[Security Solution] Prebuilt rule installation / upgrade flyout (#163304

) **Addresses:** #162334 ## Summary This PR adds a flyout for viewing a prebuilt rule before installing or updating it. The flyout can be opened by clicking on a rule title within "Add Elastic Rules" page and within "Rule Updates" tab of the Rule Managament table. I plan to add tests and do minor visual tweaks after the FF. <img width="1269" alt="Screenshot 2023-08-14 at 03 59 30" src="https://github.com/elastic/kibana/assets/15949146/c8200ff8-fbe2-445a-a03e-3545ea77f750"> An additional goal of these changes was to create lightweight reusable components for rule details sections ("About", "Definition", "Schedule") and for rule properties, so that these can later be reused in other flyouts within the Security Solution, on MITRE ATT&CK™ overview page and potentially on the Rule Details page. These reusable section components are basically copy-pasted components from the Rule Details page that were refactored to remove the dependence from the form schema, ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [x] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [x] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [x] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
elastic · Aug 22, 2023 · 454f7ce · 454f7ce
1 parent 271d76f
commit 454f7ce
Show file tree

Hide file tree

Showing 24 changed files with 1,968 additions and 23 deletions.
diff --git a/...k/plugins/security_solution/common/api/detection_engine/model/rule_schema/rule_schemas.ts b/...k/plugins/security_solution/common/api/detection_engine/model/rule_schema/rule_schemas.ts
@@ -219,7 +219,7 @@ export const KqlQueryLanguage = t.keyof({ kuery: null, lucene: null });
 export type EqlQueryLanguage = t.TypeOf<typeof EqlQueryLanguage>;
 export const EqlQueryLanguage = t.literal('eql');
 
-const eqlSchema = buildRuleSchemas({
+export const eqlSchema = buildRuleSchemas({
   required: {
     type: t.literal('eql'),
     language: EqlQueryLanguage,
@@ -254,7 +254,7 @@ export const EqlPatchParams = eqlSchema.patch;
 // -------------------------------------------------------------------------------------------------
 // Indicator Match rule schema
 
-const threatMatchSchema = buildRuleSchemas({
+export const threatMatchSchema = buildRuleSchemas({
   required: {
     type: t.literal('threat_match'),
     query: RuleQuery,
@@ -305,7 +305,7 @@ export const ThreatMatchPatchParams = threatMatchSchema.patch;
 // -------------------------------------------------------------------------------------------------
 // Custom Query rule schema
 
-const querySchema = buildRuleSchemas({
+export const querySchema = buildRuleSchemas({
   required: {
     type: t.literal('query'),
   },
@@ -341,7 +341,7 @@ export const QueryPatchParams = querySchema.patch;
 // -------------------------------------------------------------------------------------------------
 // Saved Query rule schema
 
-const savedQuerySchema = buildRuleSchemas({
+export const savedQuerySchema = buildRuleSchemas({
   required: {
     type: t.literal('saved_query'),
     saved_id,
@@ -385,7 +385,7 @@ export const SavedQueryPatchParams = savedQuerySchema.patch;
 // -------------------------------------------------------------------------------------------------
 // Threshold rule schema
 
-const thresholdSchema = buildRuleSchemas({
+export const thresholdSchema = buildRuleSchemas({
   required: {
     type: t.literal('threshold'),
     query: RuleQuery,
@@ -420,7 +420,7 @@ export const ThresholdPatchParams = thresholdSchema.patch;
 // -------------------------------------------------------------------------------------------------
 // Machine Learning rule schema
 
-const machineLearningSchema = buildRuleSchemas({
+export const machineLearningSchema = buildRuleSchemas({
   required: {
     type: t.literal('machine_learning'),
     anomaly_threshold,
@@ -460,7 +460,7 @@ export const MachineLearningPatchParams = machineLearningSchema.patch;
 // -------------------------------------------------------------------------------------------------
 // New Terms rule schema
 
-const newTermsSchema = buildRuleSchemas({
+export const newTermsSchema = buildRuleSchemas({
   required: {
     type: t.literal('new_terms'),
     query: RuleQuery,

diff --git a/...mmon/api/detection_engine/prebuilt_rules/review_rule_upgrade/review_rule_upgrade_route.ts b/...mmon/api/detection_engine/prebuilt_rules/review_rule_upgrade/review_rule_upgrade_route.ts
@@ -28,6 +28,7 @@ export interface RuleUpgradeInfoForReview {
   id: RuleObjectId;
   rule_id: RuleSignatureId;
   rule: DiffableRule;
+  target_rule: DiffableRule;
   diff: PartialRuleDiff;
   revision: number;
 }