search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.81k stars 8.2k forks source link

[Security Solution] Users can Customize Prebuilt Detection Rules: Milestone 4 (DRAFT) #179907

Open banderror opened 6 months ago

banderror commented 6 months ago

Epic: https://github.com/elastic/security-team/issues/1974 (internal) Milestones: << • >>

Status: Draft.

Summary

Milestone 4: Improve prebuilt rule customization, upgrade, and installation UX.

This meta ticket is created to simplify tracking of various tickets related to the epic, and to make this public information so our users can track the progress.

Useful info:

Product and UX improvements

### Rule customization UX
- [ ] Show customized prebuilt rules in the Rules table. A customized rule should be marked with some indicator.
- [ ] Rule Details page: show what fields are customized and what are these customizations exactly (e.g. show a diff between the base and the current versions)
- [ ] Ability to reset customizations and revert back to the base version
- [ ] https://github.com/elastic/kibana/issues/183616
- [ ] Add BE-side validation for ESQL query field
- [ ] Add BE-side validation for EQL query field
- [ ] Add BE-side validation for KQL query field
### Rule installation and upgrade UX
- [ ] https://github.com/elastic/kibana/issues/160270
- [ ] https://github.com/elastic/kibana/issues/180396
- [ ] https://github.com/elastic/kibana/issues/186880
- [ ] Implement a preview of the applied changes in the Rule Upgrade Flyout and show it before calling the upgrade/_perform API endpoint
- [ ] https://github.com/elastic/kibana/issues/190500
### Rule upgrade, diff algorithms
- [ ] https://github.com/elastic/kibana/issues/180161
- [ ] https://github.com/elastic/kibana/issues/187660
- [ ] https://github.com/elastic/kibana/issues/190241
- [ ] https://github.com/elastic/kibana/issues/148191
### "Last Updated" field in the UI
- [ ] https://github.com/elastic/detection-rules/issues/2826
- [ ] https://github.com/elastic/kibana/issues/176286
- [ ] https://github.com/elastic/kibana/issues/174740
- [ ] https://github.com/elastic/kibana/issues/174767

Bugs

### Bugs: rule installation and upgrade
- [ ] https://github.com/elastic/kibana/issues/180196
- [ ] https://github.com/elastic/kibana/issues/177852
### Bugs: rule import and export
- [ ] https://github.com/elastic/kibana/issues/176207
- [ ] https://github.com/elastic/kibana/issues/177283
- [ ] https://github.com/elastic/kibana/issues/178221
- [ ] https://github.com/elastic/security-team/issues/8644
### Bugs: misc
- [ ] https://github.com/elastic/kibana/issues/183607
- [ ] https://github.com/elastic/kibana/issues/194275

Technical improvements and debt

### Schema migration from `immutable` to `rule_source`
- [ ] https://github.com/elastic/kibana/issues/187651
- [ ] https://github.com/elastic/kibana/issues/184113
- [ ] https://github.com/elastic/kibana/issues/180126
- [ ] https://github.com/elastic/kibana/issues/182573
- [ ] https://github.com/elastic/kibana/issues/180269
### Fleet package with prebuilt rules
- [ ] https://github.com/elastic/kibana/issues/187648
- [ ] https://github.com/elastic/kibana/issues/187649
- [ ] https://github.com/elastic/kibana/issues/187646
- [ ] https://github.com/elastic/package-spec/issues/351
### Refactoring
- [ ] https://github.com/elastic/kibana/issues/187656
- [ ] https://github.com/elastic/kibana/issues/180121
- [ ] https://github.com/elastic/kibana/issues/180164
### Tests
- [ ] https://github.com/elastic/kibana/issues/180451
- [ ] https://github.com/elastic/kibana/issues/166215
### Misc
elasticmachine commented 6 months ago

Pinging @elastic/security-solution (Team: SecuritySolution)

elasticmachine commented 6 months ago

Pinging @elastic/security-detections-response (Team:Detections and Resp)

elasticmachine commented 6 months ago

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)