Open maximpn opened 14 hours ago
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)
Pinging @elastic/security-solution (Team: SecuritySolution)
Pinging @elastic/security-detections-response (Team:Detections and Resp)
Summary
Users can't upgrade Elastic rules without customizations but with rule type change rule update preview flyout.
Steps to reproduce:
Okta User Sessions Started from Different Geolocations
rule in rule update preview flyoutRule type change
warning messageUpdate rule
button in table row or by bulk upgradingExpected behavior: The rule gets upgraded
Actual behavior: Rule is upgradable only from the rule update preview flyout
Screenshots (if relevant):
Setup the environment
Ensure the
prebuiltRulesCustomizationEnabled
feature flag is enabledAllow internal APIs via adding
server.restrictInternalApis: false
tokibana.dev.yaml
Clear Elasticsearch data
Run Elasticsearch and Kibana locally (do not open Kibana in a web browser)
Install an outdated version of the
security_detection_engine
Fleet packageInstall prebuilt rules