[Security Solution] Support filtering by "custom", "prebuilt customized", and "prebuilt non-customized"

jpdjere commented 6 months ago

Epics: https://github.com/elastic/security-team/issues/1974 (internal), https://github.com/elastic/kibana/issues/174168 Design Discussion context: https://github.com/elastic/kibana/issues/178211

Summary

Support filtering by "custom", "prebuilt customized", and "prebuilt non-customized" in the Rules Management table
Add an additional button to the filter that currently has two options (Elastic and Custom rules).
The three filter buttons should now be:
- Custom rules: immutable: false
- Elastic rules: immutable: true and rule_source.is_customized: false (or rule_source is undefined)
- Elastic customized rules: immutable: true and rule_source.is_customized: true
The filtered rule groups should be mutually exclusive and should sum up to the total amount if installed rules.

elasticmachine commented 6 months ago

Pinging @elastic/security-detections-response (Team:Detections and Resp)

elasticmachine commented 6 months ago

Pinging @elastic/security-solution (Team: SecuritySolution)

elasticmachine commented 6 months ago

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

nikitaindik commented 3 months ago

Transitioning this back in "Todo" as I need to switch to another ticket.

Here's some info for future reference. I came up with this KQL query to filter by "prebuilt non-customized":

(alert.attributes.params.immutable: true AND NOT alert.attributes.params.ruleSource.isCustomized: *) OR alert.attributes.params.ruleSource.isCustomized: false

elastic / kibana

[Security Solution] Support filtering by "custom", "prebuilt customized", and "prebuilt non-customized" #180169

Summary