[Security Solution] Users can Customize Prebuilt Detection Rules: Milestone 3 #174168
Open
77 of 92 tasks
Assignees
Labels
8.18 candidate
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules area
Meta
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
v8.14.0
v8.15.0
v8.16.0
v8.17.0
v8.18.0
Comments
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
This was referenced Jan 26, 2024
Closed
[Security Solution] [PRC Milestone 3] Update Prebuilt Rules endpoints to new Prebuilt schema
#175771
Closed
Draft plan for Milestone 3UPD: the plan has been moved to the ticket description. |
This was referenced Mar 6, 2024
13 tasks
This was referenced Jan 28, 2025
Closed
This was referenced Feb 4, 2025
Open
Open
banderror
added a commit
that referenced
this issue
Feb 14, 2025
…ew (Rule Upgrade flyout) v1 (#205645) **Epics:** elastic/security-team#1974 (internal), #174168 **Addresses:** #202078 ## Summary This PR adds a test plan for rule upgrade flyout. --------- Co-authored-by: Georgii Gorbachev <georgii.gorbachev@elastic.co>
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Feb 14, 2025
…ew (Rule Upgrade flyout) v1 (elastic#205645) **Epics:** elastic/security-team#1974 (internal), elastic#174168 **Addresses:** elastic#202078 ## Summary This PR adds a test plan for rule upgrade flyout. --------- Co-authored-by: Georgii Gorbachev <georgii.gorbachev@elastic.co> (cherry picked from commit ecd3316)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Feb 14, 2025
…ew (Rule Upgrade flyout) v1 (elastic#205645) **Epics:** elastic/security-team#1974 (internal), elastic#174168 **Addresses:** elastic#202078 ## Summary This PR adds a test plan for rule upgrade flyout. --------- Co-authored-by: Georgii Gorbachev <georgii.gorbachev@elastic.co> (cherry picked from commit ecd3316)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Feb 14, 2025
…ew (Rule Upgrade flyout) v1 (elastic#205645) **Epics:** elastic/security-team#1974 (internal), elastic#174168 **Addresses:** elastic#202078 ## Summary This PR adds a test plan for rule upgrade flyout. --------- Co-authored-by: Georgii Gorbachev <georgii.gorbachev@elastic.co> (cherry picked from commit ecd3316)
banderror
added a commit
that referenced
this issue
Feb 14, 2025
…part 1 (#211300) **Epic:** #174168 **Partially addresses:** #202068, #202078, #202079 ## Summary We're cleaning up and refactoring our existing test plans for prebuilt rule customization, upgrade, and export/import workflows. Specifically, in this PR we're consistently: - Changing the file names and test plan titles. - Adding or expanding test plan summaries. - Regenerating tables of contents using the [Markdown All in One](https://marketplace.visualstudio.com/items?itemName=yzhang.markdown-all-in-one) VS Code extension. No "functional" changes have been made to any test plans, such as adding, removing, or updating any scenarios. This refactoring prepares the test plans for being "functionally" changed and improved in follow-up PRs. For example, we're going to cover the logic described in #210358 and address any other gaps in coverage.
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Feb 14, 2025
…part 1 (elastic#211300) **Epic:** elastic#174168 **Partially addresses:** elastic#202068, elastic#202078, elastic#202079 ## Summary We're cleaning up and refactoring our existing test plans for prebuilt rule customization, upgrade, and export/import workflows. Specifically, in this PR we're consistently: - Changing the file names and test plan titles. - Adding or expanding test plan summaries. - Regenerating tables of contents using the [Markdown All in One](https://marketplace.visualstudio.com/items?itemName=yzhang.markdown-all-in-one) VS Code extension. No "functional" changes have been made to any test plans, such as adding, removing, or updating any scenarios. This refactoring prepares the test plans for being "functionally" changed and improved in follow-up PRs. For example, we're going to cover the logic described in elastic#210358 and address any other gaps in coverage. (cherry picked from commit 9600de4)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Feb 14, 2025
…part 1 (elastic#211300) **Epic:** elastic#174168 **Partially addresses:** elastic#202068, elastic#202078, elastic#202079 ## Summary We're cleaning up and refactoring our existing test plans for prebuilt rule customization, upgrade, and export/import workflows. Specifically, in this PR we're consistently: - Changing the file names and test plan titles. - Adding or expanding test plan summaries. - Regenerating tables of contents using the [Markdown All in One](https://marketplace.visualstudio.com/items?itemName=yzhang.markdown-all-in-one) VS Code extension. No "functional" changes have been made to any test plans, such as adding, removing, or updating any scenarios. This refactoring prepares the test plans for being "functionally" changed and improved in follow-up PRs. For example, we're going to cover the logic described in elastic#210358 and address any other gaps in coverage. (cherry picked from commit 9600de4)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Feb 14, 2025
…part 1 (elastic#211300) **Epic:** elastic#174168 **Partially addresses:** elastic#202068, elastic#202078, elastic#202079 ## Summary We're cleaning up and refactoring our existing test plans for prebuilt rule customization, upgrade, and export/import workflows. Specifically, in this PR we're consistently: - Changing the file names and test plan titles. - Adding or expanding test plan summaries. - Regenerating tables of contents using the [Markdown All in One](https://marketplace.visualstudio.com/items?itemName=yzhang.markdown-all-in-one) VS Code extension. No "functional" changes have been made to any test plans, such as adding, removing, or updating any scenarios. This refactoring prepares the test plans for being "functionally" changed and improved in follow-up PRs. For example, we're going to cover the logic described in elastic#210358 and address any other gaps in coverage. (cherry picked from commit 9600de4)
banderror
added a commit
that referenced
this issue
Feb 18, 2025
…part 2 (#211472) **Epic:** #174168 **Partially addresses:** #202068, #202078, #202079 **Follow-up to:** #211300 ## Summary We're cleaning up and refactoring our existing test plans for prebuilt rule customization, upgrade, and export/import workflows. Specifically, this PR: - Creates an "entrypoint" file that should help navigate all the test plans for prebuilt rules. - Creates a file for keeping common information about prebuilt rules that can be shared between the test plans. - Extracts duplicated terminology to the file with common information. - Extracts duplicated assumptions to the file with common information. - Extracts duplicated non-functional requirements to the file with common information. - Adds user stories to each test plan. - Updates links to tickets in every test plan. No "functional" changes have been made to any test plans, such as adding, removing, or updating any scenarios. This refactoring prepares the test plans for being "functionally" changed and improved in follow-up PRs. For example, we're going to cover the logic described in #210358 and address any other gaps in coverage. ## Review tip It might be easier to review this PR commit-by-commit as each of them contains logically cohesive changes.
