Edit related_integrations field for custom rules in UI and API #5099
Labels
Docset: ESS
Issues that apply to docs in the Stack release
Docset: Serverless
Issues for Serverless Security
Feature: Rules
Team: Detections/Response
Detections and Response
v8.15.0
Description
There is a PR adding functionality to add and edit rule's related integrations. Currently related integrations are only hardcoded in Elastic prebuilt rules. Users can view them on rules details page. When the mentioned above PR is merged users will be able to add related integrations when creating a custom rule. On top of that users will be able to update related integrations when editing a rule.
Background & resources
Which documentation set does this change impact?
ESS and serverless
ESS release
8.15
Serverless release
Mon, 6th May 2024
Feature differences
The feature is identical in ESS/serverless.
API docs impact
The feature touched existing rule management endpoints. All endpoints will accept related integrations as well as return them. The followings APIs are affected
GET /api/detection_engine/rules
POST /api/detection_engine/rules
PUT /api/detection_engine/rules
PATCH /api/detection_engine/rules
GET /api/detection_engine/rules/_find
POST /api/detection_engine/rules/_bulk_create
(endpoint is deprecated)PUT /api/detection_engine/rules/_bulk_update
(endpoint is deprecated)PATCH /api/detection_engine/rules/_bulk_update
(endpoint is deprecated)POST /api/detection_engine/rules/_bulk_action
POST /api/detection_engine/rules/_import
POST /api/detection_engine/rules/_export
Prerequisites, privileges, feature flags
There is not a feature flag for the feature.
Tasks
The text was updated successfully, but these errors were encountered: