[Security Solution] Implement a bulk action on the Detections rule page for associating timeline templates with rules #93083
Assignees
Labels
enhancement
New value added to drive a business result
Feature:Rule Management
Security Solution Detection Rule Management
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Theme: simp_prot_mgmt
Security Solution Simplified Protection Management Theme
v8.2.0
Comments
andrew-goldstein
added
enhancement
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
peluja1012
added
Team:Detection Rule Management
8 tasks
banderror
added a commit
that referenced
this issue
Mar 29, 2022
…mplate (#128691) **Addresses:** #93083, elastic/security-team#2078 (internal) ## Summary This PR adds a UI for applying a timeline template to multiple rules in bulk. - A new bulk actions menu item to the Rule Management table. - A new form flyout for applying a timeline template. - Some glue code to connect them. There are a few issues that I'd like to address in a follow-up PR after the FF: 1. Resetting already applied templates to `None` doesn't work because of the way the `patchRules` function works. This is a known bug in this implementation. We will need to replace `patchRules` with something else for bulk editing actions. 2. I need to add some test coverage. Other notes: - I changed some copies to hopefully make it a little bit clearer. Let me know if you want to rephrase. ## Screenshots  The template selector doesn't look good on a smaller screen: 
8 tasks
11 tasks
banderror
added a commit
that referenced
this issue
Apr 13, 2022
…emplate (#129491) **Addresses:** #129294, #93083, elastic/security-team#2078 (internal) **Related to:** #128691 ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. - [x] Fix bulk resetting timeline template to **None** - [x] Fix UI copies - [ ] Add tests
kibanamachine
pushed a commit
that referenced
this issue
Apr 13, 2022
…emplate (#129491) **Addresses:** #129294, #93083, elastic/security-team#2078 (internal) **Related to:** #128691 ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. - [x] Fix bulk resetting timeline template to **None** - [x] Fix UI copies - [ ] Add tests (cherry picked from commit 62c049b)
kibanamachine
added a commit
that referenced
this issue
Apr 13, 2022
…emplate (#129491) (#130154) **Addresses:** #129294, #93083, elastic/security-team#2078 (internal) **Related to:** #128691 ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. - [x] Fix bulk resetting timeline template to **None** - [x] Fix UI copies - [ ] Add tests (cherry picked from commit 62c049b) Co-authored-by: Georgii Gorbachev <georgii.gorbachev@elastic.co>
|
Closing as we shipped this feature in 8.2. #128691 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Implement a bulk action on the Detections rule page for associating timeline templates with rules
To associate a timeline template with multiple rules, users must visit the Detections rule page, manually click-through to each rule definition that will be associated with the template, and then update the rule to associate the template timeline.
When associating a timeline template with rules authored by Elastic, users must first duplicate each Elastic-provided rule before associating the detection rule with a timeline template.
We received user feedback that in addition to removing the requirement for duplicating rules in #92838 as noted above, providing a bulk action on the Detections rule page for associating a timeline template with multiple rules would significantly improve this experience of assocating templates with rules.
Kibana/Elasticsearch Stack version:
7.11
The text was updated successfully, but these errors were encountered: