-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Implement UI for updating prebuilt rule to a new rule type (MVP) #180395
Comments
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
Pinging @elastic/security-solution (Team: SecuritySolution) |
Hey @jpdjere, some quick questions:
Thanks :) |
New fields (fields only existing in the target version but not in base or current versions) should be shown to the user, with their values set to whatever the target version (the update proposed by Elastic) has. An example, if a
This actually refers to a calculation that we would do in the backend: if we detect that the same field exists in the current and in the target rule, we would return as the proposed final version the value that is in the current version: i.e., maintain whatever values the user currently has for the rule, even if the target version has changed. So when the user opens up this upgrade workflow, we will propose to the user that all fields existing in both version will maintain their current values. (Option 1) Alternatively, we can think of this more like "bulk action" for the whole rule: instead of proposing the current value for the fields, as proposed above, we propose to use the new target version. BUT, we offer this clickable bulk action button which, when clicked, will replace the values of all fields that exist in both versions from their To clarify, let's see the example above, using the mechanisms described for Option 1 and Option 2. The Option 1
Option 2
I rather prefer Option 2. I think it makes more sense for the user that we offer them a calculated Proposed Final version in which the fields that exists in both current and target are updated to whatever Elastic is proposing, BUT giving them and easy, one-click way of restoring their current values into the Final version. FYI @approksiu @banderror to get your opinions. |
Not sure I fully understand your proposal @jpdjere. I think before we discuss UI patterns like "bulk actions" or anything like that, we should get a high-level understanding of what should be the overall behavior of a "rule upgrade to a new type, considering possible user customization in the current version". What do we allow, what do we not allow. The description suggests a list possibilities, but it needs review from the product side. Maybe we decide that we only allow to update to a target version, and that's it. I think it would be great to set up a meeting to brainstorm options, based on which @approksiu could write user stories for this feature. I can set up one. What do you think? |
Examples of the rule type changes on upgrade: |
Meeting discussion from 18-07-2024Participants: @approksiu @ARWNightingale @banderror @jpdjere
|
@jpdjere for the incoming update fields - do we allow users to edit them in the MVP? |
@approksiu Not sure if I'm understanding your question correctly but: no, in this MVP, the process will be "read-only". We'll display the new incoming fields as a diff with the current ones, but with no ability to edit them. Very similar to the current read-only update process. |
Epics: https://github.com/elastic/security-team/issues/1974 (internal), #174168
Design Discussion context: #178211
Design: Figma (internal)
Depends on: #180589, #190482 (not blocked by, but would make sense to address this one first)
Summary
Currently, we allow rule types to be changed by the TRADE team in the next version of a prebuilt rule. For backward compatibility, we will need to continue to support that. The problem is that the regular upgrade UI we will have (#171520) won't be suitable for handling rule type changes because different rule types can have incompatible rule fields.
If a rule has changed its type in the target version, during rule upgrade we should handle it with a dedicated UI for this edge case. Instead of the regular ThreeWayDiff component we should show another component in the same tab.
User story (MVP-focused)
Acceptance criteria
Designs
TBD @ARWNightingale
The text was updated successfully, but these errors were encountered: