Skip to content
Merged
Original file line number Diff line number Diff line change
Expand Up @@ -51,4 +51,12 @@ export const SUPPRESSIBLE_ALERT_RULES: Type[] = [
'machine_learning',
];

export const SUPPRESSIBLE_ALERT_RULES_GA: Type[] = ['saved_query', 'query'];
export const SUPPRESSIBLE_ALERT_RULES_GA: Type[] = [
'threshold',
'esql',
'saved_query',
'query',
'new_terms',
'threat_match',
'machine_learning',
];
Original file line number Diff line number Diff line change
Expand Up @@ -250,14 +250,14 @@ describe('Alert Suppression Rules', () => {
test('should return true for rule type suppression in global availability', () => {
expect(isSuppressionRuleInGA('saved_query')).toBe(true);
expect(isSuppressionRuleInGA('query')).toBe(true);
expect(isSuppressionRuleInGA('esql')).toBe(true);
expect(isSuppressionRuleInGA('threshold')).toBe(true);
expect(isSuppressionRuleInGA('threat_match')).toBe(true);
expect(isSuppressionRuleInGA('new_terms')).toBe(true);
expect(isSuppressionRuleInGA('machine_learning')).toBe(true);
});

test('should return false for rule type suppression in tech preview', () => {
expect(isSuppressionRuleInGA('machine_learning')).toBe(false);
expect(isSuppressionRuleInGA('esql')).toBe(false);
expect(isSuppressionRuleInGA('threshold')).toBe(false);
expect(isSuppressionRuleInGA('threat_match')).toBe(false);
expect(isSuppressionRuleInGA('new_terms')).toBe(false);
expect(isSuppressionRuleInGA('eql')).toBe(false);
});
});
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -205,15 +205,15 @@ export const THRESHOLD_SUPPRESSION_PER_RULE_EXECUTION_WARNING = i18n.translate(
export const getEnableThresholdSuppressionLabel = (fields: string[] | undefined) =>
fields?.length ? (
<FormattedMessage
id="xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionForFieldsLabel"
defaultMessage="Suppress alerts by selected fields: {fieldsString} (Technical Preview)"
id="xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ga.enableThresholdSuppressionForFieldsLabel"
defaultMessage="Suppress alerts by selected fields: {fieldsString}"
values={{ fieldsString: <strong>{fields.join(', ')}</strong> }}
/>
) : (
i18n.translate(
'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionLabel',
'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ga.enableThresholdSuppressionLabel',
{
defaultMessage: 'Suppress alerts (Technical Preview)',
defaultMessage: 'Suppress alerts',
}
)
);
Expand Down
2 changes: 0 additions & 2 deletions x-pack/plugins/translations/translations/fr-FR.json
Original file line number Diff line number Diff line change
Expand Up @@ -36134,8 +36134,6 @@
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredEmptyError": "Toutes les correspondances requièrent un champ et un champ d'index des menaces.",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredError": "Au moins une correspondance d'indicateur est requise.",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.dataViewSelectorFieldRequired": "Veuillez sélectionner une vue des données ou un modèle d'index disponible.",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionForFieldsLabel": "Supprimer les alertes par champs sélectionnés : {fieldsString} (version d'évaluation technique)",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionLabel": "Supprimer les alertes (version d'évaluation technique)",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.EqlQueryBarLabel": "Requête EQL",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlQueryFieldRequiredError": "Une requête EQL est requise.",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlSequenceSuppressionDisableText": "La suppression n'est pas prise en charge pour les requêtes de séquence EQL.",
Expand Down
2 changes: 0 additions & 2 deletions x-pack/plugins/translations/translations/ja-JP.json
Original file line number Diff line number Diff line change
Expand Up @@ -35878,8 +35878,6 @@
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredEmptyError": "すべての一致には、フィールドと脅威インデックスフィールドの両方が必要です。",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredError": "1 つ以上のインジケーター一致が必要です。",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.dataViewSelectorFieldRequired": "使用可能なデータビューまたはインデックスパターンを選択してください。",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionForFieldsLabel": "選択したフィールドでアラートを非表示:{fieldsString}(テクニカルプレビュー)",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionLabel": "アラートを抑制(テクニカルプレビュー)",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.EqlQueryBarLabel": "EQL クエリ",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlQueryFieldRequiredError": "EQLクエリは必須です。",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlSequenceSuppressionDisableText": "EQLシーケンスクエリでは抑制はサポートされていません。",
Expand Down
2 changes: 0 additions & 2 deletions x-pack/plugins/translations/translations/zh-CN.json
Original file line number Diff line number Diff line change
Expand Up @@ -35922,8 +35922,6 @@
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredEmptyError": "所有匹配项都需要字段和威胁索引字段。",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredError": "至少需要一个指标匹配。",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.dataViewSelectorFieldRequired": "请选择可用的数据视图或索引模式。",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionForFieldsLabel": "选定字段阻止告警:{fieldsString}(技术预览)",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionLabel": "阻止告警(技术预览)",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.EqlQueryBarLabel": "EQL 查询",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlQueryFieldRequiredError": "EQL 查询必填。",
"xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlSequenceSuppressionDisableText": "EQL 序列查询不支持阻止。",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ import {
SUPPRESS_FOR_DETAILS,
SUPPRESS_BY_DETAILS,
SUPPRESS_MISSING_FIELD,
DETAILS_TITLE,
} from '../../../../screens/rule_details';

import {
Expand Down Expand Up @@ -67,9 +66,6 @@ describe(
'have.text',
'Suppress and group alerts for events with missing fields'
);

// suppression functionality should be under Tech Preview
cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
});

fillAboutRuleMinimumAndContinue(rule);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ import { getNewThreatIndicatorRule } from '../../../../objects/rule';

import {
SUPPRESS_FOR_DETAILS,
DETAILS_TITLE,
SUPPRESS_BY_DETAILS,
SUPPRESS_MISSING_FIELD,
DEFINITION_DETAILS,
Expand Down Expand Up @@ -62,9 +61,6 @@ describe(
'have.text',
'Do not suppress alerts for events with missing fields'
);

// suppression functionality should be under Tech Preview
cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
});

// Platinum license is required for configuration to apply
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ import {
} from '../../../../screens/create_new_rule';
import {
DEFINITION_DETAILS,
DETAILS_TITLE,
SUPPRESS_BY_DETAILS,
SUPPRESS_FOR_DETAILS,
SUPPRESS_MISSING_FIELD,
Expand Down Expand Up @@ -129,9 +128,6 @@ describe(
'have.text',
'Suppress and group alerts for events with missing fields'
);

// suppression functionality should be under Tech Preview
cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
});

fillAboutRuleMinimumAndContinue(mlRule);
Expand Down Expand Up @@ -163,9 +159,6 @@ describe(
'have.text',
'Do not suppress alerts for events with missing fields'
);

// suppression functionality should be under Tech Preview
cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
});

fillAboutRuleMinimumAndContinue(mlRule);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ import {
DEFINITION_DETAILS,
SUPPRESS_MISSING_FIELD,
SUPPRESS_BY_DETAILS,
DETAILS_TITLE,
} from '../../../../screens/rule_details';

import {
Expand Down Expand Up @@ -191,9 +190,6 @@ describe(
'have.text',
'Suppress and group alerts for events with missing fields'
);

// suppression functionality should be under Tech Preview
cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
});
});
});
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ import { getNewThreatIndicatorRule } from '../../../../objects/rule';

import {
SUPPRESS_FOR_DETAILS,
DETAILS_TITLE,
SUPPRESS_BY_DETAILS,
SUPPRESS_MISSING_FIELD,
DEFINITION_DETAILS,
Expand Down Expand Up @@ -81,9 +80,6 @@ describe(
'have.text',
'Suppress and group alerts for events with missing fields'
);

// suppression functionality should be under Tech Preview
cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
});
});
});
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ import {
} from '../../../../screens/create_new_rule';
import {
DEFINITION_DETAILS,
DETAILS_TITLE,
SUPPRESS_BY_DETAILS,
SUPPRESS_FOR_DETAILS,
SUPPRESS_MISSING_FIELD,
Expand Down Expand Up @@ -88,9 +87,6 @@ describe(
'have.text',
'Suppress and group alerts for events with missing fields'
);

// suppression functionality should be under Tech Preview
cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
});
});
});
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ import { getNewThresholdRule } from '../../../../objects/rule';

import {
SUPPRESS_FOR_DETAILS,
DETAILS_TITLE,
SUPPRESS_BY_DETAILS,
SUPPRESS_MISSING_FIELD,
} from '../../../../screens/rule_details';
Expand Down Expand Up @@ -63,8 +62,6 @@ describe(

// ensure typed interval is displayed on details page
getDetails(SUPPRESS_FOR_DETAILS).should('have.text', '60m');
// suppression functionality should be under Tech Preview
cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');

// the rest of suppress properties do not exist for threshold rule
assertDetailsNotExist(SUPPRESS_BY_DETAILS);
Expand Down