[Security Solution][Detections] Adds UI for bulk applying timeline template #128691
Conversation
banderror
added
Team:Detections and Resp
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
banderror
force-pushed
the
bulk-applying-timeline-template
branch
from
d113dd7
to
7e8aaee
Compare
banderror
force-pushed
the
bulk-applying-timeline-template
branch
from
7e8aaee
to
3c3b469
Compare
|
This appears to be pre-existing, but the focus state of the Timeline Template selector component seems off in Dark Mode and doesn't match the combo box focus state from EUI here: Within flyout:
Within Edit Rules (also notice how it re-open after selection....weird)
Also found this interesting click behavior where if you click the 'favorite star' when selecting the first component it can't be reselected until focus is lost 😅 . This component needs some 💙 it seems. No need to do any of that here, but maybe open an issue to revisit this component and throw it on the backlog?
|
💚 Build SucceededMetrics [docs]Module Count
Async chunks
History
To update your PR or re-run it, just comment with: cc @banderror |
There was a problem hiding this comment.
Checked out, code reviewed and tested locally -- LGTM! Couple interesting behaviors with the ole Timeline Template component itself (pre-existing), so may want to open an issue to track those, and did notice the behavior where you cannot reset timeline templates to None as mentioned in the description, but 👍 for addressing that in a follow-up.
Other than that testing went great and I was able to apply timeline templates to custom rules just as we can make changes to index patterns or tags. Great to see how little code it takes to start exposing these bulk actions! 🙌 🙂
@spong Yup, here we go: #128740 🙂
I agree, it was pretty easy. Many thanks to @vitaliidm for making it possible! |
|
Hi @banderror, thanks for the screenshots. I am wondering that can I get a url to actually try and test this? |
|
@yiyangliu9286 At this point the best option for trying and testing it would be to pull from Deployment to Cloud from CI won't work because the PR has been closed. I also checked the current 8.2.0 snapshot version on Staging Cloud and it seems to be out of date (way behind Please ping me if you need any help with running it locally. Next time I'll make sure to prepare a cloud deployment beforehand. |
...ty_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/translations.tsx
Show resolved
Hide resolved
Thanks for the feedback @banderror. I am a little unfamiliar with the process to run Kibana locally (last time I run it took me 2 hours ish to do). I've also check the staging environment as this has not been updated yet. Next time let's make sure that we have the url or other ways to test it before we merged this branch, which would be ideal. I have updated my design regarding to @joepeeples's feedback. I think we will need to update
@banderror I noticed that this PR has already merged, please let me know if we need to start another issue to address these changes, I'd be happy to do that. thanks! |
|
@yiyangliu9286 @joepeeples thanks so much for your feedback! I'm going to submit a new PR with the proposed changes and fixes and figure out how to deploy the PR to Cloud. I'll add you to the reviewers when it's ready. |
…emplate (#129491) **Addresses:** #129294, #93083, elastic/security-team#2078 (internal) **Related to:** #128691 ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. - [x] Fix bulk resetting timeline template to **None** - [x] Fix UI copies - [ ] Add tests
…emplate (#129491) **Addresses:** #129294, #93083, elastic/security-team#2078 (internal) **Related to:** #128691 ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. - [x] Fix bulk resetting timeline template to **None** - [x] Fix UI copies - [ ] Add tests (cherry picked from commit 62c049b)
…emplate (#129491) (#130154) **Addresses:** #129294, #93083, elastic/security-team#2078 (internal) **Related to:** #128691 ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. - [x] Fix bulk resetting timeline template to **None** - [x] Fix UI copies - [ ] Add tests (cherry picked from commit 62c049b) Co-authored-by: Georgii Gorbachev <georgii.gorbachev@elastic.co>
Addresses: #93083, https://github.com/elastic/security-team/issues/2078 (internal)
Summary
This PR adds a UI for applying a timeline template to multiple rules in bulk.
There are a few issues that I'd like to address in a follow-up PR after the FF:
Nonedoesn't work because of the way thepatchRulesfunction works. This is a known bug in this implementation. We will need to replacepatchRuleswith something else for bulk editing actions.Other notes:
Screenshots
The template selector doesn't look good on a smaller screen:
Checklist
Delete any items that are not applicable to this PR.
For maintainers