Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Edit related_integrations field for custom rules in UI and API #5099

Open
1 of 3 tasks
Tracked by #174168
maximpn opened this issue Apr 18, 2024 · 4 comments
Open
1 of 3 tasks
Tracked by #174168

Edit related_integrations field for custom rules in UI and API #5099

maximpn opened this issue Apr 18, 2024 · 4 comments
Assignees
Labels
Docset: ESS Issues that apply to docs in the Stack release Docset: Serverless Issues for Serverless Security Feature: Rules Team: Detections/Response Detections and Response v8.15.0

Comments

@maximpn
Copy link

maximpn commented Apr 18, 2024

Description

There is a PR adding functionality to add and edit rule's related integrations. Currently related integrations are only hardcoded in Elastic prebuilt rules. Users can view them on rules details page. When the mentioned above PR is merged users will be able to add related integrations when creating a custom rule. On top of that users will be able to update related integrations when editing a rule.

Background & resources

Which documentation set does this change impact?

ESS and serverless

ESS release

8.15

Serverless release

Mon, 6th May 2024

Feature differences

The feature is identical in ESS/serverless.

API docs impact

The feature touched existing rule management endpoints. All endpoints will accept related integrations as well as return them. The followings APIs are affected

  • Get rule GET /api/detection_engine/rules
  • Create rule POST /api/detection_engine/rules
  • Update rule PUT /api/detection_engine/rules
  • Patch rule PATCH /api/detection_engine/rules
  • Find rules GET /api/detection_engine/rules/_find
  • Bulk create rules POST /api/detection_engine/rules/_bulk_create (endpoint is deprecated)
  • Bulk update rules PUT /api/detection_engine/rules/_bulk_update (endpoint is deprecated)
  • Bulk patch rules PATCH /api/detection_engine/rules/_bulk_update (endpoint is deprecated)
  • Bulk actions POST /api/detection_engine/rules/_bulk_action
    • Edit rules
    • Export rules
    • Import rules
    • Rule response from bulk operations
  • Import rules POST /api/detection_engine/rules/_import
  • Export rules POST /api/detection_engine/rules/_export

Prerequisites, privileges, feature flags

There is not a feature flag for the feature.


Tasks

@maximpn maximpn added Team: Detections/Response Detections and Response Feature: Rules Docset: Serverless Issues for Serverless Security Docset: ESS Issues that apply to docs in the Stack release v8.15.0 labels Apr 18, 2024
@banderror banderror changed the title [Request] Document new related integrations editing functionality for custom rules [Request] Ability to edit related integrations field for custom rules in UI and API Apr 18, 2024
@banderror banderror changed the title [Request] Ability to edit related integrations field for custom rules in UI and API [Request] Ability to edit related_integrations field for custom rules in UI and API Apr 18, 2024
@joepeeples
Copy link
Contributor

@maximpn Thanks for creating the issue! Turnaround for serverless publishing is a little tighter than the 2 weeks that we typically need, but I think I can make it work.

@approksiu I wanted to point out that the estimated serverless and ESS/stateful release dates for this are pretty far apart: April 29 for serverless and months later on July 23 for the ESS release in 8.15.0. We don't currently have a way of announcing new features for serverless (no serverless "What's New" or even serverless release notes/changelog), so until 8.15 comes out, serverless customers might not know that there's a new feature unless they just stumble across it. Of course, we'll include it in the docs so they won't be without help, and maybe it's OK for something like this which is just a small part of a larger proper feature. It's just a really long gap, and not something we've dealt with before, so I wanted to at least call attention to it. Thanks!

@approksiu
Copy link

@joepeeples valid points! I think it's fine in this instance or for a few smaller features like this. The design team is working on new concepts that will address these concerns - we should be able to inform users about the features in UI in the future.

@maximpn
Copy link
Author

maximpn commented Apr 18, 2024

Thanks for creating the issue! Turnaround for serverless publishing is a little tighter than the 2 weeks that we typically need, but I think I can make it work.

@joepeeples there is no pressure here. If you 100% sure it's impossible to updates the docs by April 29 it can be next Serverless releases on May 6 or May 13. Just l let us know what works the best for you.

@joepeeples
Copy link
Contributor

it can be next Serverless releases on May 6 or May 13. Just l let us know what works the best for you.

Thanks @maximpn, could we shoot for May 6 then? There are some other serverless updates I'm currently working to finish by end of April.

@joepeeples joepeeples changed the title [Request] Ability to edit related_integrations field for custom rules in UI and API Edit related_integrations field for custom rules in UI and API Apr 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Docset: ESS Issues that apply to docs in the Stack release Docset: Serverless Issues for Serverless Security Feature: Rules Team: Detections/Response Detections and Response v8.15.0
Projects
None yet
Development

No branches or pull requests

3 participants