[Security Solution] Installation review pagination: Backend#247375
Merged
nikitaindik merged 29 commits intoelastic:mainfrom Jan 15, 2026
Merged
[Security Solution] Installation review pagination: Backend#247375nikitaindik merged 29 commits intoelastic:mainfrom
nikitaindik merged 29 commits intoelastic:mainfrom
Conversation
nikitaindik
added
bug
Contributor
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
Contributor
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Contributor
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
maximpn
requested changes
Dec 30, 2025
Contributor
maximpn
left a comment
maximpn
left a comment
There was a problem hiding this comment.
@nikitaindik Thanks for making improvements in the prebuilt rules installation review API endpoint 👍
I left some comments regarding the implementation. There are some open questions we should clarify before merging this PR. On top of that the implementation could be simplified a bit so I left comments regarding this part as well.
...ty_solution/common/api/detection_engine/prebuilt_rules/common/prebuilt_rule_assets_filter.ts
Show resolved
Hide resolved
...tion/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_installation.md
Outdated
Show resolved
Hide resolved
...tion/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_installation.md
Outdated
Show resolved
Hide resolved
...ction_engine/prebuilt_rules/api/review_rule_installation/review_rule_installation_handler.ts
Outdated
Show resolved
Hide resolved
...ction_engine/prebuilt_rules/api/review_rule_installation/review_rule_installation_handler.ts
Outdated
Show resolved
Hide resolved
...esponse/rules_management/prebuilt_rules/common/install_prebuilt_rules/review_installation.ts
Show resolved
Hide resolved
...esponse/rules_management/prebuilt_rules/common/install_prebuilt_rules/review_installation.ts
Show resolved
Hide resolved
...esponse/rules_management/prebuilt_rules/common/install_prebuilt_rules/review_installation.ts
Show resolved
Hide resolved
...esponse/rules_management/prebuilt_rules/common/install_prebuilt_rules/review_installation.ts
Show resolved
Hide resolved
...esponse/rules_management/prebuilt_rules/common/install_prebuilt_rules/review_installation.ts
Outdated
Show resolved
Hide resolved
Contributor
|
@nikitaindik Going to review when @maximpn's comments are addressed and CI is green |
nikitaindik
force-pushed
the
installation-review-pagination-backend
branch
from
88d14d5 to
0251372
Compare
nikitaindik
commented
Jan 8, 2026
packages/kbn-check-saved-objects-cli/src/commands/tasks/create_baseline.ts
Show resolved
Hide resolved
nikitaindik
commented
Jan 8, 2026
packages/kbn-check-saved-objects-cli/src/snapshots/validate_changes.ts
Outdated
Show resolved
Hide resolved
Contributor
💔 Some backports could not be created
Note: Successful backport PRs will be merged automatically after passing CI. Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
2 tasks
nikitaindik
added a commit
to kibanamachine/kibana
that referenced
this pull request
Jan 17, 2026
…247375) **Partially addresses: elastic#241656** > **Note:** In this PR the endpoint is paginated, but `page` and `per_page` parameters are optional. If no pagination parameters are provided, it will return all rules at once (same as previous behavior). We want to release this PR first and then we'll make the pagination parameters required in a follow-up PR. ## Summary This PR adds pagination, sorting and filtering functionality to the prebuilt rules installation review endpoint (`internal/prebuilt_rules/installation/_review`) in accordance with the [API design proposal](https://docs.google.com/document/d/1AYlt8wJMoLD-V_owAd4qL-h76IOVnfDCZ77VNmmf-Ks/edit?usp=sharing) (internal). No changes to the front end in this PR. I will make frontend use backend-side pagination, sorting and filtering in a follow-up PR. ## Changes - Implemented pagination, sorting and filtering of prebuilt rules. `page` and `per_page` parameters are optional. If these parameters are not provided, endpoint will return all rules at once (same as previous behaviour). - Added mappings for more fields of `security-rule` SO: `name`, `tags`, `severity`, `risk_score` - Split Prebuilt Rule Assets client into multiple files, because it became to large - Updated existing Prebuilt Rule Assets client methods to use `savedObjectsClient.search` instead of `savedObjectsClient.find`. This allows to use the "terms" aggregation to fetch needed rules without having to work around the "max boolean clauses count reached" issue. - Covered the changes with integration tests according to the recently merged test plan ([PR](elastic#244804)) - Added a couple of new scenarios to test plans based on [suggestions](elastic#244804 (comment)) from @pborgonovi --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Jean-Louis Leysens <jloleysens@gmail.com> Co-authored-by: Gerard Soldevila <gerard.soldevila@elastic.co> (cherry picked from commit e1d9b59)
nikitaindik
added a commit
to nikitaindik/kibana
that referenced
this pull request
Jan 17, 2026
…247375) **Partially addresses: elastic#241656** > **Note:** In this PR the endpoint is paginated, but `page` and `per_page` parameters are optional. If no pagination parameters are provided, it will return all rules at once (same as previous behavior). We want to release this PR first and then we'll make the pagination parameters required in a follow-up PR. ## Summary This PR adds pagination, sorting and filtering functionality to the prebuilt rules installation review endpoint (`internal/prebuilt_rules/installation/_review`) in accordance with the [API design proposal](https://docs.google.com/document/d/1AYlt8wJMoLD-V_owAd4qL-h76IOVnfDCZ77VNmmf-Ks/edit?usp=sharing) (internal). No changes to the front end in this PR. I will make frontend use backend-side pagination, sorting and filtering in a follow-up PR. ## Changes - Implemented pagination, sorting and filtering of prebuilt rules. `page` and `per_page` parameters are optional. If these parameters are not provided, endpoint will return all rules at once (same as previous behaviour). - Added mappings for more fields of `security-rule` SO: `name`, `tags`, `severity`, `risk_score` - Split Prebuilt Rule Assets client into multiple files, because it became to large - Updated existing Prebuilt Rule Assets client methods to use `savedObjectsClient.search` instead of `savedObjectsClient.find`. This allows to use the "terms" aggregation to fetch needed rules without having to work around the "max boolean clauses count reached" issue. - Covered the changes with integration tests according to the recently merged test plan ([PR](elastic#244804)) - Added a couple of new scenarios to test plans based on [suggestions](elastic#244804 (comment)) from @pborgonovi --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Jean-Louis Leysens <jloleysens@gmail.com> Co-authored-by: Gerard Soldevila <gerard.soldevila@elastic.co> (cherry picked from commit e1d9b59) # Conflicts: # src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts # x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_installation/review_rule_installation_route.ts
nikitaindik
added a commit
to nikitaindik/kibana
that referenced
this pull request
Jan 17, 2026
…247375) **Partially addresses: elastic#241656** > **Note:** In this PR the endpoint is paginated, but `page` and `per_page` parameters are optional. If no pagination parameters are provided, it will return all rules at once (same as previous behavior). We want to release this PR first and then we'll make the pagination parameters required in a follow-up PR. ## Summary This PR adds pagination, sorting and filtering functionality to the prebuilt rules installation review endpoint (`internal/prebuilt_rules/installation/_review`) in accordance with the [API design proposal](https://docs.google.com/document/d/1AYlt8wJMoLD-V_owAd4qL-h76IOVnfDCZ77VNmmf-Ks/edit?usp=sharing) (internal). No changes to the front end in this PR. I will make frontend use backend-side pagination, sorting and filtering in a follow-up PR. ## Changes - Implemented pagination, sorting and filtering of prebuilt rules. `page` and `per_page` parameters are optional. If these parameters are not provided, endpoint will return all rules at once (same as previous behaviour). - Added mappings for more fields of `security-rule` SO: `name`, `tags`, `severity`, `risk_score` - Split Prebuilt Rule Assets client into multiple files, because it became to large - Updated existing Prebuilt Rule Assets client methods to use `savedObjectsClient.search` instead of `savedObjectsClient.find`. This allows to use the "terms" aggregation to fetch needed rules without having to work around the "max boolean clauses count reached" issue. - Covered the changes with integration tests according to the recently merged test plan ([PR](elastic#244804)) - Added a couple of new scenarios to test plans based on [suggestions](elastic#244804 (comment)) from @pborgonovi --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Jean-Louis Leysens <jloleysens@gmail.com> Co-authored-by: Gerard Soldevila <gerard.soldevila@elastic.co> (cherry picked from commit e1d9b59) # Conflicts: # src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts # x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_installation/review_rule_installation_route.ts # x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/constants.ts # x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/utils/rules/prebuilt_rules/review_install_prebuilt_rules.ts
Contributor
Author
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
nikitaindik
added a commit
to kibanamachine/kibana
that referenced
this pull request
Jan 19, 2026
…247375) **Partially addresses: elastic#241656** > **Note:** In this PR the endpoint is paginated, but `page` and `per_page` parameters are optional. If no pagination parameters are provided, it will return all rules at once (same as previous behavior). We want to release this PR first and then we'll make the pagination parameters required in a follow-up PR. ## Summary This PR adds pagination, sorting and filtering functionality to the prebuilt rules installation review endpoint (`internal/prebuilt_rules/installation/_review`) in accordance with the [API design proposal](https://docs.google.com/document/d/1AYlt8wJMoLD-V_owAd4qL-h76IOVnfDCZ77VNmmf-Ks/edit?usp=sharing) (internal). No changes to the front end in this PR. I will make frontend use backend-side pagination, sorting and filtering in a follow-up PR. ## Changes - Implemented pagination, sorting and filtering of prebuilt rules. `page` and `per_page` parameters are optional. If these parameters are not provided, endpoint will return all rules at once (same as previous behaviour). - Added mappings for more fields of `security-rule` SO: `name`, `tags`, `severity`, `risk_score` - Split Prebuilt Rule Assets client into multiple files, because it became to large - Updated existing Prebuilt Rule Assets client methods to use `savedObjectsClient.search` instead of `savedObjectsClient.find`. This allows to use the "terms" aggregation to fetch needed rules without having to work around the "max boolean clauses count reached" issue. - Covered the changes with integration tests according to the recently merged test plan ([PR](elastic#244804)) - Added a couple of new scenarios to test plans based on [suggestions](elastic#244804 (comment)) from @pborgonovi --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Jean-Louis Leysens <jloleysens@gmail.com> Co-authored-by: Gerard Soldevila <gerard.soldevila@elastic.co> (cherry picked from commit e1d9b59)
kibanamachine
added a commit
that referenced
this pull request
Jan 19, 2026
…47375) (#249181) # Backport This will backport the following commits from `main` to `9.3`: - [[Security Solution] Installation review pagination: Backend (#247375)](#247375) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Nikita Indik","email":"nikita.indik@elastic.co"},"sourceCommit":{"committedDate":"2026-01-15T12:15:08Z","message":"[Security Solution] Installation review pagination: Backend (#247375)\n\n**Partially addresses: #241656**\n\n> **Note:** In this PR the endpoint is paginated, but `page` and\n`per_page` parameters are optional. If no pagination parameters are\nprovided, it will return all rules at once (same as previous behavior).\nWe want to release this PR first and then we'll make the pagination\nparameters required in a follow-up PR.\n\n## Summary\n\nThis PR adds pagination, sorting and filtering functionality to the\nprebuilt rules installation review endpoint\n(`internal/prebuilt_rules/installation/_review`) in accordance with the\n[API design\nproposal](https://docs.google.com/document/d/1AYlt8wJMoLD-V_owAd4qL-h76IOVnfDCZ77VNmmf-Ks/edit?usp=sharing)\n(internal).\n\nNo changes to the front end in this PR. I will make frontend use\nbackend-side pagination, sorting and filtering in a follow-up PR.\n\n## Changes\n- Implemented pagination, sorting and filtering of prebuilt rules.\n`page` and `per_page` parameters are optional. If these parameters are\nnot provided, endpoint will return all rules at once (same as previous\nbehaviour).\n- Added mappings for more fields of `security-rule` SO: `name`, `tags`,\n`severity`, `risk_score`\n- Split Prebuilt Rule Assets client into multiple files, because it\nbecame to large\n- Updated existing Prebuilt Rule Assets client methods to use\n`savedObjectsClient.search` instead of `savedObjectsClient.find`. This\nallows to use the \"terms\" aggregation to fetch needed rules without\nhaving to work around the \"max boolean clauses count reached\" issue.\n- Covered the changes with integration tests according to the recently\nmerged test plan ([PR](https://github.com/elastic/kibana/pull/244804))\n- Added a couple of new scenarios to test plans based on\n[suggestions](https://github.com/elastic/kibana/pull/244804#issuecomment-3634810653)\nfrom @pborgonovi\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Jean-Louis Leysens <jloleysens@gmail.com>\nCo-authored-by: Gerard Soldevila <gerard.soldevila@elastic.co>","sha":"e1d9b5969dfdaddbbd922b48742181e1de23275a","branchLabelMapping":{"^v9.4.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","performance","release_note:skip","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v9.3.0","v9.4.0","v9.2.5","v8.19.11"],"title":"[Security Solution] Installation review pagination: Backend","number":247375,"url":"https://github.com/elastic/kibana/pull/247375","mergeCommit":{"message":"[Security Solution] Installation review pagination: Backend (#247375)\n\n**Partially addresses: #241656**\n\n> **Note:** In this PR the endpoint is paginated, but `page` and\n`per_page` parameters are optional. If no pagination parameters are\nprovided, it will return all rules at once (same as previous behavior).\nWe want to release this PR first and then we'll make the pagination\nparameters required in a follow-up PR.\n\n## Summary\n\nThis PR adds pagination, sorting and filtering functionality to the\nprebuilt rules installation review endpoint\n(`internal/prebuilt_rules/installation/_review`) in accordance with the\n[API design\nproposal](https://docs.google.com/document/d/1AYlt8wJMoLD-V_owAd4qL-h76IOVnfDCZ77VNmmf-Ks/edit?usp=sharing)\n(internal).\n\nNo changes to the front end in this PR. I will make frontend use\nbackend-side pagination, sorting and filtering in a follow-up PR.\n\n## Changes\n- Implemented pagination, sorting and filtering of prebuilt rules.\n`page` and `per_page` parameters are optional. If these parameters are\nnot provided, endpoint will return all rules at once (same as previous\nbehaviour).\n- Added mappings for more fields of `security-rule` SO: `name`, `tags`,\n`severity`, `risk_score`\n- Split Prebuilt Rule Assets client into multiple files, because it\nbecame to large\n- Updated existing Prebuilt Rule Assets client methods to use\n`savedObjectsClient.search` instead of `savedObjectsClient.find`. This\nallows to use the \"terms\" aggregation to fetch needed rules without\nhaving to work around the \"max boolean clauses count reached\" issue.\n- Covered the changes with integration tests according to the recently\nmerged test plan ([PR](https://github.com/elastic/kibana/pull/244804))\n- Added a couple of new scenarios to test plans based on\n[suggestions](https://github.com/elastic/kibana/pull/244804#issuecomment-3634810653)\nfrom @pborgonovi\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Jean-Louis Leysens <jloleysens@gmail.com>\nCo-authored-by: Gerard Soldevila <gerard.soldevila@elastic.co>","sha":"e1d9b5969dfdaddbbd922b48742181e1de23275a"}},"sourceBranch":"main","suggestedTargetBranches":["9.3","9.2","8.19"],"targetPullRequestStates":[{"branch":"9.3","label":"v9.3.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.4.0","branchLabelMappingKey":"^v9.4.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/247375","number":247375,"mergeCommit":{"message":"[Security Solution] Installation review pagination: Backend (#247375)\n\n**Partially addresses: #241656**\n\n> **Note:** In this PR the endpoint is paginated, but `page` and\n`per_page` parameters are optional. If no pagination parameters are\nprovided, it will return all rules at once (same as previous behavior).\nWe want to release this PR first and then we'll make the pagination\nparameters required in a follow-up PR.\n\n## Summary\n\nThis PR adds pagination, sorting and filtering functionality to the\nprebuilt rules installation review endpoint\n(`internal/prebuilt_rules/installation/_review`) in accordance with the\n[API design\nproposal](https://docs.google.com/document/d/1AYlt8wJMoLD-V_owAd4qL-h76IOVnfDCZ77VNmmf-Ks/edit?usp=sharing)\n(internal).\n\nNo changes to the front end in this PR. I will make frontend use\nbackend-side pagination, sorting and filtering in a follow-up PR.\n\n## Changes\n- Implemented pagination, sorting and filtering of prebuilt rules.\n`page` and `per_page` parameters are optional. If these parameters are\nnot provided, endpoint will return all rules at once (same as previous\nbehaviour).\n- Added mappings for more fields of `security-rule` SO: `name`, `tags`,\n`severity`, `risk_score`\n- Split Prebuilt Rule Assets client into multiple files, because it\nbecame to large\n- Updated existing Prebuilt Rule Assets client methods to use\n`savedObjectsClient.search` instead of `savedObjectsClient.find`. This\nallows to use the \"terms\" aggregation to fetch needed rules without\nhaving to work around the \"max boolean clauses count reached\" issue.\n- Covered the changes with integration tests according to the recently\nmerged test plan ([PR](https://github.com/elastic/kibana/pull/244804))\n- Added a couple of new scenarios to test plans based on\n[suggestions](https://github.com/elastic/kibana/pull/244804#issuecomment-3634810653)\nfrom @pborgonovi\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Jean-Louis Leysens <jloleysens@gmail.com>\nCo-authored-by: Gerard Soldevila <gerard.soldevila@elastic.co>","sha":"e1d9b5969dfdaddbbd922b48742181e1de23275a"}},{"branch":"9.2","label":"v9.2.5","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.11","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> --------- Co-authored-by: Nikita Indik <nikita.indik@elastic.co> Co-authored-by: Jean-Louis Leysens <jloleysens@gmail.com> Co-authored-by: Gerard Soldevila <gerard.soldevila@elastic.co>
kibanamachine
added
the
backport missing
Contributor
|
Looks like this PR has backport PRs but they still haven't been merged. Please merge them ASAP to keep the branches relatively in sync. |
1 similar comment
Contributor
|
Looks like this PR has backport PRs but they still haven't been merged. Please merge them ASAP to keep the branches relatively in sync. |
nikitaindik
added a commit
to nikitaindik/kibana
that referenced
this pull request
Jan 21, 2026
…247375) **Partially addresses: elastic#241656** > **Note:** In this PR the endpoint is paginated, but `page` and `per_page` parameters are optional. If no pagination parameters are provided, it will return all rules at once (same as previous behavior). We want to release this PR first and then we'll make the pagination parameters required in a follow-up PR. ## Summary This PR adds pagination, sorting and filtering functionality to the prebuilt rules installation review endpoint (`internal/prebuilt_rules/installation/_review`) in accordance with the [API design proposal](https://docs.google.com/document/d/1AYlt8wJMoLD-V_owAd4qL-h76IOVnfDCZ77VNmmf-Ks/edit?usp=sharing) (internal). No changes to the front end in this PR. I will make frontend use backend-side pagination, sorting and filtering in a follow-up PR. ## Changes - Implemented pagination, sorting and filtering of prebuilt rules. `page` and `per_page` parameters are optional. If these parameters are not provided, endpoint will return all rules at once (same as previous behaviour). - Added mappings for more fields of `security-rule` SO: `name`, `tags`, `severity`, `risk_score` - Split Prebuilt Rule Assets client into multiple files, because it became to large - Updated existing Prebuilt Rule Assets client methods to use `savedObjectsClient.search` instead of `savedObjectsClient.find`. This allows to use the "terms" aggregation to fetch needed rules without having to work around the "max boolean clauses count reached" issue. - Covered the changes with integration tests according to the recently merged test plan ([PR](elastic#244804)) - Added a couple of new scenarios to test plans based on [suggestions](elastic#244804 (comment)) from @pborgonovi --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Jean-Louis Leysens <jloleysens@gmail.com> Co-authored-by: Gerard Soldevila <gerard.soldevila@elastic.co> (cherry picked from commit e1d9b59) # Conflicts: # src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts # x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_installation/review_rule_installation_route.ts
nikitaindik
added a commit
to nikitaindik/kibana
that referenced
this pull request
Jan 21, 2026
…247375) **Partially addresses: elastic#241656** > **Note:** In this PR the endpoint is paginated, but `page` and `per_page` parameters are optional. If no pagination parameters are provided, it will return all rules at once (same as previous behavior). We want to release this PR first and then we'll make the pagination parameters required in a follow-up PR. ## Summary This PR adds pagination, sorting and filtering functionality to the prebuilt rules installation review endpoint (`internal/prebuilt_rules/installation/_review`) in accordance with the [API design proposal](https://docs.google.com/document/d/1AYlt8wJMoLD-V_owAd4qL-h76IOVnfDCZ77VNmmf-Ks/edit?usp=sharing) (internal). No changes to the front end in this PR. I will make frontend use backend-side pagination, sorting and filtering in a follow-up PR. ## Changes - Implemented pagination, sorting and filtering of prebuilt rules. `page` and `per_page` parameters are optional. If these parameters are not provided, endpoint will return all rules at once (same as previous behaviour). - Added mappings for more fields of `security-rule` SO: `name`, `tags`, `severity`, `risk_score` - Split Prebuilt Rule Assets client into multiple files, because it became to large - Updated existing Prebuilt Rule Assets client methods to use `savedObjectsClient.search` instead of `savedObjectsClient.find`. This allows to use the "terms" aggregation to fetch needed rules without having to work around the "max boolean clauses count reached" issue. - Covered the changes with integration tests according to the recently merged test plan ([PR](elastic#244804)) - Added a couple of new scenarios to test plans based on [suggestions](elastic#244804 (comment)) from @pborgonovi --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Jean-Louis Leysens <jloleysens@gmail.com> Co-authored-by: Gerard Soldevila <gerard.soldevila@elastic.co> (cherry picked from commit e1d9b59) # Conflicts: # src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts # x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_installation/review_rule_installation_route.ts # x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/constants.ts # x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/utils/rules/prebuilt_rules/review_install_prebuilt_rules.ts
Contributor
|
Looks like this PR has backport PRs but they still haven't been merged. Please merge them ASAP to keep the branches relatively in sync. |
nikitaindik
added a commit
that referenced
this pull request
Jan 21, 2026
**Partially addresses: #241656 **Backend PR: #247375 >⚠️ Note: This PR should be merged only when the [backend PR](#247375) is merged and released in Serverless (after Monday 19-Jan-2026). ## Summary This PR builds on top of the [backend PR](#247375) and adds frontend changes for the installation review pagination. ## Changes - If `page` parameter is not passed, it's defaulted to 1. If `per_page` parameter is not passed it's defaulted to 20. - UI code now sends `page` and `per_page` parameters. - Client-side sorting and filtering was removed. It now happens on the backend. - Added Cypress tests to match the test plan. - Refactored `reviewRuleInstallationHandler` to make it more readable, as suggested in the feedback for the backend PR.
