Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] Create a mock for the Diff tab in rule preview flyout #166159

Closed
Tracked by #174167
nikitaindik opened this issue Sep 11, 2023 · 4 comments
Closed
Tracked by #174167
Assignees
Labels
8.12 candidate Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.

Comments

@nikitaindik
Copy link
Contributor

nikitaindik commented Sep 11, 2023

Epic: https://github.com/elastic/security-team/issues/1974 (internal)

Summary

Create a mockup for the Diff tab that shows the diff between a few types of fields:

  • fields related to query (Index patterns, Filters and Custom query)
  • long string (Investigation Guide)
  • array of strings (Tags)
  • complex object field (MITRE ATT&CK™)

We need to display the base version, the current version and the merge preview.

Ideally we want to reuse existing components from the Rule Details page (or modified versions of them) for read-only versions of a field (base and current) and components from Rule Creation page for the merged version.

User should be able to easily understand what was added / removed in the new version of a rule.

Query fields on the Rule Details page
Scherm­afbeelding 2023-09-21 om 11 52 50

Same query fields on the Rule Creation / Edit page
Scherm­afbeelding 2023-09-21 om 11 53 08

Note that currently query Language is only visible if you open a dropdown
Scherm­afbeelding 2023-09-21 om 11 53 24


Investigation Guide field on the Rule Details page
Scherm­afbeelding 2023-09-21 om 11 55 39

Investigation Guide field on the Rule Creation / Edit page
Scherm­afbeelding 2023-09-21 om 11 55 24


Tags field on the Rule Details page
Scherm­afbeelding 2023-09-21 om 11 57 15

Tags field on the Rule Creation / Edit page
Scherm­afbeelding 2023-09-21 om 11 47 29


MITRE ATT&CK™ field on the Rule Details page
Scherm­afbeelding 2023-09-21 om 11 59 46

MITRE ATT&CK™ field on the Rule Creation / Edit page
Scherm­afbeelding 2023-09-21 om 11 47 39

### Designs

Figma file

@nikitaindik nikitaindik self-assigned this Sep 11, 2023
@botelastic botelastic bot added the needs-team Issues missing a team label label Sep 11, 2023
@nikitaindik nikitaindik added the Team:Detection Rule Management Security Detection Rule Management Team label Sep 11, 2023
@botelastic botelastic bot removed the needs-team Issues missing a team label label Sep 11, 2023
@banderror banderror changed the title Research and design the display of the Diff tab in rule preview flyout [Security Solution] Research and design the display of the Diff tab in rule preview flyout Sep 12, 2023
@banderror banderror added Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area 8.11 candidate v8.11.0 labels Sep 12, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@banderror
Copy link
Contributor

Hey @ARWNightingale, I added you to the assignees because we will need your help with finalizing the designs for the Diff tab we're going to show in the Prebuilt rule upgrade flyout.

@nikitaindik Could you schedule a meeting for us three to sync on what needs to be done exactly and why? Also, @approksiu let us know if you'd like to join.

@nikitaindik nikitaindik changed the title [Security Solution] Research and design the display of the Diff tab in rule preview flyout [Security Solution] Create a mock for the Diff tab in rule preview flyout Sep 21, 2023
@banderror banderror assigned dplumlee and unassigned nikitaindik Oct 13, 2023
@banderror
Copy link
Contributor

banderror commented Jan 3, 2024

A link to the designs is in the description. There are initial designs for:

  • The Updates tab which will show per-field diffs using custom diff components.
  • A custom diff component for index patterns
  • A custom diff component for custom query
  • A custom diff component for setup guide
  • A custom diff component for MITRE ATT&CK™ mappings
  • A custom diff component for tags
  • A custom diff component for rule name
  • A custom diff component for filters

This is enough for the dev team to move forward. The plan is to first implement text-based per-field diffs (#166489) using the same mechanism used for showing JSON diff (#169160), and then get back to building custom diff components for those fields where it would significantly improve the UX. For example, such components could be related integrations or MITRE ATT&CK™ mappings.

Closing the ticket as done.

cc @dplumlee @ARWNightingale @approksiu

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
8.12 candidate Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Projects
None yet
Development

No branches or pull requests

5 participants