Edit related_integrations field for custom rules in UI and API #5099
Comments
maximpn
added
Team: Detections/Response
banderror
changed the title
banderror
changed the title
|
@maximpn Thanks for creating the issue! Turnaround for serverless publishing is a little tighter than the 2 weeks that we typically need, but I think I can make it work. @approksiu I wanted to point out that the estimated serverless and ESS/stateful release dates for this are pretty far apart: April 29 for serverless and months later on July 23 for the ESS release in 8.15.0. We don't currently have a way of announcing new features for serverless (no serverless "What's New" or even serverless release notes/changelog), so until 8.15 comes out, serverless customers might not know that there's a new feature unless they just stumble across it. Of course, we'll include it in the docs so they won't be without help, and maybe it's OK for something like this which is just a small part of a larger proper feature. It's just a really long gap, and not something we've dealt with before, so I wanted to at least call attention to it. Thanks! |
|
@joepeeples valid points! I think it's fine in this instance or for a few smaller features like this. The design team is working on new concepts that will address these concerns - we should be able to inform users about the features in UI in the future. |
@joepeeples there is no pressure here. If you 100% sure it's impossible to updates the docs by April 29 it can be next Serverless releases on May 6 or May 13. Just l let us know what works the best for you. |
Thanks @maximpn, could we shoot for May 6 then? There are some other serverless updates I'm currently working to finish by end of April. |
joepeeples
changed the title
Description
There is a PR adding functionality to add and edit rule's related integrations. Currently related integrations are only hardcoded in Elastic prebuilt rules. Users can view them on rules details page. When the mentioned above PR is merged users will be able to add related integrations when creating a custom rule. On top of that users will be able to update related integrations when editing a rule.
Background & resources
Which documentation set does this change impact?
ESS and serverless
ESS release
8.15
Serverless release
Mon, 6th May 2024
Feature differences
The feature is identical in ESS/serverless.
API docs impact
The feature touched existing rule management endpoints. All endpoints will accept related integrations as well as return them. The followings APIs are affected
GET /api/detection_engine/rulesPOST /api/detection_engine/rulesPUT /api/detection_engine/rulesPATCH /api/detection_engine/rulesGET /api/detection_engine/rules/_findPOST /api/detection_engine/rules/_bulk_create(endpoint is deprecated)PUT /api/detection_engine/rules/_bulk_update(endpoint is deprecated)PATCH /api/detection_engine/rules/_bulk_update(endpoint is deprecated)POST /api/detection_engine/rules/_bulk_actionPOST /api/detection_engine/rules/_importPOST /api/detection_engine/rules/_exportPrerequisites, privileges, feature flags
There is not a feature flag for the feature.
Tasks
The text was updated successfully, but these errors were encountered: