[Security Solution] Handle conflicting rules in the Rule Upgrade table

[jpdjere]

Epics: https://github.com/elastic/security-team/issues/1974 (internal), https://github.com/elastic/kibana/issues/174168 Design Discussion context: https://github.com/elastic/kibana/issues/178211 Design: ?

Summary

The goal is to update the rules management table to handle conflicts during the rule upgrade workflow more effectively. Below are the key changes and improvements:

1. Upgrade All Button Behavior:

   • The "Upgrade All" button should now only upgrade rules that do not contain conflicts. The system should automatically exclude rules with conflicts from the upgrade process.
   • The UI needs to be updated to clearly communicate this to users, ensuring they understand that only conflict-free rules will be upgraded when using this option.

2. Bulk Upgrade Action:

   • When users select multiple rules for a bulk upgrade, only those without conflicts should be upgraded. The system should automatically exclude rules with conflicts from the upgrade process.
   • If a user selects rules that include conflicts, a modal window should appear (similar to the one used during bulk edits). This modal will inform the user that some selected rules contain conflicts and cannot be upgraded in bulk. The user will then be prompted to proceed with upgrading only the rules without conflicts.

3. Reviewing Conflicts:

   • Rules that contain conflicts, including those with solvable conflicts, must be reviewed before they can be upgraded. Users need to open the upgrade preview, review the proposed changes, and then decide whether to accept or decline the changes.
   • The option to upgrade individual rules directly from the rules management table should be disabled for rules that have conflicts. Users must review the conflicts through the upgrade preview before proceeding with any upgrade.

This update aims to enhance the user experience by ensuring that conflict handling during rule upgrades is clear, intuitive, and prevents errors or unintended consequences.

Details

• When saying "conflicts" above we mean both solvable and non-solvable conflicts. All of them should be excluded from bulk and single actions. Users will need to review such rules one-by-one using the Rule Upgrade flyout.
• The bulk and single upgrade actions mentioned above should be updated to upgrade rules to the MERGED version instead of the TARGET one.

[elasticmachine]

Pinging @elastic/security-detections-response (Team:Detections and Resp)

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

[jpdjere]

Hi @ARWNightingale

We have a pretty clear idea of the functionality that we want to implement in this ticket, as is described above. But we'd like some product/design input to answer the following questions:

• Where do we place this button? Should it replace our current "Upgrade all" button? (Should it be a button at all?)
• How do we explain to the user that only rules with 0 conflicts will be updated? A pre-confirmation modal? A tooltip? What text should we use?

This is the current Rule Updates table, with the "Update All" button at the top-right:

[banderror]

Hey @approksiu and @ARWNightingale, we updated the description based on the conversations we had in the last couple of days. Please review. We will need some designs for that one.