Open xcrzx opened 1 month ago
Pinging @elastic/security-solution (Team: SecuritySolution)
Pinging @elastic/security-detections-response (Team:Detections and Resp)
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)
@nikitaindik I also noticed that we don't provide correct APM spans inside our client. We need to wrap every client method in withSecuritySpan
with a corresponding name. See how that's implemented in the prebuilt rule assets client:
Opened a PR that renames rulesManagementClient
to detectionRulesClient
.
Hey @xcrzx! I've just changed the assignee to you since you are taking over the leftover work.
Epics: https://github.com/elastic/security-team/issues/1974 (internal), https://github.com/elastic/kibana/issues/174168 Follow-up to: https://github.com/elastic/kibana/issues/180128
Summary
We need to finalize the
DetectionRulesClient
(formerly known asRulesManagementClient
) refactoring and address the remaining comments left after the initial PR: https://github.com/elastic/kibana/pull/182802.PR 1 (merged)
DetectionRulesClient
PR 2 (merged)
withSecuritySpan
(comment)_
) outside of the main client implementation for better code readability.PR 3 (merged)
DetectionRulesClient
containing directory fromrule_management
todetection_rules_client
DetectionRulesClient
methods into thedetection_rules_client/methods
dirDetectionRulesClient
into a separate filedetection_rules_client_interface.ts
importRule
method parametersgetDetectionRulesClient
PR 4 (merged)
PrebuiltRuleAsset
type withRuleCreateProps
andRulePatchProps
inupgradePrebuiltRule
andcreatePrebuiltRule
RuleAlertType
fromRulesManagementClient
(see this comment). Transition to returningRuleResponse
for these methods:createCustomRule
andcreatePrebuiltRule
PR 5 (merged)
RuleAlertType
fromRulesManagementClient
(see this comment). Transition to returningRuleResponse
for the remaining methods:updateRule
,patchRule
,deleteRule
,upgradePrebuiltRule
andimportRule
.toggleRuleEnabledOnUpdate
returnenabled
and then use it in return valueupgradePrebuiltRule
enable behaviour - there might be a bug (place in code). Check if we need to explicitly toggle "enabled" on upgrade.High priority
rule_management/normalization/rule_converters
) inside the new rules management client. Check how the converters are used outside the client to see if we can encapsulate them inside the client.Low priority
getIdError
inDetectionRulesClient
. PerhapsfindRuleById
can be used instead.createBulkErrorObject
since we don't deal with bulk operations in the client.upgradePrebuiltRule
duplicateRule
method?toggleRuleEnabledOnUpdate
(comment)RuleResponse
and throws an error into a function (comment)