diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation/components/rule_actions_field/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation/components/rule_actions_field/index.tsx index ff85f82c54f67..a142f06aa3c7b 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation/components/rule_actions_field/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation/components/rule_actions_field/index.tsx @@ -78,6 +78,7 @@ const NOTIFY_WHEN_OPTIONS: NotifyWhenSelectOptions[] = [ ]; interface Props { + ruleTypeId?: string; field: FieldHook; messageVariables: ActionVariables; summaryMessageVariables: ActionVariables; @@ -113,6 +114,7 @@ const ContainerActions = styled.div.attrs( `; export const RuleActionsField: React.FC = ({ + ruleTypeId, field, messageVariables, summaryMessageVariables, @@ -246,6 +248,7 @@ export const RuleActionsField: React.FC = ({ setActionAlertsFilterProperty, featureId: SecurityConnectorFeatureId, producerId: AlertConsumers.SIEM, + ruleTypeId, defaultActionMessage: FORM_FOR_EACH_ALERT_BODY_MESSAGE, defaultSummaryMessage: FORM_SUMMARY_BODY_MESSAGE, hideActionHeader: true, @@ -255,15 +258,16 @@ export const RuleActionsField: React.FC = ({ disableErrorMessages: !isFormValidated, }), [ - actions, getActionForm, + actions, messageVariables, summaryMessageVariables, - setActionFrequency, setActionIdByIndex, - setActionParamsProperty, setAlertActionsProperty, + setActionParamsProperty, + setActionFrequency, setActionAlertsFilterProperty, + ruleTypeId, isFormValidated, ] ); diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation/components/step_rule_actions/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation/components/step_rule_actions/index.tsx index ca79d429e43ad..271c28acf736c 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation/components/step_rule_actions/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation/components/step_rule_actions/index.tsx @@ -35,6 +35,7 @@ import { ResponseAction } from './response_action'; interface StepRuleActionsProps extends RuleStepProps { ruleId?: RuleObjectId; // Rule SO's id (not ruleId) + ruleTypeId?: string; actionMessageParams: ActionVariables; summaryActionMessageParams: ActionVariables; form: FormHook; @@ -72,6 +73,7 @@ const DisplayActionsHeader = () => { const StepRuleActionsComponent: FC = ({ ruleId, + ruleTypeId, isUpdateView = false, actionMessageParams, summaryActionMessageParams, @@ -90,11 +92,12 @@ const StepRuleActionsComponent: FC = ({ componentProps={{ messageVariables: actionMessageParams, summaryMessageVariables: summaryActionMessageParams, + ruleTypeId, }} /> ), - [actionMessageParams, summaryActionMessageParams] + [actionMessageParams, ruleTypeId, summaryActionMessageParams] ); const displayResponseActionsOptions = useMemo(() => { return ( diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_creation/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_creation/index.tsx index e145edd29c9e0..05fbad5ecdeea 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_creation/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_creation/index.tsx @@ -19,6 +19,7 @@ import { import React, { memo, useCallback, useRef, useState, useMemo, useEffect } from 'react'; import styled from 'styled-components'; +import { ruleTypeMappings } from '@kbn/securitysolution-rules'; import { useAppToasts } from '../../../../common/hooks/use_app_toasts'; import { isMlRule, @@ -731,6 +732,7 @@ const CreateRulePageComponent: React.FC = () => { }} > { isCreateRuleLoading, isStartingJobs, loading, + ruleType, submitRuleDisabled, submitRuleEnabled, ] diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_editing/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_editing/index.tsx index b0b134a0bed1e..6643ad2328168 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_editing/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_editing/index.tsx @@ -22,6 +22,7 @@ import type { FC } from 'react'; import React, { memo, useCallback, useMemo, useRef, useState } from 'react'; import { useParams } from 'react-router-dom'; +import { ruleTypeMappings } from '@kbn/securitysolution-rules'; import { useConfirmValidationErrorsModal } from '../../../../common/hooks/use_confirm_validation_errors_modal'; import { useAppToasts } from '../../../../common/hooks/use_app_toasts'; import { isEsqlRule } from '../../../../../common/detection_engine/utils'; @@ -338,6 +339,7 @@ const EditRulePageComponent: FC<{ rule: RuleResponse }> = ({ rule }) => { {actionsStepData != null && ( = ({ rule }) => { esqlQueryForAboutStep, rule.rule_source, rule?.id, + rule?.type, scheduleStepData, scheduleStepForm, actionsStepData, diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_actions/rule_actions.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_actions/rule_actions.cy.ts index 050b10e1c85a9..57c36b0ccdc99 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_actions/rule_actions.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_actions/rule_actions.cy.ts @@ -5,6 +5,10 @@ * 2.0. */ +import { + CASES_CONNECTOR_GROUP_BY_ALERT_FIELD_OPTIONS_LIST, + CASES_CONNECTOR_GROUP_BY_ALERT_FIELD_SELECTOR, +} from '../../../../screens/common/rule_actions'; import { RULE_NAME_HEADER } from '../../../../screens/rule_details'; import { getIndexConnector } from '../../../../objects/connector'; import { getSimpleCustomQueryRule } from '../../../../objects/rule'; @@ -21,6 +25,7 @@ import { } from '../../../../tasks/api_calls/common'; import { createAndEnableRule, + createCasesAction, fillAboutRuleAndContinue, fillDefineCustomRuleAndContinue, fillRuleAction, @@ -106,5 +111,23 @@ describe( // UI redirects to rule creation page of a created rule cy.get(RULE_NAME_HEADER).should('contain', rule.name); }); + + it('Forwards the correct rule type id to the Cases system action', () => { + visit(CREATE_RULE_URL); + fillDefineCustomRuleAndContinue(rule); + fillAboutRuleAndContinue(rule); + fillScheduleRuleAndContinue(rule); + createCasesAction(); + + cy.get(CASES_CONNECTOR_GROUP_BY_ALERT_FIELD_SELECTOR).click(); + cy.get(CASES_CONNECTOR_GROUP_BY_ALERT_FIELD_OPTIONS_LIST).should('be.visible'); + cy.waitUntil(() => { + return cy + .get(`${CASES_CONNECTOR_GROUP_BY_ALERT_FIELD_OPTIONS_LIST} button[role=option]`) + .then(($items) => { + return $items.length > 0; + }); + }); + }); } ); diff --git a/x-pack/test/security_solution_cypress/cypress/screens/common/rule_actions.ts b/x-pack/test/security_solution_cypress/cypress/screens/common/rule_actions.ts index 32caf47e43034..63b9928bb38ef 100644 --- a/x-pack/test/security_solution_cypress/cypress/screens/common/rule_actions.ts +++ b/x-pack/test/security_solution_cypress/cypress/screens/common/rule_actions.ts @@ -48,6 +48,12 @@ export const EMAIL_CONNECTOR_PASSWORD_INPUT = '[data-test-subj="emailPasswordInp export const EMAIL_CONNECTOR_SERVICE_SELECTOR = '[data-test-subj="emailServiceSelectInput"]'; +export const CASES_CONNECTOR_GROUP_BY_ALERT_FIELD_SELECTOR = + '[data-test-subj=group-by-alert-field-combobox]'; + +export const CASES_CONNECTOR_GROUP_BY_ALERT_FIELD_OPTIONS_LIST = + '[data-test-subj~=group-by-alert-field-combobox-optionsList]'; + export const FORM_VALIDATION_ERROR = '.euiFormErrorText'; export const JSON_EDITOR = "[data-test-subj='documentToIndex']"; diff --git a/x-pack/test/security_solution_cypress/cypress/tasks/create_new_rule.ts b/x-pack/test/security_solution_cypress/cypress/tasks/create_new_rule.ts index cbb0882c5f6fc..23b480562ad0b 100644 --- a/x-pack/test/security_solution_cypress/cypress/tasks/create_new_rule.ts +++ b/x-pack/test/security_solution_cypress/cypress/tasks/create_new_rule.ts @@ -147,6 +147,7 @@ import { ACTIONS_ALERTS_TIMEFRAME_START_INPUT, ACTIONS_ALERTS_TIMEFRAME_END_INPUT, ACTIONS_ALERTS_TIMEFRAME_TIMEZONE_INPUT, + CASES_SYSTEM_ACTION_BTN, } from '../screens/common/rule_actions'; import { fillIndexConnectorForm, fillEmailConnectorForm } from './common/rule_actions'; import { TOAST_ERROR } from '../screens/shared'; @@ -540,6 +541,10 @@ export const fillRuleAction = (actions: Actions) => { }); }; +export const createCasesAction = () => { + cy.get(CASES_SYSTEM_ACTION_BTN).click(); +}; + export const fillRuleActionFilters = (alertsFilter: AlertsFilter) => { cy.get(ACTIONS_ALERTS_QUERY_FILTER_BUTTON).click(); cy.get(ACTIONS_ALERTS_QUERY_FILTER_INPUT()).type(alertsFilter.query.kql);