactor env loading & fix agent-targeting rewrite (#178320) 2024-03-12 16:31:26 +01:00
pipeline-resource-definitions [CI] Validate pipeline resource definitions and location collection (#208398) 2025-01-29 12:45:28 +01:00
pipeline-utils [ci] Click to deploy cloud (#205623) 2025-01-23 10:26:03 +01:00
pipelines [ci] Don't start APM/Profiling cypress if pre-checks don't pass (#208569) 2025-01-28 18:19:52 +01:00
scripts [CI] Validate pipeline resource definitions and location collection (#208398) 2025-01-29 12:45:28 +01:00
.mocharc.json [CI] Move kibana-buildkite-library into kibana (#134787) 2022-06-28 13:19:05 -04:00
.npmrc [CI] Move kibana-buildkite-library into kibana (#134787) 2022-06-28 13:19:05 -04:00
disabled_jest_configs.json [Index Management] Fix broken jest tests (#173029) 2023-12-18 17:21:28 +01:00
ftr_base_serverless_configs.yml [FTR] support "deployment agnostic" api-integration tests (#189853) 2024-08-07 10:34:52 -05:00
ftr_configs_manifests.json [FTR] split configs by target into multiple manifest files (#187440) 2024-07-19 15:00:53 +02:00
ftr_oblt_serverless_configs.yml [Discover] Add context awareness telemetry tests for Observability profiles (#201310) 2024-11-28 20:12:26 -04:00
ftr_oblt_stateful_configs.yml [Profiling] Migrate Profiling Cypress tests to on_merge from on_merge_unsupported_ftrs (#206727) 2025-01-21 17:09:42 +01:00
ftr_platform_stateful_configs.yml [Cloud Security] Deleting K8S Dashboard (#207127) 2025-01-27 14:06:29 +01:00
ftr_search_serverless_configs.yml Balance serverless test groups 2024-11-27 17:00:05 +02:00
ftr_search_stateful_configs.yml [FTR] split configs by target into multiple manifest files (#187440) 2024-07-19 15:00:53 +02:00
ftr_security_serverless_configs.yml [Security Solution] Implement rule customization license checks (#206079) 2025-01-29 18:20:47 +01:00
ftr_security_stateful_configs.yml [Security Solution] Implement rule customization license checks (#206079) 2025-01-29 18:20:47 +01:00
package-lock.json [ci] Click to deploy cloud (#205623) 2025-01-23 10:26:03 +01:00
package.json [ci] Click to deploy cloud (#205623) 2025-01-23 10:26:03 +01:00
pull_requests.json [ci] Click to deploy cloud (#205623) 2025-01-23 10:26:03 +01:00
README.md [CI] Move kibana-buildkite-library into kibana (#134787) 2022-06-28 13:19:05 -04:00
tsconfig.json fix(NA): adds pipeline-resource-definitions/fix-location-collection.ts into a tsconfig 2024-04-04 15:16:01 +01:00
tsconfig.test.json [CI] Move kibana-buildkite-library into kibana (#134787) 2022-06-28 13:19:05 -04:00

README.md

Kibana / Buildkite

Directory Structure

  • hooks - special directory used by Buildkite agents for hooks
  • pipeline-utils - Shared TypeScript utils for use in pipeline scripts
  • pipelines - contains pipeline definitions
  • scripts/common - scripts that get sourced by other scripts to set environment variables or import shared functions
  • scripts/lifecycle - general scripts for tasks that run before or after individual steps or the entire build
  • scripts/steps - scripts that define something that will run for a step defined in a pipeline
  • scripts/* - all other scripts are building blocks that make up the tasks in pipelines. They may be run by other scripts, but should not be sourced