[Security Solution] Implement number diff algorithm #180160
Comments
jpdjere
added
triage_needed
Team:Detections and Resp
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
banderror
changed the title
banderror
changed the title
|
Here are the proposed fields that would utilize this diff algorithm: Common fields
ML fields
Threat match fields
|
Since these are undocumented fields, I'd suggest excluding them from being shown in the UI. We can also skip calculating the diff for these fields and always use the target version if it doesn't match the current. |
|
@xcrzx Makes sense to me, I'll remove them in the proposal here but note both of them for edge cases In which case the final proposed fields that would utilize this diff algorithm would be: Common fields
ML fields
|
|
@dplumlee @xcrzx According to #180393:
The final proposal LGTM ✅ |
) ## Summary Completes related tickets: #180160 and #180158 Switches fields to use the diff algorithms assigned to them in the related tickets Adds integration tests in accordance to #184484 for the `upgrade/_review` API endpoint for the simple diff algorithm. Also changes logic in the `upgrade/_review` API endpoint to return user customized fields in the diffs even if there was not an update for that field. This new logic is described in #180154. We filter out the fields that fall under this new logic so that they are only returned from the API but not displayed in the per-field rule diff flyout as the current UI cannot support them. They are utilized in testing logic and will be implemented in the UI at a later date ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Kibana Machine <[email protected]>
Epics: https://github.com/elastic/security-team/issues/1974 (internal), #174168
Summary
Implement an algorithm for diffing and merging changes in number type of fields of detection rules.
Context from the Rule Customization RFC:
To do
upgrade/_reviewendpoint.The text was updated successfully, but these errors were encountered: