Closed maximpn closed 4 hours ago
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)
Pinging @elastic/security-solution (Team: SecuritySolution)
Pinging @elastic/security-detections-response (Team:Detections and Resp)
@maximpn I think this is expected, intentional behavior at this stage. It's not a high-impact bug.
When discussing with @approksiu and @xcrzx what would be the simplest and easiest to implement MVP solution, we came up with https://github.com/elastic/kibana/issues/180395. We should revisit and improve this UI as part of Milestone 4, here's a new ticket for that:
I'm gonna close this one. Feel free to reopen if anyone disagrees.
Summary
Users can't upgrade Elastic rules without customizations but with rule type change rule update preview flyout.
Steps to reproduce:
Okta User Sessions Started from Different Geolocations
rule in rule update preview flyoutRule type change
warning messageUpdate rule
button in table row or by bulk upgradingExpected behavior: The rule gets upgraded
Actual behavior: Rule is upgradable only from the rule update preview flyout
Screenshots (if relevant):
Setup the environment
Ensure the
prebuiltRulesCustomizationEnabled
feature flag is enabledAllow internal APIs via adding
server.restrictInternalApis: false
tokibana.dev.yaml
Clear Elasticsearch data
Run Elasticsearch and Kibana locally (do not open Kibana in a web browser)
Install an outdated version of the
security_detection_engine
Fleet packageInstall prebuilt rules