[SIEM] Fixes UX issues around prebuilt ML Rules

[spong]

Summary

This PR fixes a number of UX issues around the new prebuilt machine_learning rules when the user does not have the necessary permissions to manage the backing ML Job. Along with #62383, this ensures there is adequate information for the user determine if a rule is not working because the backing job is not running (and helping to prevent this from occurring). This also includes some requested copy changes, including:

• Renames Anomaly Detection dropdown to ML job settings

• Updates copy in ML job settings dropdown

• Only shows ML job settings UI when on /detections/ routes

All Rules Changes

• Disables the activate switch if user does not have permission to enable/disable jobs

• Adds warning toast when attempting to activate via bulk actions (if user does not have permission to enable/disable jobs)

Rule Details Changes

• Machine Learning job link now links to ML App with table filtered to the relevant job

• Disables the activate switch if user does not have permission to enable/disable jobs

Create/Edit Rule Changes

• If the job selected is not running, a warning will be displayed to remind the user to enable the job before running the rule. cc @benskelker @MikePaquette -- this okay copy here?

Resolves https://github.com/elastic/siem-team/issues/575
Resolves https://github.com/elastic/siem-team/issues/519

Checklist

Delete any items that are not applicable to this PR.

• Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
• Documentation was added for features that require explanation or tutorials
  • Scheduled time with @benskelker to update docs -- see [Docs][SIEM] 7.7 detection rule updates stack-docs#974
• Unit or functional tests were updated or added to match the most common scenarios

[elasticmachine]

Pinging @elastic/siem (Team:SIEM)

[MikePaquette]

great fix @spong, I've suggested a couple minor changes to the default message text to be more consistent with the ML job settings and rule activation.

and

[FrankHassanabad]

You're fine if you want to stop users without privileges from turning off a ML rule I would assume, but the danger here is that if they run out of a trial license they can't turn it off.

But...They can still delete it. Up to you and UI/UX on what to do, just pointing out that the permissions are a bit funny that you can still delete it ;-) but you can't turn it off. Just mentioning.

I would probably make it so they can disable it if it's already enabled and they have run out of their license if that's not too tricky.

Also, you can export and enable it and then import it and that will turn it on but very doubtful anyone would do that. Just mentioning that corner case.

[rylnd]

Also, you can export and enable it and then import it and that will turn it on but very doubtful anyone would do that. Just mentioning that corner case.

@FrankHassanabad as of #61023 that shouldn't be possible; we prevent ML Rules from being imported if there's an insufficient license.

Edit: If the license is still valid, an ML non-admin could perform the export/import trick, and API users could also create/update/activate ML Rules irrespective of their ML capabilities. #62532

[rylnd]

Couple of questions, but please use isMlRule instead of checking against our magic string.

[FrankHassanabad]

Thanks for taking all the feedback and the extra energy on all the tests.

This is a great example of balancing between deadlines, real world code written by several people, tech debt, and taking in feedback.

All in a day's worth of work!

Everyone appreciates it.

LgTm :-)

[spong]

@elasticmachine merge upstream

[rylnd]

Could use isMlRule here but we can fix that next time we're here.

[spong]

I had left that one and instead added the RuleDetails component to our list of tech debt since there is so much branching on null in that file. It's due for some TLC... 😅

[rylnd]

Newest copy looks good, thanks!

[kibanamachine]

💚 Build Succeeded

• continuous-integration/kibana-ci/pull-request
• Commit: 87a1f09

History

• 💚 Build #38978 succeeded 87a1f09
• 💚 Build #38629 succeeded c6ea004
• 💚 Build #38316 succeeded cb23f69

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

[marrasherrier]

From slack conversation:

Screen Recording 2020-04-14 at 9.31.41 AM.mov.zip

@spong:
The only thing I'm wondering about is with the anomalies table, and what logic we'll use to show the empty view. I think no jobs running + no data is probably the best bet. And of course if no permissions, whatever placeholder upsell/talk to your admin copy we want.

If there is anomaly data do show, will the button to enable jobs still be present (top right maybe?)

[marrasherrier]

@spong what do you mean by "no jobs running + no data is probably the best bet?"

I will update designs to include these 3 use cases:

• anamoly data present
• no anamoly data (because no persmissions)
• no anamoly data (because no jobs + no data)

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)