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Feb 18, 2025
…part 2 (elastic#211472) **Epic:** elastic#174168 **Partially addresses:** elastic#202068, elastic#202078, elastic#202079 **Follow-up to:** elastic#211300 ## Summary We're cleaning up and refactoring our existing test plans for prebuilt rule customization, upgrade, and export/import workflows. Specifically, this PR: - Creates an "entrypoint" file that should help navigate all the test plans for prebuilt rules. - Creates a file for keeping common information about prebuilt rules that can be shared between the test plans. - Extracts duplicated terminology to the file with common information. - Extracts duplicated assumptions to the file with common information. - Extracts duplicated non-functional requirements to the file with common information. - Adds user stories to each test plan. - Updates links to tickets in every test plan. No "functional" changes have been made to any test plans, such as adding, removing, or updating any scenarios. This refactoring prepares the test plans for being "functionally" changed and improved in follow-up PRs. For example, we're going to cover the logic described in elastic#210358 and address any other gaps in coverage. ## Review tip It might be easier to review this PR commit-by-commit as each of them contains logically cohesive changes. (cherry picked from commit 786df79)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Feb 18, 2025
…part 2 (elastic#211472) **Epic:** elastic#174168 **Partially addresses:** elastic#202068, elastic#202078, elastic#202079 **Follow-up to:** elastic#211300 ## Summary We're cleaning up and refactoring our existing test plans for prebuilt rule customization, upgrade, and export/import workflows. Specifically, this PR: - Creates an "entrypoint" file that should help navigate all the test plans for prebuilt rules. - Creates a file for keeping common information about prebuilt rules that can be shared between the test plans. - Extracts duplicated terminology to the file with common information. - Extracts duplicated assumptions to the file with common information. - Extracts duplicated non-functional requirements to the file with common information. - Adds user stories to each test plan. - Updates links to tickets in every test plan. No "functional" changes have been made to any test plans, such as adding, removing, or updating any scenarios. This refactoring prepares the test plans for being "functionally" changed and improved in follow-up PRs. For example, we're going to cover the logic described in elastic#210358 and address any other gaps in coverage. ## Review tip It might be easier to review this PR commit-by-commit as each of them contains logically cohesive changes. (cherry picked from commit 786df79)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Feb 18, 2025
…part 2 (elastic#211472) **Epic:** elastic#174168 **Partially addresses:** elastic#202068, elastic#202078, elastic#202079 **Follow-up to:** elastic#211300 ## Summary We're cleaning up and refactoring our existing test plans for prebuilt rule customization, upgrade, and export/import workflows. Specifically, this PR: - Creates an "entrypoint" file that should help navigate all the test plans for prebuilt rules. - Creates a file for keeping common information about prebuilt rules that can be shared between the test plans. - Extracts duplicated terminology to the file with common information. - Extracts duplicated assumptions to the file with common information. - Extracts duplicated non-functional requirements to the file with common information. - Adds user stories to each test plan. - Updates links to tickets in every test plan. No "functional" changes have been made to any test plans, such as adding, removing, or updating any scenarios. This refactoring prepares the test plans for being "functionally" changed and improved in follow-up PRs. For example, we're going to cover the logic described in elastic#210358 and address any other gaps in coverage. ## Review tip It might be easier to review this PR commit-by-commit as each of them contains logically cohesive changes. (cherry picked from commit 786df79)
banderror
added a commit
that referenced
this issue
Feb 26, 2025
…part 3 (#212420) **Epic:** #174168 **Partially addresses:** #202068, #202078, #202079 **Follow-up to:** #211472 ## Summary We're cleaning up and refactoring our existing test plans for prebuilt rule customization, upgrade, and export/import workflows. Specifically, this PR: - Updates the common structure of test plans: - Adds a tip to each test plan's header to help with navigating all our test plans for prebuilt rules. - Introduces a new `Requirements` section to each one and consolidates assumptions, technical requirements and product requirements under it. - Each `Product requirements` section now contains relevant user stories and other product details. In the document flow this is kept close to the `Scenarios` section. - Updates the test plan template according to the updated structure. - Moves the documentation about customizable and non-customizable rule fields to the common info document. - Restores the lost changes from commit bde4612. No "functional" changes have been made to any test plans, such as adding, removing, or updating any scenarios. The only functional-like changes were made to the user stories when creating/updating the product requirements sections. This PR wraps up the refactoring efforts aimed to prepare the test plans for being "functionally" changed and improved in follow-up PRs. In the following PRs, we're going to cover the logic described in #210358, address any gaps in the coverage, and improve the scenarios structure and wording. ## Review tip It might be easier to review this PR commit-by-commit as each of them contains logically cohesive changes.
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Feb 26, 2025
…part 3 (elastic#212420) **Epic:** elastic#174168 **Partially addresses:** elastic#202068, elastic#202078, elastic#202079 **Follow-up to:** elastic#211472 ## Summary We're cleaning up and refactoring our existing test plans for prebuilt rule customization, upgrade, and export/import workflows. Specifically, this PR: - Updates the common structure of test plans: - Adds a tip to each test plan's header to help with navigating all our test plans for prebuilt rules. - Introduces a new `Requirements` section to each one and consolidates assumptions, technical requirements and product requirements under it. - Each `Product requirements` section now contains relevant user stories and other product details. In the document flow this is kept close to the `Scenarios` section. - Updates the test plan template according to the updated structure. - Moves the documentation about customizable and non-customizable rule fields to the common info document. - Restores the lost changes from commit elastic@bde4612. No "functional" changes have been made to any test plans, such as adding, removing, or updating any scenarios. The only functional-like changes were made to the user stories when creating/updating the product requirements sections. This PR wraps up the refactoring efforts aimed to prepare the test plans for being "functionally" changed and improved in follow-up PRs. In the following PRs, we're going to cover the logic described in elastic#210358, address any gaps in the coverage, and improve the scenarios structure and wording. ## Review tip It might be easier to review this PR commit-by-commit as each of them contains logically cohesive changes. (cherry picked from commit c961659)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Feb 26, 2025
…part 3 (elastic#212420) **Epic:** elastic#174168 **Partially addresses:** elastic#202068, elastic#202078, elastic#202079 **Follow-up to:** elastic#211472 ## Summary We're cleaning up and refactoring our existing test plans for prebuilt rule customization, upgrade, and export/import workflows. Specifically, this PR: - Updates the common structure of test plans: - Adds a tip to each test plan's header to help with navigating all our test plans for prebuilt rules. - Introduces a new `Requirements` section to each one and consolidates assumptions, technical requirements and product requirements under it. - Each `Product requirements` section now contains relevant user stories and other product details. In the document flow this is kept close to the `Scenarios` section. - Updates the test plan template according to the updated structure. - Moves the documentation about customizable and non-customizable rule fields to the common info document. - Restores the lost changes from commit elastic@bde4612. No "functional" changes have been made to any test plans, such as adding, removing, or updating any scenarios. The only functional-like changes were made to the user stories when creating/updating the product requirements sections. This PR wraps up the refactoring efforts aimed to prepare the test plans for being "functionally" changed and improved in follow-up PRs. In the following PRs, we're going to cover the logic described in elastic#210358, address any gaps in the coverage, and improve the scenarios structure and wording. ## Review tip It might be easier to review this PR commit-by-commit as each of them contains logically cohesive changes. (cherry picked from commit c961659)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Feb 26, 2025
…part 3 (elastic#212420) **Epic:** elastic#174168 **Partially addresses:** elastic#202068, elastic#202078, elastic#202079 **Follow-up to:** elastic#211472 ## Summary We're cleaning up and refactoring our existing test plans for prebuilt rule customization, upgrade, and export/import workflows. Specifically, this PR: - Updates the common structure of test plans: - Adds a tip to each test plan's header to help with navigating all our test plans for prebuilt rules. - Introduces a new `Requirements` section to each one and consolidates assumptions, technical requirements and product requirements under it. - Each `Product requirements` section now contains relevant user stories and other product details. In the document flow this is kept close to the `Scenarios` section. - Updates the test plan template according to the updated structure. - Moves the documentation about customizable and non-customizable rule fields to the common info document. - Restores the lost changes from commit elastic@bde4612. No "functional" changes have been made to any test plans, such as adding, removing, or updating any scenarios. The only functional-like changes were made to the user stories when creating/updating the product requirements sections. This PR wraps up the refactoring efforts aimed to prepare the test plans for being "functionally" changed and improved in follow-up PRs. In the following PRs, we're going to cover the logic described in elastic#210358, address any gaps in the coverage, and improve the scenarios structure and wording. ## Review tip It might be easier to review this PR commit-by-commit as each of them contains logically cohesive changes. (cherry picked from commit c961659)
JoseLuisGJ
pushed a commit
to JoseLuisGJ/kibana
that referenced
this issue
Feb 27, 2025
…part 3 (elastic#212420) **Epic:** elastic#174168 **Partially addresses:** elastic#202068, elastic#202078, elastic#202079 **Follow-up to:** elastic#211472 ## Summary We're cleaning up and refactoring our existing test plans for prebuilt rule customization, upgrade, and export/import workflows. Specifically, this PR: - Updates the common structure of test plans: - Adds a tip to each test plan's header to help with navigating all our test plans for prebuilt rules. - Introduces a new `Requirements` section to each one and consolidates assumptions, technical requirements and product requirements under it. - Each `Product requirements` section now contains relevant user stories and other product details. In the document flow this is kept close to the `Scenarios` section. - Updates the test plan template according to the updated structure. - Moves the documentation about customizable and non-customizable rule fields to the common info document. - Restores the lost changes from commit elastic@bde4612. No "functional" changes have been made to any test plans, such as adding, removing, or updating any scenarios. The only functional-like changes were made to the user stories when creating/updating the product requirements sections. This PR wraps up the refactoring efforts aimed to prepare the test plans for being "functionally" changed and improved in follow-up PRs. In the following PRs, we're going to cover the logic described in elastic#210358, address any gaps in the coverage, and improve the scenarios structure and wording. ## Review tip It might be easier to review this PR commit-by-commit as each of them contains logically cohesive changes.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Epic: https://github.com/elastic/security-team/issues/1974 (internal)
Milestones: << • >>
Status: In development.
Summary
Milestone 3: Add support for customizing prebuilt rules. Extend the rule upgrade workflow with full support for 3-way diffs and conflict resolution. Allow users to:
User stories
Prebuilt rule customization workflow:
Prebuilt rule upgrade workflow:
Prebuilt rule export/import workflow:
Useful info
Design
Technical design
UI/UX design
Preparatory changes
Preparatory changes is something we can work on before starting to hide functionality behind a feature flag. This will reduce the overall complexity introduced by feature toggling.
Missing UI for editing certain rule fields
Missing UI for editing certain rule fields (docs)
Schema-related changes
rule_sourceto the API schema #180122rule_sourcefield together withimmutable#180141DetectionRulesClientrefactoring. Part 2 #184364rule_sourceandimmutablefields #180140Rule customization, API changes
ruleSource.isCustomizedin API endpoint handlers #180145ruleSource.isCustomizedin bulk edit API #187706rule_sourcefield required inRuleResponse#180270Rule upgrade, API changes
POST /prebuilt_rules/upgrade/_reviewAPI endpoint even if they haven't been updated by Elastic in the target version #180154POST /upgrade/_reviewAPI endpoint's contract and functionality #180153/upgrade/_reviewupgrade workflow #180393MissingVersionsymbol in theThreeWayDiffobject with a boolean #188277POST /upgrade/_performAPI endpoint's contract and functionality #166376/upgrade/_performendpoint upgrade workflow #186544exceptions_list,authorandlicensefrom Diffable Rule #196213Rule upgrade, diff algorithms
concurrent_searchesanditems_per_searchfields diff algorithms #188061Fleet package with prebuilt rules
Changes hidden behind the feature flag
These are changes that will need to be hidden behind the
prebuiltRulesCustomizationEnabledfeature flag.Rule customization, UI changes
prebuiltRulesCustomizationEnabled#180130Rule upgrade, UI changes
Rule export and import, API and UI changes
Licensing
Telemetry
Before release
Bugs
Testing
Documentation
rule_sourceproperty for rules in the API schema (DRAFT) security-docs#5063Release
After release
Last changes after releasing the feature
prebuiltRulesCustomizationEnabledfeature flag #180272The text was updated successfully, but these errors were encountered: