elasticmachine
commented
6 months ago Pinging @elastic/security-solution (Team: SecuritySolution)
Closed jpdjere closed 2 months ago
elasticmachine
commented
6 months ago Pinging @elastic/security-solution (Team: SecuritySolution)
elasticmachine
commented
6 months ago Pinging @elastic/security-detections-response (Team:Detections and Resp)
elasticmachine
commented
6 months ago Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)
banderror
commented
3 months ago @jpdjere @xcrzx Extracted bulk editing into https://github.com/elastic/kibana/issues/187706 and updated the description.
Epics: https://github.com/elastic/security-team/issues/1974 (internal), https://github.com/elastic/kibana/issues/174168
Summary
Implement calculation of
ruleSource.isCustomizedin all necessary endpoints that write theruleSourcefield to prebuilt rules, and where fields can be customized, diverging from the base version from the Rule Asset.The calculation and saving of the field should be done in the following endpoints:
PUT /rulesPATCH /rulesPUT /rules/_bulk_updatePATCH /rules/_bulk_updatePOST /rules/_importPOST /prebuilt_rules/upgrade/_perform(Internal)Extracted to other tickets:
POST /rules/_bulk_action: with action Edit rules actionBackground
Context from RFC:
isCustomizedfield - see table with scenarios for calculation ofisCustomizedisCustomizedduring bulk editing rulesisCustomizedwhen importing rules - see table with import scenarios and their respectiveisCustomizedcalculationshttps://github.com/elastic/kibana/blob/269649a908745f7e06d5377f65a1afe99147332a/x-pack/plugins/security_solution/docs/rfcs/detection_response/prebuilt_rules_customization.md?plain=1#L559-L584
https://github.com/elastic/kibana/blob/b6e0f87900067d7ef6f69206a36226aee595867e/x-pack/plugins/security_solution/docs/rfcs/detection_response/prebuilt_rules_customization.md?plain=1#L817-L821