search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.81k stars 8.2k forks source link

[RAM] Properly display SIEM rule descriptions in rule details #139768

Open JiaweiWu opened 2 years ago

JiaweiWu commented 2 years ago

We ran into a bug (https://github.com/elastic/kibana/issues/138639) when we added rule definitions component to the rule details page in 8.4. We tried to access SIEM rule types stored in the triggers actions UI ruleTypeRegistry to render the rule type descriptions.

While investigating the bug linked above we noticed SIEM rules were never registered in the triggers actions UI ruleTypeRegistry. The difficulty here is that SIEM rules have dynamic rule descriptions stored in the rule params, unlike other rules with static rule type descriptions.

I think it would be worthwhile to think about if we should consider adding SIEM rules to the triggers actions UI ruleTypeRegistry despite these differences, or should we simply try to render the description from the rule params?

elasticmachine commented 2 years ago

Pinging @elastic/response-ops (Team:ResponseOps)