Skip to content

Manual rule run from rule details and rules table (#9327)#184500

Merged
e40pud merged 26 commits intoelastic:mainfrom
e40pud:security/feature/9327-manual-rule-run
Jun 11, 2024
Merged

Manual rule run from rule details and rules table (#9327)#184500
e40pud merged 26 commits intoelastic:mainfrom
e40pud:security/feature/9327-manual-rule-run

Conversation

@e40pud
Copy link
Contributor

@e40pud e40pud commented May 30, 2024
edited
Loading

Summary

Main ticket https://github.com/elastic/security-team/issues/9327

With this changes we introduce the way to schedule rule run manually. There are two ways to do that in UI:

  1. Via "All actions" button on rules management page
  2. Via "All actions" button on rule's details page

NOTES:

  1. To be able to test these changes, you need to enable feature flag manualRuleRunEnabled first
  2. Bulk action will be part of a separate ticket/PR

RECORDING:

Screen.Recording.2024-05-30.at.11.51.16.mov

Checklist

Delete any items that are not applicable to this PR.

@e40pud e40pud added Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. release_note:feature Makes this part of the condensed release notes Team:Detection Engine Security Solution Detection Engine Area labels May 30, 2024
@e40pud e40pud self-assigned this May 30, 2024
@e40pud
Copy link
Contributor Author

e40pud commented May 30, 2024

/ci

@e40pud
Copy link
Contributor Author

e40pud commented May 30, 2024

/ci

@e40pud
Copy link
Contributor Author

e40pud commented May 30, 2024

/ci

@e40pud e40pud marked this pull request as ready for review May 30, 2024 14:22
@e40pud e40pud requested review from a team as code owners May 30, 2024 14:22
@e40pud e40pud requested review from dplumlee and rylnd May 30, 2024 14:22
@elasticmachine
Copy link
Contributor

elasticmachine commented May 30, 2024

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

elasticmachine commented May 30, 2024

Pinging @elastic/security-detection-engine (Team:Detection Engine)

@e40pud e40pud requested a review from ymao1 May 30, 2024 14:23
@kibanamachine
Copy link
Contributor

kibanamachine commented May 31, 2024

Flaky Test Runner Stats

🟠 Some tests failed. - kibana-flaky-test-suite-runner#6174

[✅] Security Solution Rule Management - Cypress: 50/50 tests passed.
[✅] Security Solution Detection Engine - Cypress: 50/50 tests passed.
[✅] [Serverless] Security Solution Rule Management - Cypress: 50/50 tests passed.
[❌] [Serverless] Security Solution Detection Engine - Cypress: 24/50 tests passed.

see run history

@e40pud e40pud requested review from a team as code owners June 3, 2024 12:41
@e40pud
Copy link
Contributor Author

e40pud commented Jun 3, 2024

@elasticmachine merge upstream

@e40pud
Copy link
Contributor Author

e40pud commented Jun 3, 2024

@elasticmachine merge upstream

@kibanamachine
Copy link
Contributor

kibanamachine commented Jun 8, 2024

Flaky Test Runner Stats

🎉 All tests passed! - kibana-flaky-test-suite-runner#6243

[✅] Security Solution Rule Management - Cypress: 100/100 tests passed.
[✅] [Serverless] Security Solution Rule Management - Cypress: 100/100 tests passed.

see run history

@kibanamachine
Copy link
Contributor

kibanamachine commented Jun 8, 2024

Flaky Test Runner Stats

🟠 Some tests failed. - kibana-flaky-test-suite-runner#6244

[✅] Security Solution Detection Engine - Cypress: 100/100 tests passed.
[❌] [Serverless] Security Solution Detection Engine - Cypress: 66/100 tests passed.

see run history

@e40pud
Copy link
Contributor Author

e40pud commented Jun 9, 2024

@elasticmachine merge upstream

@kibanamachine
Copy link
Contributor

kibanamachine commented Jun 9, 2024

Flaky Test Runner Stats

🎉 All tests passed! - kibana-flaky-test-suite-runner#6257

[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_gaps/trial_license_complete_tier/configs/ess.config.ts: 100/100 tests passed.
[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_gaps/trial_license_complete_tier/configs/serverless.config.ts: 100/100 tests passed.

see run history

@kibanamachine
Copy link
Contributor

kibanamachine commented Jun 10, 2024

Flaky Test Runner Stats

🟠 Some tests failed. - kibana-flaky-test-suite-runner#6255

[❌] Security Solution Rule Management - Cypress: 74/100 tests passed.
[✅] [Serverless] Security Solution Rule Management - Cypress: 100/100 tests passed.

see run history

@e40pud
Copy link
Contributor Author

e40pud commented Jun 10, 2024

@elasticmachine merge upstream

@e40pud
Copy link
Contributor Author

e40pud commented Jun 10, 2024

@elasticmachine merge upstream

@kibanamachine
Copy link
Contributor

kibanamachine commented Jun 10, 2024

Flaky Test Runner Stats

🟠 Some tests failed. - kibana-flaky-test-suite-runner#6256

[✅] Security Solution Detection Engine - Cypress: 100/100 tests passed.
[❌] [Serverless] Security Solution Detection Engine - Cypress: 69/100 tests passed.

see run history

@e40pud
Copy link
Contributor Author

e40pud commented Jun 10, 2024

@elasticmachine merge upstream

@kibanamachine
Copy link
Contributor

kibanamachine commented Jun 10, 2024

Flaky Test Runner Stats

🎉 All tests passed! - kibana-flaky-test-suite-runner#6263

[✅] Security Solution Rule Management - Cypress: 100/100 tests passed.
[✅] [Serverless] Security Solution Rule Management - Cypress: 100/100 tests passed.

see run history

@e40pud
Copy link
Contributor Author

e40pud commented Jun 10, 2024

@elasticmachine merge upstream

@e40pud
Copy link
Contributor Author

e40pud commented Jun 11, 2024

@elasticmachine merge upstream

@kibana-ci
Copy link

kibana-ci commented Jun 11, 2024

💚 Build Succeeded

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 5500 5505 +5

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id before after diff
alerting 836 837 +1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 13.6MB 13.6MB +7.0KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
alerting 25.0KB 25.1KB +99.0B
Unknown metric groups

API count

id before after diff
alerting 868 869 +1

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @e40pud

vitaliidm
vitaliidm approved these changes Jun 11, 2024
View reviewed changes
Copy link
Contributor

@vitaliidm vitaliidm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for addressing feedback.

Looks like Cypress tests still a bit unstable

@e40pud e40pud merged commit 4392ee8 into elastic:main Jun 11, 2024
@kibanamachine kibanamachine added v8.15.0 backport:skip This PR does not require backporting labels Jun 11, 2024
@kibanamachine
Copy link
Contributor

kibanamachine commented Jun 12, 2024

Flaky Test Runner Stats

🟠 Some tests failed. - kibana-flaky-test-suite-runner#6280

[❌] Security Solution Detection Engine - Cypress: 74/100 tests passed.
[❌] [Serverless] Security Solution Detection Engine - Cypress: 99/100 tests passed.

see run history

@e40pud e40pud mentioned this pull request Jun 17, 2024
Merged
@nkhristinin nkhristinin mentioned this pull request Jun 18, 2024
Merged
e40pud added a commit that referenced this pull request Jun 21, 2024
@e40pud @kibanamachine
Failing test: Jest Tests.x-pack/plugins/security_solution/public/dete…
6d94d89 
…ction_engine/rule_gaps/components/manual_rule_run - ManualRuleRunModal should render confirmation button disabled if selected end date is in future (#186189) (#186296)

## Summary

Related tickets #186189 and
#186187, and
#186188

Attempt to fix failing manual rule run tests added in this PR
#184500

---------

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
bhapas pushed a commit to bhapas/kibana that referenced this pull request Jun 24, 2024
@e40pud @kibanamachine @bhapas
Failing test: Jest Tests.x-pack/plugins/security_solution/public/dete…
849fcb4 
…ction_engine/rule_gaps/components/manual_rule_run - ManualRuleRunModal should render confirmation button disabled if selected end date is in future (elastic#186189) (elastic#186296)

## Summary

Related tickets elastic#186189 and
elastic#186187, and
elastic#186188

Attempt to fix failing manual rule run tests added in this PR
elastic#184500

---------

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
nkhristinin added a commit that referenced this pull request Jul 2, 2024
@nkhristinin @kibanamachine @elasticmachine
Telemetry for manual rule run (#186364)
32e7bf9 
## Summary

report following events:
- open modal window for manual rule run
- execute manual rule run + save time range in ms
- cancel backfill job
- filter in event log by run type
- show source event date range

Epic - elastic/security-team#2840

### How to test
enable feature flag - `manualRuleRunEnabled`

You can see feature demo here -
#184500

Check that events appears here after some time -
https://telemetry-v2-staging.elastic.dev/s/securitysolution/app/r/s/7YYlg

---------

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rylnd rylnd rylnd approved these changes

@jbudz jbudz jbudz approved these changes

@ymao1 ymao1 ymao1 approved these changes

@MadameSheema MadameSheema MadameSheema approved these changes

@dplumlee dplumlee dplumlee approved these changes

@vitaliidm vitaliidm vitaliidm approved these changes

Assignees

@e40pud e40pud

Labels

backport:skip This PR does not require backporting release_note:feature Makes this part of the condensed release notes Team:Detection Engine Security Solution Detection Engine Area Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.15.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

10 participants

@e40pud @elasticmachine @kibanamachine @kibana-ci @rylnd @jbudz @ymao1 @MadameSheema @dplumlee @vitaliidm