Skip to content

[9.1] [Security Solution] Implement Prebuilt Rules Customization test plan (#232776)#233905

Merged
maximpn merged 2 commits intoelastic:9.1from
maximpn:backport/9.1/pr-232776
Sep 10, 2025
Merged

[9.1] [Security Solution] Implement Prebuilt Rules Customization test plan (#232776)#233905
maximpn merged 2 commits intoelastic:9.1from
maximpn:backport/9.1/pr-232776

Conversation

@maximpn
Copy link
Contributor

@maximpn maximpn commented Sep 3, 2025

Backport

This will backport the following commits from main to 9.1:

Questions ?

Please refer to the Backport tool documentation

@maximpn
[Security Solution] Implement Prebuilt Rules Customization test plan (e…
efa89ff 
…lastic#232776)

**Resolves: elastic#202068

## Summary

This PR implements [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md).

## Details

The major part of the [prebuilt rules customization test plan](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_customization.md) had been implemented already so this PR adds missing test scenario implementations and refactors the existing tests. In particular the following has been done

- Prebuilt rules reverting customization test plan has been extracted
- Existing prebuilt rule customization tests have been refactored to improve naming and remove duplicates
- Test scenario implementations for missing base version have been added
- Test scenario implementations for insufficient license have been added
- Per field customization integration tests now also verify the customization can be reverted by saving original field value

Extended test coverage is crucial for making sure changes suggested in elastic#230856 don't bring in new issues.

## Flaky test runner

- [Prebuilt rule customization integration tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9251) (200 runs)
- [Prebuilt rule customization e2e tests](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9254) (100 runs)

(cherry picked from commit 57d96cf)

# Conflicts:
#	x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/calculate_is_customized.ts
#	x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/calculate_is_customized.ts
#	x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/customize_prebuilt_rules.ts
@maximpn maximpn added the backport This PR is a backport of another PR label Sep 3, 2025
@maximpn maximpn enabled auto-merge (squash) September 3, 2025 17:20
@maximpn maximpn mentioned this pull request Sep 4, 2025
Merged
@elasticmachine
Copy link
Contributor

elasticmachine commented Sep 9, 2025

💚 Build Succeeded

Metrics [docs]

Saved Objects .kibana field count

Every field in each saved object type adds overhead to Elasticsearch. Kibana needs to keep the total field count below Elasticsearch's default limit of 1000 fields. Only specify field mappings for the fields you wish to search on or query. See https://www.elastic.co/guide/en/kibana/master/saved-objects-service.html#_mappings

id before after diff
_data_stream_timestamp 1 - -1
_doc_count 1 - -1
_ignored_source 1 - -1
_index_mode 1 - -1
_inference_fields 1 - -1
_tier 1 - -1
apm-custom-dashboards 5 - -5
apm-server-schema 2 - -2
apm-service-group 5 - -5
application_usage_daily 2 - -2
config 2 - -2
config-global 2 - -2
coreMigrationVersion 1 - -1
created_at 1 - -1
created_by 1 - -1
entity-definition 9 - -9
entity-discovery-api-key 2 - -2
event_loop_delays_daily 2 - -2
favorites 4 - -4
file 11 - -11
file-upload-usage-collection-telemetry 3 - -3
fileShare 5 - -5
guided-onboarding-guide-state 3 - -3
infra-custom-dashboards 4 - -4
infrastructure-monitoring-log-view 2 - -2
intercept_trigger_record 5 - -5
legacy-url-alias 7 - -7
managed 1 - -1
ml-job 6 - -6
ml-module 13 - -13
ml-trained-model 7 - -7
monitoring-telemetry 2 - -2
namespace 1 - -1
namespaces 1 - -1
observability-onboarding-state 2 - -2
originId 1 - -1
product-doc-install-status 7 - -7
references 4 - -4
sample-data-telemetry 3 - -3
security-ai-prompt 8 - -8
slo 11 - -11
space 5 - -5
synthetics-monitor 34 - -34
synthetics-monitor-multi-space 34 - -34
tag 4 - -4
type 1 - -1
typeMigrationVersion 1 - -1
ui-metric 2 - -2
updated_at 1 - -1
updated_by 1 - -1
upgrade-assistant-ml-upgrade-operation 3 - -3
upgrade-assistant-reindex-operation 3 - -3
uptime-synthetics-api-key 2 - -2
url 5 - -5
usage-counters 2 - -2
total -249

@maximpn maximpn merged commit 9e22251 into elastic:9.1 Sep 10, 2025
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dplumlee dplumlee dplumlee approved these changes

@kibanamachine kibanamachine Awaiting requested review from kibanamachine kibanamachine is a code owner

Assignees

No one assigned

Labels

backport This PR is a backport of another PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@maximpn @elasticmachine @dplumlee