-
Notifications
You must be signed in to change notification settings - Fork 189
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prebuilt Rule Customization — JSON diff #4371
Closed
2 tasks done
Labels
Docset: ESS
Issues that apply to docs in the Stack release
Docset: Serverless
Issues for Serverless Security
Effort: Medium
Issues that take moderate but not substantial time to complete
Feature: Prebuilt rules
Feature: Rules
new-feature
Issues that should be labeled as new features in Release Notes
Priority: Medium
Issues that have relevance, but aren't urgent
Team: Detections/Response
Detections and Response
v8.12.0
Comments
joepeeples
added
Team: Detections/Response
Detections and Response
Feature: Rules
Feature: Prebuilt rules
Priority: Medium
Issues that have relevance, but aren't urgent
Effort: Medium
Issues that take moderate but not substantial time to complete
new-feature
Issues that should be labeled as new features in Release Notes
Docset: Serverless
Issues for Serverless Security
Docset: ESS
Issues that apply to docs in the Stack release
labels
Dec 4, 2023
11 tasks
nikitaindik
added a commit
to elastic/kibana
that referenced
this issue
Dec 8, 2023
…72535) ## Summary **Resolves: #169160 **Resolves: #166164 **Docs issue: elastic/security-docs#4371 This PR adds a new "Updates" tab to the prebuilt rules upgrade flyout. This tab shows a diff between the installed and updated rule JSON representations. <img width="1313" alt="Schermafbeelding 2023-12-05 om 02 48 37" src="https://github.com/elastic/kibana/assets/15949146/ec0f95c6-22c6-4ce6-a6cc-0ceee974c6f7"> ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] Functional changes are communicated to the Docs team. A ticket or PR is opened in https://github.com/elastic/security-docs. The following information is included: any feature flags used, affected environments (Serverless, ESS, or both). ([Docs issue](elastic/security-docs#4371)) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials ([Docs issue](elastic/security-docs#4371)) - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (will be added in a follow-up PR) - [ ] Functional changes are covered with a test plan and automated tests (will be added in a follow-up PR) - [x] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [x] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [x] This renders correctly on smaller devices using a responsive layout. (Doesn't look great on phone screen, because viewing diff requires a lot of horizontal space. Tablets are fine though.) - [x] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) - [x] Functional changes are hidden behind a feature flag. If not hidden, the PR explains why these changes are being implemented in a long-living feature branch. - [x] Comprehensive manual testing is done by two engineers: the PR author and one of the PR reviewers. Changes are tested in both ESS and Serverless. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Georgii Gorbachev <georgii.gorbachev@elastic.co>
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Dec 8, 2023
…astic#172535) ## Summary **Resolves: elastic#169160 **Resolves: elastic#166164 **Docs issue: elastic/security-docs#4371 This PR adds a new "Updates" tab to the prebuilt rules upgrade flyout. This tab shows a diff between the installed and updated rule JSON representations. <img width="1313" alt="Schermafbeelding 2023-12-05 om 02 48 37" src="https://github.com/elastic/kibana/assets/15949146/ec0f95c6-22c6-4ce6-a6cc-0ceee974c6f7"> ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] Functional changes are communicated to the Docs team. A ticket or PR is opened in https://github.com/elastic/security-docs. The following information is included: any feature flags used, affected environments (Serverless, ESS, or both). ([Docs issue](elastic/security-docs#4371)) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials ([Docs issue](elastic/security-docs#4371)) - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (will be added in a follow-up PR) - [ ] Functional changes are covered with a test plan and automated tests (will be added in a follow-up PR) - [x] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [x] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [x] This renders correctly on smaller devices using a responsive layout. (Doesn't look great on phone screen, because viewing diff requires a lot of horizontal space. Tablets are fine though.) - [x] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) - [x] Functional changes are hidden behind a feature flag. If not hidden, the PR explains why these changes are being implemented in a long-living feature branch. - [x] Comprehensive manual testing is done by two engineers: the PR author and one of the PR reviewers. Changes are tested in both ESS and Serverless. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Georgii Gorbachev <georgii.gorbachev@elastic.co> (cherry picked from commit e5a6b97)
kibanamachine
referenced
this issue
in elastic/kibana
Dec 8, 2023
…low (#172535) (#172957) # Backport This will backport the following commits from `main` to `8.12`: - [[Security Solution] JSON diff view for prebuilt rule upgrade flow (#172535)](#172535) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Nikita Indik","email":"nikita.indik@elastic.co"},"sourceCommit":{"committedDate":"2023-12-08T15:16:42Z","message":"[Security Solution] JSON diff view for prebuilt rule upgrade flow (#172535)\n\n## Summary\r\n\r\n**Resolves: https://github.com/elastic/kibana/issues/169160**\r\n**Resolves: https://github.com/elastic/kibana/issues/166164**\r\n**Docs issue: https://github.com/elastic/security-docs/issues/4371**\r\n\r\nThis PR adds a new \"Updates\" tab to the prebuilt rules upgrade flyout.\r\nThis tab shows a diff between the installed and updated rule JSON\r\nrepresentations.\r\n\r\n<img width=\"1313\" alt=\"Schermafbeelding 2023-12-05 om 02 48 37\"\r\nsrc=\"https://github.com/elastic/kibana/assets/15949146/ec0f95c6-22c6-4ce6-a6cc-0ceee974c6f7\">\r\n\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x] Functional changes are communicated to the Docs team. A ticket or\r\nPR is opened in https://github.com/elastic/security-docs. The following\r\ninformation is included: any feature flags used, affected environments\r\n(Serverless, ESS, or both). ([Docs\r\nissue](https://github.com/elastic/security-docs/issues/4371))\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials ([Docs\r\nissue](https://github.com/elastic/security-docs/issues/4371))\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios (will be added\r\nin a follow-up PR)\r\n- [ ] Functional changes are covered with a test plan and automated\r\ntests (will be added in a follow-up PR)\r\n- [x] Any UI touched in this PR is usable by keyboard only (learn more\r\nabout [keyboard accessibility](https://webaim.org/techniques/keyboard/))\r\n- [x] Any UI touched in this PR does not create any new axe failures\r\n(run axe in browser:\r\n[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),\r\n[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))\r\n- [x] This renders correctly on smaller devices using a responsive\r\nlayout. (Doesn't look great on phone screen, because viewing diff\r\nrequires a lot of horizontal space. Tablets are fine though.)\r\n- [x] This was checked for [cross-browser\r\ncompatibility](https://www.elastic.co/support/matrix#matrix_browsers)\r\n- [x] Functional changes are hidden behind a feature flag. If not\r\nhidden, the PR explains why these changes are being implemented in a\r\nlong-living feature branch.\r\n- [x] Comprehensive manual testing is done by two engineers: the PR\r\nauthor and one of the PR reviewers. Changes are tested in both ESS and\r\nServerless.\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by: Georgii Gorbachev <georgii.gorbachev@elastic.co>","sha":"e5a6b978b8eca4ac275b72e88415e2238315a241","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Detections and Resp","Team: SecuritySolution","release_note:feature","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","v8.12.0","v8.13.0"],"number":172535,"url":"https://github.com/elastic/kibana/pull/172535","mergeCommit":{"message":"[Security Solution] JSON diff view for prebuilt rule upgrade flow (#172535)\n\n## Summary\r\n\r\n**Resolves: https://github.com/elastic/kibana/issues/169160**\r\n**Resolves: https://github.com/elastic/kibana/issues/166164**\r\n**Docs issue: https://github.com/elastic/security-docs/issues/4371**\r\n\r\nThis PR adds a new \"Updates\" tab to the prebuilt rules upgrade flyout.\r\nThis tab shows a diff between the installed and updated rule JSON\r\nrepresentations.\r\n\r\n<img width=\"1313\" alt=\"Schermafbeelding 2023-12-05 om 02 48 37\"\r\nsrc=\"https://github.com/elastic/kibana/assets/15949146/ec0f95c6-22c6-4ce6-a6cc-0ceee974c6f7\">\r\n\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x] Functional changes are communicated to the Docs team. A ticket or\r\nPR is opened in https://github.com/elastic/security-docs. The following\r\ninformation is included: any feature flags used, affected environments\r\n(Serverless, ESS, or both). ([Docs\r\nissue](https://github.com/elastic/security-docs/issues/4371))\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials ([Docs\r\nissue](https://github.com/elastic/security-docs/issues/4371))\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios (will be added\r\nin a follow-up PR)\r\n- [ ] Functional changes are covered with a test plan and automated\r\ntests (will be added in a follow-up PR)\r\n- [x] Any UI touched in this PR is usable by keyboard only (learn more\r\nabout [keyboard accessibility](https://webaim.org/techniques/keyboard/))\r\n- [x] Any UI touched in this PR does not create any new axe failures\r\n(run axe in browser:\r\n[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),\r\n[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))\r\n- [x] This renders correctly on smaller devices using a responsive\r\nlayout. (Doesn't look great on phone screen, because viewing diff\r\nrequires a lot of horizontal space. Tablets are fine though.)\r\n- [x] This was checked for [cross-browser\r\ncompatibility](https://www.elastic.co/support/matrix#matrix_browsers)\r\n- [x] Functional changes are hidden behind a feature flag. If not\r\nhidden, the PR explains why these changes are being implemented in a\r\nlong-living feature branch.\r\n- [x] Comprehensive manual testing is done by two engineers: the PR\r\nauthor and one of the PR reviewers. Changes are tested in both ESS and\r\nServerless.\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by: Georgii Gorbachev <georgii.gorbachev@elastic.co>","sha":"e5a6b978b8eca4ac275b72e88415e2238315a241"}},"sourceBranch":"main","suggestedTargetBranches":["8.12"],"targetPullRequestStates":[{"branch":"8.12","label":"v8.12.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.13.0","labelRegex":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/172535","number":172535,"mergeCommit":{"message":"[Security Solution] JSON diff view for prebuilt rule upgrade flow (#172535)\n\n## Summary\r\n\r\n**Resolves: https://github.com/elastic/kibana/issues/169160**\r\n**Resolves: https://github.com/elastic/kibana/issues/166164**\r\n**Docs issue: https://github.com/elastic/security-docs/issues/4371**\r\n\r\nThis PR adds a new \"Updates\" tab to the prebuilt rules upgrade flyout.\r\nThis tab shows a diff between the installed and updated rule JSON\r\nrepresentations.\r\n\r\n<img width=\"1313\" alt=\"Schermafbeelding 2023-12-05 om 02 48 37\"\r\nsrc=\"https://github.com/elastic/kibana/assets/15949146/ec0f95c6-22c6-4ce6-a6cc-0ceee974c6f7\">\r\n\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x] Functional changes are communicated to the Docs team. A ticket or\r\nPR is opened in https://github.com/elastic/security-docs. The following\r\ninformation is included: any feature flags used, affected environments\r\n(Serverless, ESS, or both). ([Docs\r\nissue](https://github.com/elastic/security-docs/issues/4371))\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials ([Docs\r\nissue](https://github.com/elastic/security-docs/issues/4371))\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios (will be added\r\nin a follow-up PR)\r\n- [ ] Functional changes are covered with a test plan and automated\r\ntests (will be added in a follow-up PR)\r\n- [x] Any UI touched in this PR is usable by keyboard only (learn more\r\nabout [keyboard accessibility](https://webaim.org/techniques/keyboard/))\r\n- [x] Any UI touched in this PR does not create any new axe failures\r\n(run axe in browser:\r\n[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),\r\n[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))\r\n- [x] This renders correctly on smaller devices using a responsive\r\nlayout. (Doesn't look great on phone screen, because viewing diff\r\nrequires a lot of horizontal space. Tablets are fine though.)\r\n- [x] This was checked for [cross-browser\r\ncompatibility](https://www.elastic.co/support/matrix#matrix_browsers)\r\n- [x] Functional changes are hidden behind a feature flag. If not\r\nhidden, the PR explains why these changes are being implemented in a\r\nlong-living feature branch.\r\n- [x] Comprehensive manual testing is done by two engineers: the PR\r\nauthor and one of the PR reviewers. Changes are tested in both ESS and\r\nServerless.\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by: Georgii Gorbachev <georgii.gorbachev@elastic.co>","sha":"e5a6b978b8eca4ac275b72e88415e2238315a241"}}]}] BACKPORT--> Co-authored-by: Nikita Indik <nikita.indik@elastic.co>
Diff is currently being restyled via elastic/kibana#173187, might be available later today or tomorrow (pull down a daily SNAPSHOT?). Wait on screenshots. |
PRs are approved, docs are ready to publish. Serverless release targeted for week of Jan 2, 2024 (prob Jan 3 for Production-NonCanary). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Docset: ESS
Issues that apply to docs in the Stack release
Docset: Serverless
Issues for Serverless Security
Effort: Medium
Issues that take moderate but not substantial time to complete
Feature: Prebuilt rules
Feature: Rules
new-feature
Issues that should be labeled as new features in Release Notes
Priority: Medium
Issues that have relevance, but aren't urgent
Team: Detections/Response
Detections and Response
v8.12.0
Description
As part of Prebuilt Rule Customization, users will be able to view a diff of the JSON for updated prebuilt rules, giving them visibility into how each rule is changing when Elastic sends out updated rules.
Docs PRs
Background & resources
Which documentation set does this change impact?
ESS and serverless
ESS release
8.12 — probably available around BC3
Serverless release
Approx week of Dec 18, 2023Week of Jan 2, 2024 (prob Jan 3 for Production-NonCanary)
Feature differences
No differences between ESS and Serverless
API docs impact
No impact
Prerequisites, privileges, feature flags
No restrictions on subscription tiers or role privileges to use this feature
Feature flag name:
jsonPrebuiltRulesDiffingEnabled
(false by default)The feature will be merged with a feature flag to hide it until ready for release. Engineering will un-hide the feature and continue supporting the flag for a short time, but users aren't expected to engage with the flag and so it doesn't need to be documented.
The text was updated successfully, but these errors were encountered: