-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Implement a bulk action on the Detections rule page for associating timeline templates with rules #93083
Labels
enhancement
New value added to drive a business result
Feature:Rule Management
Security Solution Detection Rule Management
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Theme: simp_prot_mgmt
Security Solution Simplified Protection Management Theme
v8.2.0
Comments
andrew-goldstein
added
enhancement
New value added to drive a business result
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Feature:Rule Management
Security Solution Detection Rule Management
labels
Mar 1, 2021
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
Pinging @elastic/security-solution (Team: SecuritySolution) |
peluja1012
added
Team:Detection Rule Management
Security Detection Rule Management Team
Theme: simp_prot_mgmt
Security Solution Simplified Protection Management Theme
labels
Oct 22, 2021
8 tasks
banderror
added a commit
that referenced
this issue
Mar 29, 2022
…mplate (#128691) **Addresses:** #93083, elastic/security-team#2078 (internal) ## Summary This PR adds a UI for applying a timeline template to multiple rules in bulk. - A new bulk actions menu item to the Rule Management table. - A new form flyout for applying a timeline template. - Some glue code to connect them. There are a few issues that I'd like to address in a follow-up PR after the FF: 1. Resetting already applied templates to `None` doesn't work because of the way the `patchRules` function works. This is a known bug in this implementation. We will need to replace `patchRules` with something else for bulk editing actions. 2. I need to add some test coverage. Other notes: - I changed some copies to hopefully make it a little bit clearer. Let me know if you want to rephrase. ## Screenshots ![](https://puu.sh/IRpnL/9abe2ce1b5.png) The template selector doesn't look good on a smaller screen: ![](https://puu.sh/IRpyP/eb7bebabc7.png)
8 tasks
11 tasks
banderror
added a commit
that referenced
this issue
Apr 13, 2022
…emplate (#129491) **Addresses:** #129294, #93083, elastic/security-team#2078 (internal) **Related to:** #128691 ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. - [x] Fix bulk resetting timeline template to **None** - [x] Fix UI copies - [ ] Add tests
kibanamachine
pushed a commit
that referenced
this issue
Apr 13, 2022
…emplate (#129491) **Addresses:** #129294, #93083, elastic/security-team#2078 (internal) **Related to:** #128691 ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. - [x] Fix bulk resetting timeline template to **None** - [x] Fix UI copies - [ ] Add tests (cherry picked from commit 62c049b)
kibanamachine
added a commit
that referenced
this issue
Apr 13, 2022
…emplate (#129491) (#130154) **Addresses:** #129294, #93083, elastic/security-team#2078 (internal) **Related to:** #128691 ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. - [x] Fix bulk resetting timeline template to **None** - [x] Fix UI copies - [ ] Add tests (cherry picked from commit 62c049b) Co-authored-by: Georgii Gorbachev <georgii.gorbachev@elastic.co>
Closing as we shipped this feature in 8.2. #128691 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
enhancement
New value added to drive a business result
Feature:Rule Management
Security Solution Detection Rule Management
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Theme: simp_prot_mgmt
Security Solution Simplified Protection Management Theme
v8.2.0
Implement a bulk action on the Detections rule page for associating timeline templates with rules
To associate a timeline template with multiple rules, users must visit the Detections rule page, manually click-through to each rule definition that will be associated with the template, and then update the rule to associate the template timeline.
When associating a timeline template with rules authored by Elastic, users must first duplicate each Elastic-provided rule before associating the detection rule with a timeline template.
We received user feedback that in addition to removing the requirement for duplicating rules in #92838 as noted above, providing a bulk action on the Detections rule page for associating a timeline template with multiple rules would significantly improve this experience of assocating templates with rules.
Kibana/Elasticsearch Stack version:
7.11
The text was updated successfully, but these errors were encountered: