Skip to content

Comments

[AI4DSOC] Change rules and alerts capabilities#215148

Merged
tomsonpl merged 40 commits intoelastic:mainfrom
tomsonpl:ai-soc-alerts-capabilities
Apr 9, 2025
Merged

[AI4DSOC] Change rules and alerts capabilities#215148
tomsonpl merged 40 commits intoelastic:mainfrom
tomsonpl:ai-soc-alerts-capabilities

Conversation

@tomsonpl
Copy link
Contributor

@tomsonpl tomsonpl commented Mar 19, 2025

Description

This PR introduces a new capabilities-based gating to hide the Alerts and Rules pages.
It results in the pages being hidden in AI_SOC product, but normally available in Security.
Users manually navigating to the restricted URLs will be redirected to /app/security/get_started page.


Changes

  • ProductFeatureSecurityKey.detections]: extends the siemv2 by adding detections UI capability next to show. Since show enables general Security functionalities, and detections add some limitations to internal functionalities like: rules and alerts that are not available in AI_SOC.
  • Capability Checks for Alerts and Rules: These links depend on detections capability from now on.
  • ProductFeatureSecurityKey.externalDetections]: extends limited version of siemv2 by adding external_detections UI capability next to show. This enables AI_SOC user to see basic_rules or alerts_summary, but not rules and alerts pages.
  • Removes ProductFeatureSecurityKey.alertsSummary in favor of ProductFeatureSecurityKey.externalDetections
  • Reordered AI SOC Navigation links

Routes (Example)

  • /app/security/alerts → Visible only if the user meets detections capabilities.
  • /app/security/rules → Visible only if the user meets detections capabilities.

Otherwise both redirect to /app/security/get_started


How to verify these pages are hidden locally:

Please add the following configuration to your serverless.security.dev.yml file:

xpack.securitySolutionServerless.productTypes:
  [
    { product_line: 'ai_soc', product_tier: 'search_ai_lake' },
  ]

@tomsonpl
Copy link
Contributor Author

/ci

@tomsonpl
Copy link
Contributor Author

tomsonpl commented Apr 1, 2025

/ci

@tomsonpl
Copy link
Contributor Author

tomsonpl commented Apr 1, 2025

/ci

@tomsonpl
Copy link
Contributor Author

tomsonpl commented Apr 1, 2025

/ci

@tomsonpl
Copy link
Contributor Author

tomsonpl commented Apr 2, 2025

/ci

@tomsonpl
Copy link
Contributor Author

tomsonpl commented Apr 2, 2025

/ci

@tomsonpl
Copy link
Contributor Author

tomsonpl commented Apr 2, 2025

/ci

@tomsonpl
Copy link
Contributor Author

tomsonpl commented Apr 2, 2025

/ci

@tomsonpl tomsonpl changed the title [AI4DSOC] Change alerts_summary capabilities [AI4DSOC] Change rules and alerts capabilities Apr 2, 2025
@xcrzx xcrzx self-requested a review April 2, 2025 15:44
@tomsonpl
Copy link
Contributor Author

tomsonpl commented Apr 3, 2025

/ci

This reverts commit 721a915.
@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add a backport:* label or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 215148 locally

4 similar comments
@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add a backport:* label or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 215148 locally

@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add a backport:* label or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 215148 locally

@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add a backport:* label or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 215148 locally

@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add a backport:* label or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 215148 locally

@tomsonpl tomsonpl added backport:skip This PR does not require backporting and removed backport missing Added to PRs automatically when the are determined to be missing a backport. backport:version Backport to applied version labels labels Apr 18, 2025
@tomsonpl tomsonpl added backport:version Backport to applied version labels v8.19.0 and removed backport:skip This PR does not require backporting labels Jun 5, 2025
@kibanamachine
Copy link
Contributor

Starting backport for target branches: 8.19

https://github.com/elastic/kibana/actions/runs/15465817133

@kibanamachine
Copy link
Contributor

Starting backport for target branches: 8.19

https://github.com/elastic/kibana/actions/runs/15465817098

@kibanamachine
Copy link
Contributor

💔 All backports failed

Status Branch Result
8.19 Backport failed because of merge conflicts

You might need to backport the following PRs to 8.19:
- [Ai4dSoc] Hide notes/timelines for search_ai_lake tier (#215334)

Manual backport

To create the backport manually run:

node scripts/backport --pr 215148

Questions ?

Please refer to the Backport tool documentation

1 similar comment
@kibanamachine
Copy link
Contributor

💔 All backports failed

Status Branch Result
8.19 Backport failed because of merge conflicts

You might need to backport the following PRs to 8.19:
- [Ai4dSoc] Hide notes/timelines for search_ai_lake tier (#215334)

Manual backport

To create the backport manually run:

node scripts/backport --pr 215148

Questions ?

Please refer to the Backport tool documentation

stephmilovic pushed a commit to PhilippeOberti/kibana that referenced this pull request Jun 5, 2025
tomsonpl added a commit to tomsonpl/kibana that referenced this pull request Jun 6, 2025
(cherry picked from commit 795094d)

# Conflicts:
#	x-pack/solutions/security/plugins/security_solution/public/common/components/security_route_page_wrapper/index.test.tsx
#	x-pack/solutions/security/plugins/security_solution/public/common/components/security_route_page_wrapper/index.tsx
#	x-pack/solutions/security/plugins/security_solution/public/common/utils/timeline/use_show_timeline.test.tsx
#	x-pack/solutions/security/plugins/security_solution_serverless/public/navigation/__snapshots__/side_navigation.test.tsx.snap
#	x-pack/solutions/security/plugins/security_solution_serverless/public/navigation/ai_soc/ai_soc_navigation.ts
#	x-pack/test/security_solution_cypress/cypress/e2e/ai4dsoc/capabilities/access.cy.ts
#	x-pack/test/security_solution_cypress/cypress/e2e/ai4dsoc/constants.ts
#	x-pack/test/security_solution_cypress/cypress/e2e/ai4dsoc/navigation/navigation.cy.ts
@tomsonpl
Copy link
Contributor Author

tomsonpl commented Jun 6, 2025

💚 All backports created successfully

Status Branch Result
8.19

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

@kibanamachine kibanamachine added the backport missing Added to PRs automatically when the are determined to be missing a backport. label Jun 6, 2025
@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.
cc: @tomsonpl

@kibanamachine
Copy link
Contributor

Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync.
cc: @tomsonpl

tomsonpl added a commit that referenced this pull request Jun 9, 2025
)

# Backport

This will backport the following commits from `main` to `8.19`:
- [[AI4DSOC] Change rules and alerts capabilities
(#215148)](#215148)

<!--- Backport version: 10.0.0 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Tomasz
Ciecierski","email":"tomasz.ciecierski@elastic.co"},"sourceCommit":{"committedDate":"2025-04-09T09:29:09Z","message":"[AI4DSOC]
Change rules and alerts capabilities
(#215148)","sha":"795094d8c63dde1439220cfba1808fce50c781d1","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Security
Generative AI","backport:version","v9.1.0","v8.19.0"],"title":"[AI4DSOC]
Change rules and alerts
capabilities","number":215148,"url":"https://github.com/elastic/kibana/pull/215148","mergeCommit":{"message":"[AI4DSOC]
Change rules and alerts capabilities
(#215148)","sha":"795094d8c63dde1439220cfba1808fce50c781d1"}},"sourceBranch":"main","suggestedTargetBranches":["8.19"],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/215148","number":215148,"mergeCommit":{"message":"[AI4DSOC]
Change rules and alerts capabilities
(#215148)","sha":"795094d8c63dde1439220cfba1808fce50c781d1"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
@kibanamachine kibanamachine removed the backport missing Added to PRs automatically when the are determined to be missing a backport. label Jun 9, 2025
@kibanamachine kibanamachine added the backport missing Added to PRs automatically when the are determined to be missing a backport. label Jun 11, 2025
@kibanamachine
Copy link
Contributor

Looks like this PR has backport PRs but they still haven't been merged. Please merge them ASAP to keep the branches relatively in sync.
cc: @tomsonpl

@tomsonpl tomsonpl removed the backport missing Added to PRs automatically when the are determined to be missing a backport. label Jun 11, 2025
@tomsonpl
Copy link
Contributor Author

@jbudz - backport has been merged, but the label keeps getting back, could you suggest how to tackle this ? :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

backport:version Backport to applied version labels release_note:skip Skip the PR/issue when compiling release notes Team:Security Generative AI Security Generative AI v8.19.0 v9.1.0

Projects

None yet

Development

Successfully merging this pull request may close these issues.