From 0eb01bd49488e3c4f9376a8c08ea96d94e03245d Mon Sep 17 00:00:00 2001 From: Yara Tercero Date: Mon, 7 Oct 2024 14:01:51 -0700 Subject: [PATCH 1/5] removing technical preview for certain rule types of alert suppression --- .../common/detection_engine/constants.ts | 9 ++++++++- .../common/detection_engine/utils.test.ts | 8 ++++---- .../components/step_define_rule/translations.tsx | 8 ++++---- 3 files changed, 16 insertions(+), 9 deletions(-) diff --git a/x-pack/plugins/security_solution/common/detection_engine/constants.ts b/x-pack/plugins/security_solution/common/detection_engine/constants.ts index 7057e3c8b3091..b7b30e32d8e7a 100644 --- a/x-pack/plugins/security_solution/common/detection_engine/constants.ts +++ b/x-pack/plugins/security_solution/common/detection_engine/constants.ts @@ -51,4 +51,11 @@ export const SUPPRESSIBLE_ALERT_RULES: Type[] = [ 'machine_learning', ]; -export const SUPPRESSIBLE_ALERT_RULES_GA: Type[] = ['saved_query', 'query']; +export const SUPPRESSIBLE_ALERT_RULES_GA: Type[] = [ + 'threshold', + 'esql', + 'saved_query', + 'query', + 'new_terms', + 'threat_match', +]; diff --git a/x-pack/plugins/security_solution/common/detection_engine/utils.test.ts b/x-pack/plugins/security_solution/common/detection_engine/utils.test.ts index a4db006a67463..3d9df9eccd1ab 100644 --- a/x-pack/plugins/security_solution/common/detection_engine/utils.test.ts +++ b/x-pack/plugins/security_solution/common/detection_engine/utils.test.ts @@ -250,14 +250,14 @@ describe('Alert Suppression Rules', () => { test('should return true for rule type suppression in global availability', () => { expect(isSuppressionRuleInGA('saved_query')).toBe(true); expect(isSuppressionRuleInGA('query')).toBe(true); + expect(isSuppressionRuleInGA('esql')).toBe(true); + expect(isSuppressionRuleInGA('threshold')).toBe(true); + expect(isSuppressionRuleInGA('threat_match')).toBe(true); + expect(isSuppressionRuleInGA('new_terms')).toBe(true); }); test('should return false for rule type suppression in tech preview', () => { expect(isSuppressionRuleInGA('machine_learning')).toBe(false); - expect(isSuppressionRuleInGA('esql')).toBe(false); - expect(isSuppressionRuleInGA('threshold')).toBe(false); - expect(isSuppressionRuleInGA('threat_match')).toBe(false); - expect(isSuppressionRuleInGA('new_terms')).toBe(false); expect(isSuppressionRuleInGA('eql')).toBe(false); }); }); diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/translations.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/translations.tsx index 7d7bb9c4a9253..b212aa7c67dd4 100644 --- a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/translations.tsx +++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/translations.tsx @@ -205,15 +205,15 @@ export const THRESHOLD_SUPPRESSION_PER_RULE_EXECUTION_WARNING = i18n.translate( export const getEnableThresholdSuppressionLabel = (fields: string[] | undefined) => fields?.length ? ( {fields.join(', ')} }} /> ) : ( i18n.translate( - 'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionLabel', + 'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ga.enableThresholdSuppressionLabel', { - defaultMessage: 'Suppress alerts (Technical Preview)', + defaultMessage: 'Suppress alerts', } ) ); From 7cd962313749e20dcebc4507a985e1c44be5a4bf Mon Sep 17 00:00:00 2001 From: Yara Tercero Date: Tue, 8 Oct 2024 07:42:42 -0700 Subject: [PATCH 2/5] remove unused i18n --- x-pack/plugins/translations/translations/fr-FR.json | 2 -- x-pack/plugins/translations/translations/ja-JP.json | 2 -- x-pack/plugins/translations/translations/zh-CN.json | 2 -- 3 files changed, 6 deletions(-) diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json index b3e9fce911ab2..15b4f705f778a 100644 --- a/x-pack/plugins/translations/translations/fr-FR.json +++ b/x-pack/plugins/translations/translations/fr-FR.json @@ -36160,8 +36160,6 @@ "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredEmptyError": "Toutes les correspondances requièrent un champ et un champ d'index des menaces.", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredError": "Au moins une correspondance d'indicateur est requise.", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.dataViewSelectorFieldRequired": "Veuillez sélectionner une vue des données ou un modèle d'index disponible.", - "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionForFieldsLabel": "Supprimer les alertes par champs sélectionnés : {fieldsString} (version d'évaluation technique)", - "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionLabel": "Supprimer les alertes (version d'évaluation technique)", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.EqlQueryBarLabel": "Requête EQL", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlQueryFieldRequiredError": "Une requête EQL est requise.", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlSequenceSuppressionDisableText": "La suppression n'est pas prise en charge pour les requêtes de séquence EQL.", diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index b6d7a0a2c92c7..aa6a249cf90f3 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -35903,8 +35903,6 @@ "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredEmptyError": "すべての一致には、フィールドと脅威インデックスフィールドの両方が必要です。", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredError": "1 つ以上のインジケーター一致が必要です。", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.dataViewSelectorFieldRequired": "使用可能なデータビューまたはインデックスパターンを選択してください。", - "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionForFieldsLabel": "選択したフィールドでアラートを非表示:{fieldsString}(テクニカルプレビュー)", - "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionLabel": "アラートを抑制(テクニカルプレビュー)", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.EqlQueryBarLabel": "EQL クエリ", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlQueryFieldRequiredError": "EQLクエリは必須です。", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlSequenceSuppressionDisableText": "EQLシーケンスクエリでは抑制はサポートされていません。", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index 8aa856352f83a..8ace5ebaaa247 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -35948,8 +35948,6 @@ "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredEmptyError": "所有匹配项都需要字段和威胁索引字段。", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredError": "至少需要一个指标匹配。", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.dataViewSelectorFieldRequired": "请选择可用的数据视图或索引模式。", - "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionForFieldsLabel": "选定字段阻止告警:{fieldsString}(技术预览)", - "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionLabel": "阻止告警(技术预览)", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.EqlQueryBarLabel": "EQL 查询", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlQueryFieldRequiredError": "EQL 查询必填。", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlSequenceSuppressionDisableText": "EQL 序列查询不支持阻止。", From 2213d6f39530d4ff2227ac59ccb5a5c48a07777d Mon Sep 17 00:00:00 2001 From: Yara Tercero Date: Tue, 8 Oct 2024 10:03:04 -0700 Subject: [PATCH 3/5] update cypress --- .../rule_creation/indicator_match_rule_suppression.cy.ts | 4 ---- .../detection_engine/rule_edit/esql_rule.cy.ts | 4 ---- .../detection_engine/rule_edit/indicator_match_rule.cy.ts | 4 ---- 3 files changed, 12 deletions(-) diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule_suppression.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule_suppression.cy.ts index 42fb37184da1c..d0539683e5a64 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule_suppression.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule_suppression.cy.ts @@ -12,7 +12,6 @@ import { SUPPRESS_FOR_DETAILS, SUPPRESS_BY_DETAILS, SUPPRESS_MISSING_FIELD, - DETAILS_TITLE, } from '../../../../screens/rule_details'; import { @@ -67,9 +66,6 @@ describe( 'have.text', 'Suppress and group alerts for events with missing fields' ); - - // suppression functionality should be under Tech Preview - cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview'); }); fillAboutRuleMinimumAndContinue(rule); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/esql_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/esql_rule.cy.ts index 511ea42c06767..9fa45987407f0 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/esql_rule.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/esql_rule.cy.ts @@ -14,7 +14,6 @@ import { DEFINITION_DETAILS, SUPPRESS_MISSING_FIELD, SUPPRESS_BY_DETAILS, - DETAILS_TITLE, } from '../../../../screens/rule_details'; import { @@ -191,9 +190,6 @@ describe( 'have.text', 'Suppress and group alerts for events with missing fields' ); - - // suppression functionality should be under Tech Preview - cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview'); }); }); }); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/indicator_match_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/indicator_match_rule.cy.ts index 62d9a95398797..fe616f6ba1969 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/indicator_match_rule.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/indicator_match_rule.cy.ts @@ -9,7 +9,6 @@ import { getNewThreatIndicatorRule } from '../../../../objects/rule'; import { SUPPRESS_FOR_DETAILS, - DETAILS_TITLE, SUPPRESS_BY_DETAILS, SUPPRESS_MISSING_FIELD, DEFINITION_DETAILS, @@ -81,9 +80,6 @@ describe( 'have.text', 'Suppress and group alerts for events with missing fields' ); - - // suppression functionality should be under Tech Preview - cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview'); }); }); }); From 8372eacce4d20a813e4c3cda01e80001fac0cdbc Mon Sep 17 00:00:00 2001 From: Yara Tercero Date: Tue, 8 Oct 2024 16:42:26 -0700 Subject: [PATCH 4/5] cleanup --- .../indicator_match_rule_suppression_ess_basic.cy.ts | 4 ---- .../detection_engine/rule_edit/threshold_rule.cy.ts | 3 --- 2 files changed, 7 deletions(-) diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule_suppression_ess_basic.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule_suppression_ess_basic.cy.ts index dd3c086224e49..6223ac017281d 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule_suppression_ess_basic.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule_suppression_ess_basic.cy.ts @@ -9,7 +9,6 @@ import { getNewThreatIndicatorRule } from '../../../../objects/rule'; import { SUPPRESS_FOR_DETAILS, - DETAILS_TITLE, SUPPRESS_BY_DETAILS, SUPPRESS_MISSING_FIELD, DEFINITION_DETAILS, @@ -62,9 +61,6 @@ describe( 'have.text', 'Do not suppress alerts for events with missing fields' ); - - // suppression functionality should be under Tech Preview - cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview'); }); // Platinum license is required for configuration to apply diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/threshold_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/threshold_rule.cy.ts index 8d4bdf2d34976..dcc35a9e00080 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/threshold_rule.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/threshold_rule.cy.ts @@ -9,7 +9,6 @@ import { getNewThresholdRule } from '../../../../objects/rule'; import { SUPPRESS_FOR_DETAILS, - DETAILS_TITLE, SUPPRESS_BY_DETAILS, SUPPRESS_MISSING_FIELD, } from '../../../../screens/rule_details'; @@ -63,8 +62,6 @@ describe( // ensure typed interval is displayed on details page getDetails(SUPPRESS_FOR_DETAILS).should('have.text', '60m'); - // suppression functionality should be under Tech Preview - cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview'); // the rest of suppress properties do not exist for threshold rule assertDetailsNotExist(SUPPRESS_BY_DETAILS); From d4fc1a502dd08ee41a81b903d94f06175f848ab5 Mon Sep 17 00:00:00 2001 From: Yara Tercero Date: Wed, 9 Oct 2024 13:15:12 -0700 Subject: [PATCH 5/5] adding ml to ga list --- .../security_solution/common/detection_engine/constants.ts | 1 + .../common/detection_engine/utils.test.ts | 2 +- .../rule_creation/machine_learning_rule_suppression.cy.ts | 7 ------- .../detection_engine/rule_edit/machine_learning_rule.cy.ts | 4 ---- 4 files changed, 2 insertions(+), 12 deletions(-) diff --git a/x-pack/plugins/security_solution/common/detection_engine/constants.ts b/x-pack/plugins/security_solution/common/detection_engine/constants.ts index b7b30e32d8e7a..270af1a91cf46 100644 --- a/x-pack/plugins/security_solution/common/detection_engine/constants.ts +++ b/x-pack/plugins/security_solution/common/detection_engine/constants.ts @@ -58,4 +58,5 @@ export const SUPPRESSIBLE_ALERT_RULES_GA: Type[] = [ 'query', 'new_terms', 'threat_match', + 'machine_learning', ]; diff --git a/x-pack/plugins/security_solution/common/detection_engine/utils.test.ts b/x-pack/plugins/security_solution/common/detection_engine/utils.test.ts index 3d9df9eccd1ab..be0b6ce9c2927 100644 --- a/x-pack/plugins/security_solution/common/detection_engine/utils.test.ts +++ b/x-pack/plugins/security_solution/common/detection_engine/utils.test.ts @@ -254,10 +254,10 @@ describe('Alert Suppression Rules', () => { expect(isSuppressionRuleInGA('threshold')).toBe(true); expect(isSuppressionRuleInGA('threat_match')).toBe(true); expect(isSuppressionRuleInGA('new_terms')).toBe(true); + expect(isSuppressionRuleInGA('machine_learning')).toBe(true); }); test('should return false for rule type suppression in tech preview', () => { - expect(isSuppressionRuleInGA('machine_learning')).toBe(false); expect(isSuppressionRuleInGA('eql')).toBe(false); }); }); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/machine_learning_rule_suppression.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/machine_learning_rule_suppression.cy.ts index c38a6ef43150a..45ccc2c5aba8d 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/machine_learning_rule_suppression.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/machine_learning_rule_suppression.cy.ts @@ -13,7 +13,6 @@ import { } from '../../../../screens/create_new_rule'; import { DEFINITION_DETAILS, - DETAILS_TITLE, SUPPRESS_BY_DETAILS, SUPPRESS_FOR_DETAILS, SUPPRESS_MISSING_FIELD, @@ -129,9 +128,6 @@ describe( 'have.text', 'Suppress and group alerts for events with missing fields' ); - - // suppression functionality should be under Tech Preview - cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview'); }); fillAboutRuleMinimumAndContinue(mlRule); @@ -163,9 +159,6 @@ describe( 'have.text', 'Do not suppress alerts for events with missing fields' ); - - // suppression functionality should be under Tech Preview - cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview'); }); fillAboutRuleMinimumAndContinue(mlRule); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/machine_learning_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/machine_learning_rule.cy.ts index e89e4b6afb817..7410d9fefae6d 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/machine_learning_rule.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/machine_learning_rule.cy.ts @@ -13,7 +13,6 @@ import { } from '../../../../screens/create_new_rule'; import { DEFINITION_DETAILS, - DETAILS_TITLE, SUPPRESS_BY_DETAILS, SUPPRESS_FOR_DETAILS, SUPPRESS_MISSING_FIELD, @@ -88,9 +87,6 @@ describe( 'have.text', 'Suppress and group alerts for events with missing fields' ); - - // suppression functionality should be under Tech Preview - cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview'); }); }); });