New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution][Exceptions] - Add exception list duplication options with and without expired items #154991
Conversation
…plication - unit tests added
…m list details header
Pinging @elastic/security-solution (Team: SecuritySolution) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pulled down and tested all three scenarios, looks good from an alert area pov. Great test coverage!
const filter = includeExpiredExceptions | ||
? [] | ||
: [ | ||
`(${savedObjectPrefix}.attributes.expire_time > "${new Date().toISOString()}" OR NOT ${savedObjectPrefix}.attributes.expire_time: *)`, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This isn't necessarily a comment for your PR but we should perhaps centralize this filter string since it's used just about every place we have to filter for/against expired exceptions and probably will be going forward. I know we have this for an array of SavedObjectType
's but nothing else.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point! I can probably do a follow up with this. My only hesitation doing it here is trying not to increase the number of files touched since it's already much more than anticipated.
… for ttl items option
Thanks for tagging the docs team for the UI copy, @yctercero! Please find my suggestions below. Confirmation prompt to duplicate expired exception itemsDoes this prompt only appear after users choose to duplicate a shared exception list with expired exception items? If it does, I recommend some minor tweaks:
If this prompt appears after users choose to duplicate a shared exception list or it appears regardless of whether the list contains expired exception items, I'd suggest something different. I'll hold off on that for now though. Confirmation prompt to duplicate ruleTitle Body If the user is duplicating multiple rules: Options
If the user is duplicating multiple rules:
|
modalDuplicationConfirmationResult === DuplicateOptions.withExceptions || | ||
modalDuplicationConfirmationResult === | ||
DuplicateOptions.withExceptionsExcludeExpiredExceptions, | ||
include_expired_exceptions: !( | ||
modalDuplicationConfirmationResult === | ||
DuplicateOptions.withExceptionsExcludeExpiredExceptions | ||
), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: Maybe have useBulkDuplicateExceptionsConfirmation
's showBulkDuplicateConfirmation
return object also include include_exceptions
/include_expired_exceptions
bools thus encapsulating this logic?
Was just thinking how to DRY this out since it's used a few places, no biggie either way.
...y_solution/server/lib/detection_engine/rule_management/logic/actions/duplicate_exceptions.ts
Outdated
Show resolved
Hide resolved
...y_solution/server/lib/detection_engine/rule_management/logic/actions/duplicate_exceptions.ts
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed rules area code changes, checked out, tested locally and LGTM! 👍 🚀
Great stuff here @yctercero 🎉 I left a few nits, but nothing major. Really appreciate the thorough test coverage you added here .
I tested both the Rules Table/Details bulk_editing paths, along with the Shared Exceptions UI duplication as well. Didn't find any issues, and everything looked as expected (even when duplicating lists with only expired exception items :).
LGTM! Nice work @yctercero I only have one question, currently the rule duplication modal window looks like that. And for me, options is more confusing than it was here |
.send() | ||
.expect(200); | ||
|
||
// Item should have been duplicated, even if expired |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the comments. Really helpful!
x-pack/test/detection_engine_api_integration/security_and_spaces/group10/perform_bulk_action.ts
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Investigations changes - Seems like they were only cypress tests, so might be worth updating codeowners or re-organizing the files later on as most of these don't affect us
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Module Count
Public APIs missing comments
Any counts in public APIs
Async chunks
Unknown metric groupsAPI count
ESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: cc @yctercero |
…ons with and without expired items (elastic#154991) ## Summary Adds the following: - Add the option to duplicate from the shared exception list management actions dropdowns - User can select to include exception items with expired TTL - User can select to not include exception items with expired TTL - Cypress tests added for both options
Summary
Adds the following:
Checklist