[AI4SOC] Add rules management table#219111
Conversation
|
/ci |
xcrzx
force-pushed
the
promotion_rule_management
branch
from
9312274 to
ce52ff3
Compare
xcrzx
added
v9.1.0
release_note:skip
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
logeekal
left a comment
logeekal
left a comment
There was a problem hiding this comment.
Code Review only. LGTM 🚀
| import { hasCapabilities } from '../lib/capabilities'; | ||
| import { useKibana } from '../lib/kibana'; | ||
|
|
||
| export const useIsSearchAiLakeTier = () => { |
There was a problem hiding this comment.
| export const useIsSearchAiLakeTier = () => { | |
| export const useIsExternalDetectionsEnabled = () => { |
There was a problem hiding this comment.
We should not need to care about tiers here, only if externalDetections functionality is enabled or not
There was a problem hiding this comment.
What we're trying to do here doesn't map well to the product features, since we essentially need to disable multiple parts of the page on the AI4SOC tier. A more robust approach might be to add a key in the config for each feature we want to disable, but that would inflate the product feature config we support. So I'm not sure which approach is best here.
Anyway, reverting the changes for now to give us time for a more well-thought-out solution.
There was a problem hiding this comment.
If for some reason you do need to check the capability in a future PR you can use this hook:
const { hasSearchAILakeConfigurations } = useAssistantAvailability();
There was a problem hiding this comment.
If for some reason you do need to check the capability in a future PR you can use this hook:
Thanks, I was looking for something like that 👍
There was a problem hiding this comment.
It's hard to grep for these variables that have AI in them because half of the people capitalize it Ai and the other half AI 😂
There was a problem hiding this comment.
What we're trying to do here doesn't map well to the product features, since we essentially need to disable multiple parts of the page on the AI4SOC tier.
That's why we created new capabilities: detections (traditional in-house siem detections functionalities) and external_detections (new external detections rules functionality, for now it's only used in the new ai serverless tier)
Here we are hiding stuff when the user has external_detections (or does not have detections), the implementation of the hook looked correct to me, it was only the name of the hook that was misleading. In the security_solution plugin we should be agnostic and not know anything serverless-specific stuff, such as tiers.
And about using this here:
const { hasSearchAILakeConfigurations } = useAssistantAvailability();
I don't recommend this either, the assistant stuff should be checked in places where we do assistant-related things, not here. And the configurations capability should be checked only for logic related to the configuration page functionality.
Not saying this would now work, yes it would right now. But this would introduce coupling, if someday configurations (or external_detections) capability is changed and granted by another serverless tier, we will need to remember to come here to change this code, or we'll be introducing a bug. Which should not be necessary.
xcrzx
force-pushed
the
promotion_rule_management
branch
from
ce52ff3 to
d1999b3
Compare
stephmilovic
left a comment
stephmilovic
left a comment
There was a problem hiding this comment.
Code review and manual testing LGTM
| append: | ||
| installedTotal > 0 ? ( | ||
| <EuiNotificationBadge size="m" color="subdued"> | ||
| {installedTotal} | ||
| </EuiNotificationBadge> | ||
| ) : undefined, |
There was a problem hiding this comment.
| append: | |
| installedTotal > 0 ? ( | |
| <EuiNotificationBadge size="m" color="subdued"> | |
| {installedTotal} | |
| </EuiNotificationBadge> | |
| ) : undefined, | |
| append: installedTotal > 0 && ( | |
| <EuiNotificationBadge size="m" color="subdued"> | |
| {installedTotal} | |
| </EuiNotificationBadge> | |
| ),, |
| append: | ||
| installedTotal > 0 ? ( | ||
| <EuiNotificationBadge size="m" color="subdued"> | ||
| {installedTotal} | ||
| </EuiNotificationBadge> | ||
| ) : undefined, |
There was a problem hiding this comment.
| append: | |
| installedTotal > 0 ? ( | |
| <EuiNotificationBadge size="m" color="subdued"> | |
| {installedTotal} | |
| </EuiNotificationBadge> | |
| ) : undefined, | |
| append: installedTotal > 0 && ( | |
| <EuiNotificationBadge size="m" color="subdued"> | |
| {installedTotal} | |
| </EuiNotificationBadge> | |
| ), |
| }); | ||
| const executionStatusColumn = useRuleExecutionStatusColumn({ | ||
| sortable: true, | ||
| width: '16%', |
There was a problem hiding this comment.
Fixed width should work better. Otherwise min width should be set. Relative width gets too narrow on smaller screens
| {isSearchAiLake === false && ( | ||
| <EuiFlexItem grow={false}> | ||
| <EuiFlexGroup alignItems="center" gutterSize="s" responsive={false}> | ||
| <EuiFlexItem grow={false}> | ||
| <EditRuleSettingButtonLink | ||
| ruleId={ruleId} | ||
| disabled={ | ||
| !isExistingRule || | ||
| !hasUserCRUDPermission(canUserCRUD) || | ||
| (isMlRule(rule?.type) && !hasMlPermissions) | ||
| } | ||
| disabledReason={explainLackOfPermission( | ||
| rule, | ||
| hasMlPermissions, | ||
| hasActionsPrivileges, | ||
| canUserCRUD | ||
| )} | ||
| /> | ||
| </EuiFlexItem> | ||
| <EuiFlexItem grow={false}> | ||
| <RuleActionsOverflow | ||
| rule={rule} | ||
| userHasPermissions={ | ||
| isExistingRule && hasUserCRUDPermission(canUserCRUD) | ||
| } | ||
| canDuplicateRuleWithActions={canEditRuleWithActions( | ||
| rule, | ||
| hasActionsPrivileges | ||
| )} | ||
| showBulkDuplicateExceptionsConfirmation={showBulkDuplicateConfirmation} | ||
| showManualRuleRunConfirmation={showManualRuleRunConfirmation} | ||
| confirmDeletion={confirmDeletion} | ||
| /> | ||
| </EuiFlexItem> | ||
| </EuiFlexGroup> | ||
| </EuiFlexItem> | ||
| )} |
There was a problem hiding this comment.
Should rule actions and settings be extracted to a separate component for better readability?
| }, | ||
| sortable: true, | ||
| truncateText: true, | ||
| width: '16%', |
There was a problem hiding this comment.
Should we have the fixed width?
💛 Build succeeded, but was flaky
Failed CI StepsMetrics [docs]Module Count
Async chunks
History
cc @xcrzx |
PhilippeOberti
left a comment
PhilippeOberti
left a comment
There was a problem hiding this comment.
Desk tested and code LGTM for Threat Hunting Investigations team
**Resolves: elastic/security-team#11787 ## Summary Added the rule management and rule monitoring table to the AI4SOC tier. ### Rule Monitoring  ### Rule Management  ### Empty state  UPD: I had to disable links to the rule details page for now. Will be working on enabling them separately
**Resolves: elastic/security-team#11787 ## Summary Added the rule management and rule monitoring table to the AI4SOC tier. ### Rule Monitoring  ### Rule Management  ### Empty state  UPD: I had to disable links to the rule details page for now. Will be working on enabling them separately
xcrzx
added
backport:version
|
Starting backport for target branches: 8.19 https://github.com/elastic/kibana/actions/runs/15683081338 |
**Resolves: https://github.com/elastic/security-team/issues/11787** ## Summary Added the rule management and rule monitoring table to the AI4SOC tier. ### Rule Monitoring  ### Rule Management  ### Empty state  UPD: I had to disable links to the rule details page for now. Will be working on enabling them separately (cherry picked from commit 857bf1d)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
# Backport This will backport the following commits from `main` to `8.19`: - [[AI4SOC] Add rules management table (#219111)](#219111) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Dmitrii Shevchenko","email":"dmitrii.shevchenko@elastic.co"},"sourceCommit":{"committedDate":"2025-04-25T16:14:25Z","message":"[AI4SOC] Add rules management table (#219111)\n\n**Resolves: https://github.com/elastic/security-team/issues/11787**\n\n## Summary\n\nAdded the rule management and rule monitoring table to the AI4SOC tier.\n\n### Rule Monitoring\n\n\n\n\n### Rule Management\n\n\n\n\n### Empty state\n\n\n\nUPD: I had to disable links to the rule details page for now. Will be\nworking on enabling them separately","sha":"857bf1d90c3f40dff56e7fc58e493658e7107a24","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team: SecuritySolution","Team:Security Generative AI","backport:version","v9.1.0","v8.19.0"],"title":"[AI4SOC] Add rules management table","number":219111,"url":"https://github.com/elastic/kibana/pull/219111","mergeCommit":{"message":"[AI4SOC] Add rules management table (#219111)\n\n**Resolves: https://github.com/elastic/security-team/issues/11787**\n\n## Summary\n\nAdded the rule management and rule monitoring table to the AI4SOC tier.\n\n### Rule Monitoring\n\n\n\n\n### Rule Management\n\n\n\n\n### Empty state\n\n\n\nUPD: I had to disable links to the rule details page for now. Will be\nworking on enabling them separately","sha":"857bf1d90c3f40dff56e7fc58e493658e7107a24"}},"sourceBranch":"main","suggestedTargetBranches":["8.19"],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/219111","number":219111,"mergeCommit":{"message":"[AI4SOC] Add rules management table (#219111)\n\n**Resolves: https://github.com/elastic/security-team/issues/11787**\n\n## Summary\n\nAdded the rule management and rule monitoring table to the AI4SOC tier.\n\n### Rule Monitoring\n\n\n\n\n### Rule Management\n\n\n\n\n### Empty state\n\n\n\nUPD: I had to disable links to the rule details page for now. Will be\nworking on enabling them separately","sha":"857bf1d90c3f40dff56e7fc58e493658e7107a24"}},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Dmitrii Shevchenko <dmitrii.shevchenko@elastic.co>
9 participants
Resolves: https://github.com/elastic/security-team/issues/11787
Summary
Added the rule management and rule monitoring table to the AI4SOC tier.
Rule Monitoring
Rule Management
Empty state
UPD: I had to disable links to the rule details page for now. Will be working on enabling them separately