Closed jpdjere closed 2 months ago
Pinging @elastic/security-solution (Team: SecuritySolution)
Pinging @elastic/security-detections-response (Team:Detections and Resp)
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)
@jpdjere @xcrzx Extracted bulk editing into https://github.com/elastic/kibana/issues/187706 and updated the description.
Epics: https://github.com/elastic/security-team/issues/1974 (internal), https://github.com/elastic/kibana/issues/174168
Summary
Implement calculation of
ruleSource.isCustomized
in all necessary endpoints that write theruleSource
field to prebuilt rules, and where fields can be customized, diverging from the base version from the Rule Asset.The calculation and saving of the field should be done in the following endpoints:
PUT /rules
PATCH /rules
PUT /rules/_bulk_update
PATCH /rules/_bulk_update
POST /rules/_import
POST /prebuilt_rules/upgrade/_perform
(Internal)Extracted to other tickets:
POST /rules/_bulk_action
: with action Edit rules actionBackground
Context from RFC:
isCustomized
field - see table with scenarios for calculation ofisCustomized
isCustomized
during bulk editing rulesisCustomized
when importing rules - see table with import scenarios and their respectiveisCustomized
calculationshttps://github.com/elastic/kibana/blob/269649a908745f7e06d5377f65a1afe99147332a/x-pack/plugins/security_solution/docs/rfcs/detection_response/prebuilt_rules_customization.md?plain=1#L559-L584
https://github.com/elastic/kibana/blob/b6e0f87900067d7ef6f69206a36226aee595867e/x-pack/plugins/security_solution/docs/rfcs/detection_response/prebuilt_rules_customization.md?plain=1#L817-L821