[Security Solution] Support testing of prerelease detection rules with Kibana #147466
Assignees
Labels
8.7 candidate
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
v8.7.0
Comments
xcrzx
added
Team:Detections and Resp
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
xcrzx
changed the title
banderror
added
the
Feature:Prebuilt Detection Rules
2 tasks
spong
added a commit
that referenced
this issue
Jan 17, 2023
…rules (#148426) ## Summary Resolves #147466 Resolves #112910 * Updates `useUpgradeSecurityPackages` hook to install the `prerelease` version of the `endpoint` and `security_detection_engine` packages if the current branch is `main` or build is `-SNAPSHOT` (to ensure PR's are testing against the latest to-be-released packages) * Adds new `kibana.yml` configuration `xpack.securitySolution.prebuiltRulesPackageVersion` for specifying the version of the `security_detection_engine` package to install within the client-side logic of the `useUpgradeSecurityPackages` hook * Adds FTR helpers for consuming the `xpack.securitySolution.prebuiltRulesPackageVersion` configuration from the `kbnServerArgs` and for installing a specific detection rules package version [c467762](c467762). * Regenerated docs * Unskips `useUpgradeSecurityPackages` tests from [#112910](#112910) Note: I added jest tests for the `useUpgradeSecurityPackages` changes, however didn't find a reasonable way to test the `prebuiltRulesPackageVersion` configuration addition via FTR's, so ended up testing that manually by running a local `package-registry` and serving up two different versions of the `security_detection_engine` package (`8.3.1`/`8.4.1`) and specifying > xpack.securitySolution.prebuiltRulesPackageVersion: '8.3.1' in my `kibana.dev.yml` to try and install the previous version. This initially failed as fleet would say the package is `out-of-date` <p align="center"> <img width="700" src="https://user-images.githubusercontent.com/2946766/211948816-69860629-6db0-4007-8786-3b08f7312baf.png" /> </p> Since there was a higher version with the same `kibana.version` requirement: `kibana.version: ^8.4.0`. Modifying this for the higher version to `^8.9.0` then allowed for the installation of the `8.3.1` as specified in the `prebuiltRulesPackageVersion` setting: <p align="center"> <img width="700" src="https://user-images.githubusercontent.com/2946766/211946889-030c2fdd-6c7d-4124-a1dc-003b54982311.png" /> </p> <p align="center"> <img width="700" src="https://user-images.githubusercontent.com/2946766/211948135-03163b0f-b1c2-435a-b91f-c3cbbe028053.png" /> </p> As [mentioned](#148426 (comment)) by @xcrzx, I ended up adding `force:true` to the individual install request to get around this limitation and to have a better testing experience within Cypress. Note II: When using the `prebuiltRulesPackageVersion` setting, since this is used for updates initiated from the client and not on kibana start like the `fleet_package.json` (added in #143839), you will have to uninstall the package that was installed on start-up for this to be successful. Note III: When wanting to run the Cypress tests against a specific package version, be sure to update the cypress FTR configuration [cf3a83f](cf3a83f). ### Checklist Delete any items that are not applicable to this PR. - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
|
Additional artifacts from working this now that #148426 is merged: Internal docs PR for outlining our different test configurations: https://github.com/elastic/security-team/pull/5762 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Epic: https://github.com/elastic/security-team/issues/1974 (internal)
Summary
Use prerelease rules package versions for local development and CI
Fleet recently removed support of
snapshotandstagingregistries. All environments now useproductionpackages, including local setups and CI. That means there is no way to test prerelease versions of detection rules with Kibana.Fleet proposes using semantic versioning to mark prerelease packages, such as
8.5.1-next. To ensure proper testing, we need to update our code to install prerelease versions of the prepackaged rules package during local development and in CI. The logic should be similar to what we had previously:kibana/x-pack/plugins/fleet/server/services/epm/registry/registry_url.ts
Lines 22 to 31 in ba367bc
We should call methods that install packages with
prerelease: trueto install prerelease packages.Allow selecting the rules package version for testing
Currently, it is impossible to install the prebuilt rules package of a version other than the latest. Therefore, to alleviate the prebuilt rules package testing (see comment), we need to add the ability to specify desired package version in the Kibana config.
The text was updated successfully, but these errors were encountered: