Skip to content

[Security Solution][Detection Engine] adds simplified bulk edit for alert suppression #223090

Merged
vitaliidm merged 120 commits intoelastic:mainfrom
vitaliidm:de_9_1/simplified-bulk-edit-suppression
Jun 19, 2025
Merged

[Security Solution][Detection Engine] adds simplified bulk edit for alert suppression #223090
vitaliidm merged 120 commits intoelastic:mainfrom
vitaliidm:de_9_1/simplified-bulk-edit-suppression

Conversation

@vitaliidm
Copy link
Contributor

@vitaliidm vitaliidm commented Jun 9, 2025
edited by kibanamachine
Loading

Summary

DEMO

Screen.Recording.2025-06-09.at.17.28.54.mov

Feature flag

xpack.securitySolution.enableExperimental:
  - bulkEditAlertSuppressionEnabled

Flaky test runner

FTR - https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8360
Cypress - https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8361

Docs issue

elastic/docs-content#1719

Test plan

https://github.com/elastic/security-team/pull/12813

vitaliidm and others added 30 commits August 6, 2024 11:40
@vitaliidm
[Security Solution][Detection Engine] adds bulk edit for alert suppre…
a5bd474 
…ssion
@vitaliidm
Merge branch 'main' into de_8_16/bulk-edit-alert-suppression
32d64d2
@vitaliidm
additional
266c5f7
@vitaliidm
Merge branch 'main' into de_8_16/bulk-edit-alert-suppression
999fa9b
@vitaliidm
form elements
d6a533e
@vitaliidm
new design
8f753fd
@vitaliidm
Merge branch 'main' into de_8_16/bulk-edit-alert-suppression
1de9b13
@kibanamachine
[CI] Auto-commit changed files from 'yarn openapi:bundle'
39ce121
@kibanamachine
[CI] Auto-commit changed files from 'node scripts/eslint --no-cache -…
ff70e27 
…-fix'
@vitaliidm
Merge branch 'main' into de_8_16/bulk-edit-alert-suppression
6c139f6
@vitaliidm
Merge branch 'main' into de_8_16/bulk-edit-alert-suppression
a2dd304 
# Conflicts:
#	x-pack/plugins/security_solution/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.schema.yaml
#	x-pack/plugins/security_solution/public/common/lib/telemetry/constants.ts
#	x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.gen.ts
#	x-pack/solutions/security/plugins/security_solution/common/constants.ts
#	x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/bulk_actions/forms/alert_suppression_form.tsx
#	x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/bulk_actions/validations.ts
@vitaliidm
[Security Solution][Detection Engine] fix after merge
a7e6657
@vitaliidm
[Security Solution][Detection Engine] small improvements
e04e3e6
@vitaliidm
[Security Solution][Detection Engine] params modifier updates
2d9ec07
@vitaliidm
Merge branch 'main' into de_8_16/bulk-edit-alert-suppression
5cc19f2
@vitaliidm
[Security Solution][Detection Engine] add ftr tests
a5e6c9e
@vitaliidm
Merge branch 'main' into de_8_16/bulk-edit-alert-suppression
ffc1de0
@vitaliidm
[Security Solution][Detection Engine] update tests
3408c74
@vitaliidm
Merge branch 'de_8_16/bulk-edit-alert-suppression' of https://github.…
d8e54c9 
…com/vitaliidm/kibana into de_8_16/bulk-edit-alert-suppression
@vitaliidm
Merge branch 'main' into de_8_16/bulk-edit-alert-suppression
92408c3
@kibanamachine
[CI] Auto-commit changed files from 'yarn openapi:bundle'
b4c8268
@kibanamachine
[CI] Auto-commit changed files from 'yarn openapi:bundle'
312ed57
@vitaliidm
[Security Solution][Detection Engine] tests
34f11ee
@vitaliidm
Merge branch 'main' into de_8_16/bulk-edit-alert-suppression
7edf498
@vitaliidm
Merge branch 'main' into de_9_1/bulk-edit-suppression
3ed09fa
@vitaliidm
Merge branch 'de_8_16/bulk-edit-alert-suppression' into de_9_1/bulk-e…
1cf5eb2 
…dit-suppression
@vitaliidm
Merge branch 'de_9_1/bulk-edit-suppression' of https://github.com/vit…
0a4cc95 
…aliidm/kibana into de_9_1/bulk-edit-suppression
@kibanamachine
[CI] Auto-commit changed files from 'make api-docs'
d83d95d
@vitaliidm
[Security Solution][Detection Engine] fixes
b1365e0
@vitaliidm
Merge branch 'de_9_1/bulk-edit-suppression' of https://github.com/vit…
84ae899 
…aliidm/kibana into de_9_1/bulk-edit-suppression
@vitaliidm
Copy link
Contributor Author

