[SIEM][Detections Engine] - Add rule markdown to timeline global notes #61026
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ine creation if signal.rule.note exists
…to investigate in timeline, updated unit tests
|
Pinging @elastic/siem (Team:SIEM) |
…/kibana into rule_mkd_timeline_note
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
💚 Build SucceededHistory
To update your PR or re-run it, just comment with: |
yctercero
added a commit
to yctercero/kibana
that referenced
this pull request
Mar 30, 2020
elastic#61026) [SIEM][Detections Engine] - Add rule markdown to timeline global notes * added functionality of new global timeline note created on init timeline creation if signal.rule.note exists Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
yctercero
added a commit
to yctercero/kibana
that referenced
this pull request
Mar 30, 2020
elastic#61026) [SIEM][Detections Engine] - Add rule markdown to timeline global notes * added functionality of new global timeline note created on init timeline creation if signal.rule.note exists Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
MindyRS
added
the
Team: SecuritySolution
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This is part of #59176 - broke up into smaller PRs.
Frontend PR - #60108
Backend PR - #59796
This PR adds functionality for rules investigation guide markdown field - referred to here as "rule note" (not to be confused with timeline notes). When opening a signal in timeline, if a "rule note" exists, it will create a new global timeline note with the guide content as the first note. Similar to how the other rule fields function, if "rule note" is updated, the new content will apply to new signals generated from that new rule version, timeline notes created from earlier rule versions are not updated with the new "rule note".
To test, ensure you have a rule activated that includes a
note. Go to Detections -> Manage signal detection rule -> select the rule that includesnote-> under Detected Signals, click on timeline icon (Investigate in timeline). You should see the timeline open (with either the specified timeline template or default timeline template) and see a Note count of 1 that includes the rulenotecontent.- if a rule guide exists, you should see 1 note in the new timeline that includes the guide content
- if a rule guide does not exist, you should see 0 notes in new timeline
(https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility)
Per design, updated hover text from 'View in timeline' to 'Investigate in timeline':
Per design, updated 'Investigation notes' to 'Investigation guide':
Checklist