[Security Solution] Implement query fields diff algorithms - Githubissues

elastic / kibana

Your window into the Elastic Stack

https://www.elastic.co/products/kibana

Other

19.48k stars 8.04k forks source link

[Security Solution] Implement query fields diff algorithms #187658

Open banderror opened 4 days ago

banderror commented 4 days ago

Epics: https://github.com/elastic/security-team/issues/1974 (internal), https://github.com/elastic/kibana/issues/174168

Summary

Implement algorithms for diffing and merging changes in RuleKqlQuery, RuleEqlQuery, and RuleEsqlQuery types of fields. It should be applied to:

https://github.com/elastic/kibana/blob/1040bae64087e2d8fb6a4ef77b93b731b74b8d27/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts#L119

https://github.com/elastic/kibana/blob/1040bae64087e2d8fb6a4ef77b93b731b74b8d27/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts#L131

https://github.com/elastic/kibana/blob/1040bae64087e2d8fb6a4ef77b93b731b74b8d27/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts#L143

https://github.com/elastic/kibana/blob/1040bae64087e2d8fb6a4ef77b93b731b74b8d27/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts#L157

https://github.com/elastic/kibana/blob/1040bae64087e2d8fb6a4ef77b93b731b74b8d27/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts#L168

https://github.com/elastic/kibana/blob/1040bae64087e2d8fb6a4ef77b93b731b74b8d27/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts#L185

https://github.com/elastic/kibana/blob/1040bae64087e2d8fb6a4ef77b93b731b74b8d27/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts#L207

Context from the Rule Customization RFC:

Concrete field diff algorithms by type

To do

[ ] Step 1 (separate PR)
- [ ] Implement the algorithm and cover it with unit tests.
[ ] Step 2 (separate PR)
- [ ] Apply the algorithm to the corresponding rule fields. It will become used in the upgrade/_review endpoint.
- [ ] Write a test plan covering rule upgrade scenarios for the fields to which the algorithm has been applied.
- [ ] Add test coverage according to the test plan (integration tests, primarily?).

elasticmachine commented 4 days ago

Pinging @elastic/security-solution (Team: SecuritySolution)

elasticmachine commented 4 days ago

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

elasticmachine commented 4 days ago

Pinging @elastic/security-detections-response (Team:Detections and Resp)