vitaliidm commented Jun 16, 2025

Thank you for review, @maximpn
I have addressed comments and fixed UI issue

@vitaliidm vitaliidm requested a review from maximpn June 16, 2025 17:15
maximpn
maximpn approved these changes Jun 17, 2025
View reviewed changes
Copy link
Contributor

@maximpn maximpn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vitaliidm Thanks for addressing my comments and fixing the UI bug 🙏

@vitaliidm vitaliidm enabled auto-merge (squash) June 18, 2025 16:37
vitaliidm and others added 6 commits June 18, 2025 20:16
@vitaliidm
Merge branch 'main' into de_9_1/simplified-bulk-edit-suppression
d135457
@vitaliidm
Merge branch 'main' into de_9_1/simplified-bulk-edit-suppression
3aa27f7 
# Conflicts:
#	oas_docs/output/kibana.serverless.yaml
#	oas_docs/output/kibana.yaml
#	x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.gen.ts
#	x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.schema.yaml
#	x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.test.ts
#	x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml
#	x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml
#	x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts
#	x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_dry_run.ts
@kibanamachine
[CI] Auto-commit changed files from 'yarn openapi:bundle'
37ffa08
@kibanamachine
[CI] Auto-commit changed files from 'make api-docs'
3902e30
@vitaliidm
Merge branch 'main' into de_9_1/simplified-bulk-edit-suppression
4ae6245
@vitaliidm
Merge branch 'main' into de_9_1/simplified-bulk-edit-suppression
6612651
@vitaliidm vitaliidm requested review from a team and dhurley14 June 19, 2025 09:41
@elasticmachine
Copy link
Contributor

elasticmachine commented Jun 19, 2025

💚 Build Succeeded

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 7641 7644 +3

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 9.4MB 9.4MB +9.9KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
securitySolution 94.9KB 95.1KB +215.0B

History

cc @vitaliidm

nkhristinin
nkhristinin approved these changes Jun 19, 2025
View reviewed changes
Copy link
Contributor

@nkhristinin nkhristinin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

DE changes LGTM!

@vitaliidm vitaliidm merged commit 40dccf5 into elastic:main Jun 19, 2025
10 checks passed
@kibanamachine
Copy link
Contributor

kibanamachine commented Jun 19, 2025

Starting backport for target branches: 8.19

https://github.com/elastic/kibana/actions/runs/15760094832

@kibanamachine
Copy link
Contributor

kibanamachine commented Jun 19, 2025

💔 All backports failed

Status Branch Result
8.19 Backport failed because of merge conflicts

You might need to backport the following PRs to 8.19:
- Add an API endpoint to bulk fill rule gaps (#220866)
- Optimize bulk actions endpoint & update gaps (#222158)
- OpenAI (Other) Connector PKI implementation (#219984)
- [Cloud Connector] Add cloud_connectors config in Agentless API (#215421)

Manual backport

To create the backport manually run:

node scripts/backport --pr 223090

Questions ?

Please refer to the Backport tool documentation

@vitaliidm vitaliidm mentioned this pull request Jun 19, 2025
Merged
@vitaliidm
Copy link
Contributor Author

vitaliidm commented Jun 19, 2025

💚 All backports created successfully

Status Branch Result
8.19

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

vitaliidm added a commit to vitaliidm/kibana that referenced this pull request Jun 19, 2025
@vitaliidm
[Security Solution][Detection Engine] adds simplified bulk edit for a…
d0e4ce5 
…lert suppression (elastic#223090)

## Summary

- addresses elastic/security-team#9190
(issue's description does not contain details, for product requirements
refer to
elastic/security-team#9190 (comment))
- adds simplified bulk editing, when user can only overwrite or remove
alert suppression for multiple rules

### DEMO

https://github.com/user-attachments/assets/88dc2953-e3fa-44c3-b896-ff533c66553f

### Feature flag

```yml
xpack.securitySolution.enableExperimental:
  - bulkEditAlertSuppressionEnabled
```

### Flaky test runner

FTR -
https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8360
Cypress -
https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8361

### Docs issue

elastic/docs-content#1719

### Test plan

elastic/security-team#12813

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Maxim Palenov <maxim.palenov@elastic.co>
(cherry picked from commit 40dccf5)

# Conflicts:
#	oas_docs/output/kibana.serverless.yaml
#	oas_docs/output/kibana.yaml
#	x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.gen.ts
#	x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.schema.yaml
#	x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.test.ts
#	x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml
#	x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml
#	x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_responses.ts
#	x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts
#	x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_dry_run.ts
vitaliidm added a commit that referenced this pull request Jun 20, 2025
@vitaliidm @kibanamachine
[8.19] [Security Solution][Detection Engine] adds simplified bulk edi…
179d672 
…t for alert suppression (#223090) (#224595)

# Backport

This will backport the following commits from `main` to `8.19`:
- [[Security Solution][Detection Engine] adds simplified bulk edit for
alert suppression
(#223090)](#223090)

<!--- Backport version: 10.0.1 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Vitalii
Dmyterko","email":"92328789+vitaliidm@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-06-19T14:20:12Z","message":"[Security
Solution][Detection Engine] adds simplified bulk edit for alert
suppression (#223090)\n\n## Summary\n\n- addresses
https://github.com/elastic/security-team/issues/9190\n(issue's
description does not contain details, for product requirements\nrefer
to\nhttps://github.com/elastic/security-team/issues/9190#issuecomment-2943723763)\n-
adds simplified bulk editing, when user can only overwrite or
remove\nalert suppression for multiple rules\n\n###
DEMO\n\n\n\nhttps://github.com/user-attachments/assets/88dc2953-e3fa-44c3-b896-ff533c66553f\n\n###
Feature flag\n\n```yml\nxpack.securitySolution.enableExperimental:\n -
bulkEditAlertSuppressionEnabled\n```\n\n### Flaky test runner\n\nFTR
-\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8360\nCypress
-\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8361\n\n###
Docs issue\n\nhttps://github.com/elastic/docs-content/issues/1719\n\n###
Test
plan\n\nhttps://github.com/elastic/security-team/pull/12813\n\n---------\n\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Maxim
Palenov
<maxim.palenov@elastic.co>","sha":"40dccf51a2ea3fd4e2b2b8b86564e669ad8896cb","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:
SecuritySolution","release_note:feature","Team:Detection
Engine","backport:version","9.1 candidate","8.19
candidate","v9.1.0","v8.19.0"],"title":"[Security Solution][Detection
Engine] adds simplified bulk edit for alert suppression
","number":223090,"url":"https://github.com/elastic/kibana/pull/223090","mergeCommit":{"message":"[Security
Solution][Detection Engine] adds simplified bulk edit for alert
suppression (#223090)\n\n## Summary\n\n- addresses
https://github.com/elastic/security-team/issues/9190\n(issue's
description does not contain details, for product requirements\nrefer
to\nhttps://github.com/elastic/security-team/issues/9190#issuecomment-2943723763)\n-
adds simplified bulk editing, when user can only overwrite or
remove\nalert suppression for multiple rules\n\n###
DEMO\n\n\n\nhttps://github.com/user-attachments/assets/88dc2953-e3fa-44c3-b896-ff533c66553f\n\n###
Feature flag\n\n```yml\nxpack.securitySolution.enableExperimental:\n -
bulkEditAlertSuppressionEnabled\n```\n\n### Flaky test runner\n\nFTR
-\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8360\nCypress
-\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8361\n\n###
Docs issue\n\nhttps://github.com/elastic/docs-content/issues/1719\n\n###
Test
plan\n\nhttps://github.com/elastic/security-team/pull/12813\n\n---------\n\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Maxim
Palenov
<maxim.palenov@elastic.co>","sha":"40dccf51a2ea3fd4e2b2b8b86564e669ad8896cb"}},"sourceBranch":"main","suggestedTargetBranches":["8.19"],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/223090","number":223090,"mergeCommit":{"message":"[Security
Solution][Detection Engine] adds simplified bulk edit for alert
suppression (#223090)\n\n## Summary\n\n- addresses
https://github.com/elastic/security-team/issues/9190\n(issue's
description does not contain details, for product requirements\nrefer
to\nhttps://github.com/elastic/security-team/issues/9190#issuecomment-2943723763)\n-
adds simplified bulk editing, when user can only overwrite or
remove\nalert suppression for multiple rules\n\n###
DEMO\n\n\n\nhttps://github.com/user-attachments/assets/88dc2953-e3fa-44c3-b896-ff533c66553f\n\n###
Feature flag\n\n```yml\nxpack.securitySolution.enableExperimental:\n -
bulkEditAlertSuppressionEnabled\n```\n\n### Flaky test runner\n\nFTR
-\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8360\nCypress
-\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8361\n\n###
Docs issue\n\nhttps://github.com/elastic/docs-content/issues/1719\n\n###
Test
plan\n\nhttps://github.com/elastic/security-team/pull/12813\n\n---------\n\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Maxim
Palenov
<maxim.palenov@elastic.co>","sha":"40dccf51a2ea3fd4e2b2b8b86564e669ad8896cb"}},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
akowalska622 pushed a commit to akowalska622/kibana that referenced this pull request Jun 25, 2025
@vitaliidm @kibanamachine
@maximpn @akowalska622
[Security Solution][Detection Engine] adds simplified bulk edit for a…
501127b 
…lert suppression (elastic#223090)

## Summary

- addresses elastic/security-team#9190
(issue's description does not contain details, for product requirements
refer to
elastic/security-team#9190 (comment))
- adds simplified bulk editing, when user can only overwrite or remove
alert suppression for multiple rules

### DEMO



https://github.com/user-attachments/assets/88dc2953-e3fa-44c3-b896-ff533c66553f

### Feature flag

```yml
xpack.securitySolution.enableExperimental:
  - bulkEditAlertSuppressionEnabled
```

### Flaky test runner

FTR -
https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8360
Cypress -
https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8361

### Docs issue

elastic/docs-content#1719

### Test plan

elastic/security-team#12813

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Maxim Palenov <maxim.palenov@elastic.co>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@maximpn maximpn maximpn approved these changes

@nkhristinin nkhristinin nkhristinin approved these changes

@vgomez-el vgomez-el vgomez-el approved these changes

@nastasha-solomon nastasha-solomon Awaiting requested review from nastasha-solomon

@dhurley14 dhurley14 Awaiting requested review from dhurley14 dhurley14 is a code owner automatically assigned from elastic/security-detection-engine

Assignees

@vitaliidm vitaliidm

Labels

8.19 candidate 9.1 candidate backport:version Backport to applied version labels release_note:feature Makes this part of the condensed release notes Team:Detection Engine Security Solution Detection Engine Area Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.19.0 v9.1.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@vitaliidm @ARWNightingale @kibanamachine @elasticmachine @maximpn @nkhristinin @vgomez-el