[Security Solution] Implement Prebuilt Rules Customization test plan#232776
Merged
maximpn merged 11 commits intoelastic:mainfrom Sep 3, 2025
Merged
Conversation
maximpn
added
test
release_note:skip
maximpn
changed the title
maximpn
force-pushed
the
implement-prebuilt-rule-customizations-test-plan
branch
3 times, most recently
from
f405650 to
376bd9a
Compare
Contributor
Flaky Test Runner Stats🎉 All tests passed! - kibana-flaky-test-suite-runner#9251[✅] x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/configs/ess.config.ts: 200/200 tests passed. |
Contributor
Flaky Test Runner Stats🎉 All tests passed! - kibana-flaky-test-suite-runner#9254[✅] Security Solution Rule Management - Prebuilt Rules Customization - Cypress: 100/100 tests passed. |
Contributor
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
Contributor
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Contributor
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
21 tasks
dplumlee
approved these changes
Sep 2, 2025
Contributor
There was a problem hiding this comment.
Github won't let me comment on the specific file line but on line 28, the
describe('@ess @serverless @skipInServerlessMKI Calculate "is_customized"', () => {
should be updated to align with the new file name
Contributor
Author
There was a problem hiding this comment.
Thanks for noticing that.
I overlooked that implementation in customization_disabled/customization/unable_to_customize_on_import.ts doesn't match the title. In fact we allow Prebuilt Rule Customization via Prebuilt Rules Importing under insufficient for Prebuilt Rules Customization license. You many notice that Prebuilt Rules import and export API integration tests in x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export run under the low-tier license.
Taking the above into account I removed customization_disabled/customization/unable_to_customize_on_import.ts as a duplicate of Prebuilt Rules import and export API integration tests.
Comment on lines
+260
to
+257
| it(`applies "${BulkActionEditTypeEnum.add_index_patterns}" bulk edit action to prebuilt rules`, async () => { | ||
| const bulkResponse = await performBulkEditOnPrebuiltRules({ | ||
| type: BulkActionEditTypeEnum.add_index_patterns, | ||
| value: ['test-*'], | ||
| }); | ||
|
|
||
| expect(bulkResponse.attributes.results.updated).toEqual( | ||
| expect.arrayContaining([ | ||
| expect.objectContaining({ | ||
| rule_id: QUERY_PREBUILT_RULE_ID, | ||
| index: ['existing-index-pattern-1', 'existing-index-pattern-2', 'test-*'], | ||
| }), | ||
| expect.objectContaining({ | ||
| rule_id: SAVED_QUERY_PREBUILT_RULE_ID, | ||
| index: ['existing-index-pattern-1', 'existing-index-pattern-2', 'test-*'], | ||
| }), | ||
| expect.objectContaining({ | ||
| rule_id: EQL_PREBUILT_RULE_ID, | ||
| index: ['existing-index-pattern-1', 'existing-index-pattern-2', 'test-*'], | ||
| }), | ||
| ]) | ||
| ); |
Contributor
There was a problem hiding this comment.
This looks like a duplication of the test above
| }); | ||
| }); | ||
|
|
||
| describe('custom query rule fields', () => { |
Contributor
There was a problem hiding this comment.
Probably also want a "saved query rule fields" block in this section, or at least something testing for saved_id since the fields are mostly the same between saved query and custom query rule types.
| }); | ||
| }); | ||
|
|
||
| describe('custom query rule fields', () => { |
Contributor
There was a problem hiding this comment.
Same thing with the saved query rule type here
| it('user can edit a non-customized prebuilt rule from the rule edit page', function () { | ||
| const newDescriptionValue = 'New rule description'; | ||
| cy.get(RULE_NAME).contains('Non-customized prebuilt rule').click(); | ||
| describe('navigation to the prebuilt rule editing page', () => { |
Contributor
There was a problem hiding this comment.
nit:
Suggested change
| describe('navigation to the prebuilt rule editing page', () => { | |
| describe('navigation to the rule editing page', () => { |
Contributor
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
maximpn
added a commit
to maximpn/kibana
that referenced
this pull request
Sep 3, 2025
…lastic#232776) **Resolves: elastic#202068 ## Summary This PR implements [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md). ## Details The major part of the [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md) had been implemented already so this PR adds missing test scenario implementations and refactors the existing tests. In particular the following has been done - Prebuilt rules reverting customization test plan has been extracted - Existing prebuilt rule customization tests have been refactored to improve naming and remove duplicates - Test scenario implementations for missing base version have been added - Test scenario implementations for insufficient license have been added - Per field customization integration tests now also verify the customization can be reverted by saving original field value Extended test coverage is crucial for making sure changes suggested in elastic#230856 don't bring in new issues. ## Flaky test runner - [Prebuilt rule customization integration tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9251) (200 runs) - [Prebuilt rule customization e2e tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9254) (100 runs) (cherry picked from commit 57d96cf) # Conflicts: # x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/calculate_is_customized.ts # x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/calculate_is_customized.ts # x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/customize_prebuilt_rules.ts
maximpn
added a commit
to maximpn/kibana
that referenced
this pull request
Sep 4, 2025
…lastic#232776) **Resolves: elastic#202068 ## Summary This PR implements [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md). ## Details The major part of the [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md) had been implemented already so this PR adds missing test scenario implementations and refactors the existing tests. In particular the following has been done - Prebuilt rules reverting customization test plan has been extracted - Existing prebuilt rule customization tests have been refactored to improve naming and remove duplicates - Test scenario implementations for missing base version have been added - Test scenario implementations for insufficient license have been added - Per field customization integration tests now also verify the customization can be reverted by saving original field value Extended test coverage is crucial for making sure changes suggested in elastic#230856 don't bring in new issues. ## Flaky test runner - [Prebuilt rule customization integration tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9251) (200 runs) - [Prebuilt rule customization e2e tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9254) (100 runs) (cherry picked from commit 57d96cf) # Conflicts: # x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md # x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/customize_via_bulk_editing.ts # x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/calculate_is_customized.ts # x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/customize_via_bulk_editing.ts # x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/unable_to_customize_via_bulk_editing.ts # x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/calculate_is_customized.ts # x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/customize_prebuilt_rules.ts # x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/detect_customization_with_base_version.ts # x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/detect_customization_without_base_version.ts # x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/unaffected_fields.ts # x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/customization/rule_customization.cy.ts # x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/customization/rule_customization_basic_license.cy.ts
Contributor
Author
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
maximpn
added a commit
to maximpn/kibana
that referenced
this pull request
Sep 4, 2025
…lastic#232776) **Resolves: elastic#202068 ## Summary This PR implements [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md). ## Details The major part of the [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md) had been implemented already so this PR adds missing test scenario implementations and refactors the existing tests. In particular the following has been done - Prebuilt rules reverting customization test plan has been extracted - Existing prebuilt rule customization tests have been refactored to improve naming and remove duplicates - Test scenario implementations for missing base version have been added - Test scenario implementations for insufficient license have been added - Per field customization integration tests now also verify the customization can be reverted by saving original field value Extended test coverage is crucial for making sure changes suggested in elastic#230856 don't bring in new issues. ## Flaky test runner - [Prebuilt rule customization integration tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9251) (200 runs) - [Prebuilt rule customization e2e tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9254) (100 runs) (cherry picked from commit 57d96cf) # Conflicts: # x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md # x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/customize_via_bulk_editing.ts # x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/calculate_is_customized.ts # x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/customize_via_bulk_editing.ts # x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/unable_to_customize_via_bulk_editing.ts # x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/calculate_is_customized.ts # x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/customize_prebuilt_rules.ts # x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/detect_customization_with_base_version.ts # x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/detect_customization_without_base_version.ts # x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/unaffected_fields.ts # x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/customization/rule_customization.cy.ts # x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/customization/rule_customization_basic_license.cy.ts
ymao1
pushed a commit
to ymao1/kibana
that referenced
this pull request
Sep 4, 2025
…lastic#232776) **Resolves: elastic#202068 ## Summary This PR implements [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md). ## Details The major part of the [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md) had been implemented already so this PR adds missing test scenario implementations and refactors the existing tests. In particular the following has been done - Prebuilt rules reverting customization test plan has been extracted - Existing prebuilt rule customization tests have been refactored to improve naming and remove duplicates - Test scenario implementations for missing base version have been added - Test scenario implementations for insufficient license have been added - Per field customization integration tests now also verify the customization can be reverted by saving original field value Extended test coverage is crucial for making sure changes suggested in elastic#230856 don't bring in new issues. ## Flaky test runner - [Prebuilt rule customization integration tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9251) (200 runs) - [Prebuilt rule customization e2e tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9254) (100 runs)
kibanamachine
added
the
backport missing
Contributor
|
Looks like this PR has backport PRs but they still haven't been merged. Please merge them ASAP to keep the branches relatively in sync. |
1 similar comment
Contributor
|
Looks like this PR has backport PRs but they still haven't been merged. Please merge them ASAP to keep the branches relatively in sync. |
Contributor
Author
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
maximpn
added a commit
to maximpn/kibana
that referenced
this pull request
Sep 9, 2025
…lastic#232776) **Resolves: elastic#202068 ## Summary This PR implements [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md). ## Details The major part of the [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md) had been implemented already so this PR adds missing test scenario implementations and refactors the existing tests. In particular the following has been done - Prebuilt rules reverting customization test plan has been extracted - Existing prebuilt rule customization tests have been refactored to improve naming and remove duplicates - Test scenario implementations for missing base version have been added - Test scenario implementations for insufficient license have been added - Per field customization integration tests now also verify the customization can be reverted by saving original field value Extended test coverage is crucial for making sure changes suggested in elastic#230856 don't bring in new issues. ## Flaky test runner - [Prebuilt rule customization integration tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9251) (200 runs) - [Prebuilt rule customization e2e tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9254) (100 runs) (cherry picked from commit 57d96cf) # Conflicts: # x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/calculate_is_customized.ts # x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/calculate_is_customized.ts # x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/customize_prebuilt_rules.ts
Contributor
|
Looks like this PR has backport PRs but they still haven't been merged. Please merge them ASAP to keep the branches relatively in sync. |
maximpn
added a commit
that referenced
this pull request
Sep 10, 2025
… plan (#232776) (#233905) # Backport This will backport the following commits from `main` to `9.1`: - [[Security Solution] Implement Prebuilt Rules Customization test plan (#232776)](#232776) <!--- Backport version: 10.0.1 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Maxim Palenov","email":"maxim.palenov@elastic.co"},"sourceCommit":{"committedDate":"2025-09-03T16:51:58Z","message":"[Security Solution] Implement Prebuilt Rules Customization test plan (#232776)\n\n**Resolves: https://github.com/elastic/kibana/issues/202068**\n\n## Summary\n\nThis PR implements [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md).\n\n## Details\n\nThe major part of the [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md) had been implemented already so this PR adds missing test scenario implementations and refactors the existing tests. In particular the following has been done\n\n- Prebuilt rules reverting customization test plan has been extracted\n- Existing prebuilt rule customization tests have been refactored to improve naming and remove duplicates\n- Test scenario implementations for missing base version have been added\n- Test scenario implementations for insufficient license have been added\n- Per field customization integration tests now also verify the customization can be reverted by saving original field value\n \nExtended test coverage is crucial for making sure changes suggested in #230856 don't bring in new issues.\n\n## Flaky test runner\n\n- [Prebuilt rule customization integration tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9251) (200 runs)\n- [Prebuilt rule customization e2e tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9254) (100 runs)","sha":"57d96cfbcbed8e0f33d874fd8f9494f71483548b","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["test","release_note:skip","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v9.2.0","v9.1.3","v8.19.3","v9.0.6","v8.18.6"],"title":"[Security Solution] Implement Prebuilt Rules Customization test plan","number":232776,"url":"https://github.com/elastic/kibana/pull/232776","mergeCommit":{"message":"[Security Solution] Implement Prebuilt Rules Customization test plan (#232776)\n\n**Resolves: https://github.com/elastic/kibana/issues/202068**\n\n## Summary\n\nThis PR implements [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md).\n\n## Details\n\nThe major part of the [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md) had been implemented already so this PR adds missing test scenario implementations and refactors the existing tests. In particular the following has been done\n\n- Prebuilt rules reverting customization test plan has been extracted\n- Existing prebuilt rule customization tests have been refactored to improve naming and remove duplicates\n- Test scenario implementations for missing base version have been added\n- Test scenario implementations for insufficient license have been added\n- Per field customization integration tests now also verify the customization can be reverted by saving original field value\n \nExtended test coverage is crucial for making sure changes suggested in #230856 don't bring in new issues.\n\n## Flaky test runner\n\n- [Prebuilt rule customization integration tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9251) (200 runs)\n- [Prebuilt rule customization e2e tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9254) (100 runs)","sha":"57d96cfbcbed8e0f33d874fd8f9494f71483548b"}},"sourceBranch":"main","suggestedTargetBranches":["9.1","8.19","9.0","8.18"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/232776","number":232776,"mergeCommit":{"message":"[Security Solution] Implement Prebuilt Rules Customization test plan (#232776)\n\n**Resolves: https://github.com/elastic/kibana/issues/202068**\n\n## Summary\n\nThis PR implements [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md).\n\n## Details\n\nThe major part of the [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md) had been implemented already so this PR adds missing test scenario implementations and refactors the existing tests. In particular the following has been done\n\n- Prebuilt rules reverting customization test plan has been extracted\n- Existing prebuilt rule customization tests have been refactored to improve naming and remove duplicates\n- Test scenario implementations for missing base version have been added\n- Test scenario implementations for insufficient license have been added\n- Per field customization integration tests now also verify the customization can be reverted by saving original field value\n \nExtended test coverage is crucial for making sure changes suggested in #230856 don't bring in new issues.\n\n## Flaky test runner\n\n- [Prebuilt rule customization integration tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9251) (200 runs)\n- [Prebuilt rule customization e2e tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9254) (100 runs)","sha":"57d96cfbcbed8e0f33d874fd8f9494f71483548b"}},{"branch":"9.1","label":"v9.1.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.0","label":"v9.0.6","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.6","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT-->
maximpn
added a commit
that referenced
this pull request
Sep 10, 2025
… plan (#232776) (#233952) # Backport This will backport the following commits from `main` to `9.0`: - [[Security Solution] Implement Prebuilt Rules Customization test plan (#232776)](#232776) <!--- Backport version: 10.0.1 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Maxim Palenov","email":"maxim.palenov@elastic.co"},"sourceCommit":{"committedDate":"2025-09-03T16:51:58Z","message":"[Security Solution] Implement Prebuilt Rules Customization test plan (#232776)\n\n**Resolves: https://github.com/elastic/kibana/issues/202068**\n\n## Summary\n\nThis PR implements [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md).\n\n## Details\n\nThe major part of the [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md) had been implemented already so this PR adds missing test scenario implementations and refactors the existing tests. In particular the following has been done\n\n- Prebuilt rules reverting customization test plan has been extracted\n- Existing prebuilt rule customization tests have been refactored to improve naming and remove duplicates\n- Test scenario implementations for missing base version have been added\n- Test scenario implementations for insufficient license have been added\n- Per field customization integration tests now also verify the customization can be reverted by saving original field value\n \nExtended test coverage is crucial for making sure changes suggested in #230856 don't bring in new issues.\n\n## Flaky test runner\n\n- [Prebuilt rule customization integration tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9251) (200 runs)\n- [Prebuilt rule customization e2e tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9254) (100 runs)","sha":"57d96cfbcbed8e0f33d874fd8f9494f71483548b","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["test","release_note:skip","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v9.2.0","v9.1.3","v8.19.3","v9.0.6","v8.18.6"],"title":"[Security Solution] Implement Prebuilt Rules Customization test plan","number":232776,"url":"https://github.com/elastic/kibana/pull/232776","mergeCommit":{"message":"[Security Solution] Implement Prebuilt Rules Customization test plan (#232776)\n\n**Resolves: https://github.com/elastic/kibana/issues/202068**\n\n## Summary\n\nThis PR implements [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md).\n\n## Details\n\nThe major part of the [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md) had been implemented already so this PR adds missing test scenario implementations and refactors the existing tests. In particular the following has been done\n\n- Prebuilt rules reverting customization test plan has been extracted\n- Existing prebuilt rule customization tests have been refactored to improve naming and remove duplicates\n- Test scenario implementations for missing base version have been added\n- Test scenario implementations for insufficient license have been added\n- Per field customization integration tests now also verify the customization can be reverted by saving original field value\n \nExtended test coverage is crucial for making sure changes suggested in #230856 don't bring in new issues.\n\n## Flaky test runner\n\n- [Prebuilt rule customization integration tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9251) (200 runs)\n- [Prebuilt rule customization e2e tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9254) (100 runs)","sha":"57d96cfbcbed8e0f33d874fd8f9494f71483548b"}},"sourceBranch":"main","suggestedTargetBranches":["9.1","8.19","9.0","8.18"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/232776","number":232776,"mergeCommit":{"message":"[Security Solution] Implement Prebuilt Rules Customization test plan (#232776)\n\n**Resolves: https://github.com/elastic/kibana/issues/202068**\n\n## Summary\n\nThis PR implements [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md).\n\n## Details\n\nThe major part of the [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md) had been implemented already so this PR adds missing test scenario implementations and refactors the existing tests. In particular the following has been done\n\n- Prebuilt rules reverting customization test plan has been extracted\n- Existing prebuilt rule customization tests have been refactored to improve naming and remove duplicates\n- Test scenario implementations for missing base version have been added\n- Test scenario implementations for insufficient license have been added\n- Per field customization integration tests now also verify the customization can be reverted by saving original field value\n \nExtended test coverage is crucial for making sure changes suggested in #230856 don't bring in new issues.\n\n## Flaky test runner\n\n- [Prebuilt rule customization integration tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9251) (200 runs)\n- [Prebuilt rule customization e2e tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9254) (100 runs)","sha":"57d96cfbcbed8e0f33d874fd8f9494f71483548b"}},{"branch":"9.1","label":"v9.1.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.0","label":"v9.0.6","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.6","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT-->
maximpn
added a commit
that referenced
this pull request
Sep 10, 2025
…t plan (#232776) (#234501) # Backport This will backport the following commits from `main` to `8.19`: - [[Security Solution] Implement Prebuilt Rules Customization test plan (#232776)](#232776) <!--- Backport version: 10.0.2 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Maxim Palenov","email":"maxim.palenov@elastic.co"},"sourceCommit":{"committedDate":"2025-09-03T16:51:58Z","message":"[Security Solution] Implement Prebuilt Rules Customization test plan (#232776)\n\n**Resolves: https://github.com/elastic/kibana/issues/202068**\n\n## Summary\n\nThis PR implements [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md).\n\n## Details\n\nThe major part of the [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md) had been implemented already so this PR adds missing test scenario implementations and refactors the existing tests. In particular the following has been done\n\n- Prebuilt rules reverting customization test plan has been extracted\n- Existing prebuilt rule customization tests have been refactored to improve naming and remove duplicates\n- Test scenario implementations for missing base version have been added\n- Test scenario implementations for insufficient license have been added\n- Per field customization integration tests now also verify the customization can be reverted by saving original field value\n \nExtended test coverage is crucial for making sure changes suggested in #230856 don't bring in new issues.\n\n## Flaky test runner\n\n- [Prebuilt rule customization integration tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9251) (200 runs)\n- [Prebuilt rule customization e2e tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9254) (100 runs)","sha":"57d96cfbcbed8e0f33d874fd8f9494f71483548b","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["test","release_note:skip","backport missing","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v9.2.0","v9.1.3","v8.19.3","v9.0.6","v8.18.6"],"title":"[Security Solution] Implement Prebuilt Rules Customization test plan","number":232776,"url":"https://github.com/elastic/kibana/pull/232776","mergeCommit":{"message":"[Security Solution] Implement Prebuilt Rules Customization test plan (#232776)\n\n**Resolves: https://github.com/elastic/kibana/issues/202068**\n\n## Summary\n\nThis PR implements [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md).\n\n## Details\n\nThe major part of the [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md) had been implemented already so this PR adds missing test scenario implementations and refactors the existing tests. In particular the following has been done\n\n- Prebuilt rules reverting customization test plan has been extracted\n- Existing prebuilt rule customization tests have been refactored to improve naming and remove duplicates\n- Test scenario implementations for missing base version have been added\n- Test scenario implementations for insufficient license have been added\n- Per field customization integration tests now also verify the customization can be reverted by saving original field value\n \nExtended test coverage is crucial for making sure changes suggested in #230856 don't bring in new issues.\n\n## Flaky test runner\n\n- [Prebuilt rule customization integration tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9251) (200 runs)\n- [Prebuilt rule customization e2e tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9254) (100 runs)","sha":"57d96cfbcbed8e0f33d874fd8f9494f71483548b"}},"sourceBranch":"main","suggestedTargetBranches":["8.19"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/232776","number":232776,"mergeCommit":{"message":"[Security Solution] Implement Prebuilt Rules Customization test plan (#232776)\n\n**Resolves: https://github.com/elastic/kibana/issues/202068**\n\n## Summary\n\nThis PR implements [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md).\n\n## Details\n\nThe major part of the [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md) had been implemented already so this PR adds missing test scenario implementations and refactors the existing tests. In particular the following has been done\n\n- Prebuilt rules reverting customization test plan has been extracted\n- Existing prebuilt rule customization tests have been refactored to improve naming and remove duplicates\n- Test scenario implementations for missing base version have been added\n- Test scenario implementations for insufficient license have been added\n- Per field customization integration tests now also verify the customization can be reverted by saving original field value\n \nExtended test coverage is crucial for making sure changes suggested in #230856 don't bring in new issues.\n\n## Flaky test runner\n\n- [Prebuilt rule customization integration tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9251) (200 runs)\n- [Prebuilt rule customization e2e tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9254) (100 runs)","sha":"57d96cfbcbed8e0f33d874fd8f9494f71483548b"}},{"branch":"9.1","label":"v9.1.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/233905","number":233905,"state":"OPEN"},{"branch":"8.19","label":"v8.19.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.0","label":"v9.0.6","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/233952","number":233952,"state":"OPEN"},{"branch":"8.18","label":"v8.18.6","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/233954","number":233954,"state":"OPEN"}]}] BACKPORT-->
maximpn
added a commit
that referenced
this pull request
Sep 10, 2025
…t plan (#232776) (#233954) # Backport This will backport the following commits from `main` to `8.18`: - [[Security Solution] Implement Prebuilt Rules Customization test plan (#232776)](#232776) <!--- Backport version: 10.0.1 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Maxim Palenov","email":"maxim.palenov@elastic.co"},"sourceCommit":{"committedDate":"2025-09-03T16:51:58Z","message":"[Security Solution] Implement Prebuilt Rules Customization test plan (#232776)\n\n**Resolves: https://github.com/elastic/kibana/issues/202068**\n\n## Summary\n\nThis PR implements [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md).\n\n## Details\n\nThe major part of the [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md) had been implemented already so this PR adds missing test scenario implementations and refactors the existing tests. In particular the following has been done\n\n- Prebuilt rules reverting customization test plan has been extracted\n- Existing prebuilt rule customization tests have been refactored to improve naming and remove duplicates\n- Test scenario implementations for missing base version have been added\n- Test scenario implementations for insufficient license have been added\n- Per field customization integration tests now also verify the customization can be reverted by saving original field value\n \nExtended test coverage is crucial for making sure changes suggested in #230856 don't bring in new issues.\n\n## Flaky test runner\n\n- [Prebuilt rule customization integration tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9251) (200 runs)\n- [Prebuilt rule customization e2e tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9254) (100 runs)","sha":"57d96cfbcbed8e0f33d874fd8f9494f71483548b","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["test","release_note:skip","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v9.2.0","v9.1.3","v8.19.3","v9.0.6","v8.18.6"],"title":"[Security Solution] Implement Prebuilt Rules Customization test plan","number":232776,"url":"https://github.com/elastic/kibana/pull/232776","mergeCommit":{"message":"[Security Solution] Implement Prebuilt Rules Customization test plan (#232776)\n\n**Resolves: https://github.com/elastic/kibana/issues/202068**\n\n## Summary\n\nThis PR implements [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md).\n\n## Details\n\nThe major part of the [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md) had been implemented already so this PR adds missing test scenario implementations and refactors the existing tests. In particular the following has been done\n\n- Prebuilt rules reverting customization test plan has been extracted\n- Existing prebuilt rule customization tests have been refactored to improve naming and remove duplicates\n- Test scenario implementations for missing base version have been added\n- Test scenario implementations for insufficient license have been added\n- Per field customization integration tests now also verify the customization can be reverted by saving original field value\n \nExtended test coverage is crucial for making sure changes suggested in #230856 don't bring in new issues.\n\n## Flaky test runner\n\n- [Prebuilt rule customization integration tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9251) (200 runs)\n- [Prebuilt rule customization e2e tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9254) (100 runs)","sha":"57d96cfbcbed8e0f33d874fd8f9494f71483548b"}},"sourceBranch":"main","suggestedTargetBranches":["9.1","8.19","9.0","8.18"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/232776","number":232776,"mergeCommit":{"message":"[Security Solution] Implement Prebuilt Rules Customization test plan (#232776)\n\n**Resolves: https://github.com/elastic/kibana/issues/202068**\n\n## Summary\n\nThis PR implements [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md).\n\n## Details\n\nThe major part of the [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md) had been implemented already so this PR adds missing test scenario implementations and refactors the existing tests. In particular the following has been done\n\n- Prebuilt rules reverting customization test plan has been extracted\n- Existing prebuilt rule customization tests have been refactored to improve naming and remove duplicates\n- Test scenario implementations for missing base version have been added\n- Test scenario implementations for insufficient license have been added\n- Per field customization integration tests now also verify the customization can be reverted by saving original field value\n \nExtended test coverage is crucial for making sure changes suggested in #230856 don't bring in new issues.\n\n## Flaky test runner\n\n- [Prebuilt rule customization integration tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9251) (200 runs)\n- [Prebuilt rule customization e2e tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9254) (100 runs)","sha":"57d96cfbcbed8e0f33d874fd8f9494f71483548b"}},{"branch":"9.1","label":"v9.1.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.0","label":"v9.0.6","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.6","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT-->
kibanamachine
added
v8.19.4
v8.18.7
and removed
backport missing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Resolves: #202068
Summary
This PR implements prebuilt rules customization test plan.
Details
The major part of the prebuilt rules customization test plan had been implemented already so this PR adds missing test scenario implementations and refactors the existing tests. In particular the following has been done
Extended test coverage is crucial for making sure changes suggested in #230856 don't bring in new issues.
Flaky test runner