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jan 21, 2026
…#248259) **Partially addresses: elastic#241656 **Backend PR: elastic#247375 >⚠️ Note: This PR should be merged only when the [backend PR](elastic#247375) is merged and released in Serverless (after Monday 19-Jan-2026). ## Summary This PR builds on top of the [backend PR](elastic#247375) and adds frontend changes for the installation review pagination. ## Changes - If `page` parameter is not passed, it's defaulted to 1. If `per_page` parameter is not passed it's defaulted to 20. - UI code now sends `page` and `per_page` parameters. - Client-side sorting and filtering was removed. It now happens on the backend. - Added Cypress tests to match the test plan. - Refactored `reviewRuleInstallationHandler` to make it more readable, as suggested in the feedback for the backend PR. (cherry picked from commit 2a85280)
kibanamachine
added a commit
that referenced
this pull request
Jan 21, 2026
…248259) (#249913) # Backport This will backport the following commits from `main` to `9.3`: - [[Security Solution] Installation review pagination: Frontend (#248259)](#248259) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Nikita Indik","email":"nikita.indik@elastic.co"},"sourceCommit":{"committedDate":"2026-01-21T16:24:33Z","message":"[Security Solution] Installation review pagination: Frontend (#248259)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/241656**\n**Backend PR: https://github.com/elastic/kibana/pull/247375**\n\n>⚠️ Note: This PR should be merged only when the [backend\nPR](#247375) is merged and\nreleased in Serverless (after Monday 19-Jan-2026).\n\n## Summary\nThis PR builds on top of the [backend\nPR](#247375) and adds frontend\nchanges for the installation review pagination.\n\n## Changes\n- If `page` parameter is not passed, it's defaulted to 1. If `per_page`\nparameter is not passed it's defaulted to 20.\n- UI code now sends `page` and `per_page` parameters.\n- Client-side sorting and filtering was removed. It now happens on the\nbackend.\n- Added Cypress tests to match the test plan.\n- Refactored `reviewRuleInstallationHandler` to make it more readable,\nas suggested in the feedback for the backend PR.","sha":"2a8528027e41a5e0f17e9e401d0926f516419360","branchLabelMapping":{"^v9.4.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","performance","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","ci:build-cloud-image","backport:version","v9.3.0","v9.4.0"],"title":"[Security Solution] Installation review pagination: Frontend","number":248259,"url":"https://github.com/elastic/kibana/pull/248259","mergeCommit":{"message":"[Security Solution] Installation review pagination: Frontend (#248259)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/241656**\n**Backend PR: https://github.com/elastic/kibana/pull/247375**\n\n>⚠️ Note: This PR should be merged only when the [backend\nPR](#247375) is merged and\nreleased in Serverless (after Monday 19-Jan-2026).\n\n## Summary\nThis PR builds on top of the [backend\nPR](#247375) and adds frontend\nchanges for the installation review pagination.\n\n## Changes\n- If `page` parameter is not passed, it's defaulted to 1. If `per_page`\nparameter is not passed it's defaulted to 20.\n- UI code now sends `page` and `per_page` parameters.\n- Client-side sorting and filtering was removed. It now happens on the\nbackend.\n- Added Cypress tests to match the test plan.\n- Refactored `reviewRuleInstallationHandler` to make it more readable,\nas suggested in the feedback for the backend PR.","sha":"2a8528027e41a5e0f17e9e401d0926f516419360"}},"sourceBranch":"main","suggestedTargetBranches":["9.3"],"targetPullRequestStates":[{"branch":"9.3","label":"v9.3.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.4.0","branchLabelMappingKey":"^v9.4.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/248259","number":248259,"mergeCommit":{"message":"[Security Solution] Installation review pagination: Frontend (#248259)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/241656**\n**Backend PR: https://github.com/elastic/kibana/pull/247375**\n\n>⚠️ Note: This PR should be merged only when the [backend\nPR](#247375) is merged and\nreleased in Serverless (after Monday 19-Jan-2026).\n\n## Summary\nThis PR builds on top of the [backend\nPR](#247375) and adds frontend\nchanges for the installation review pagination.\n\n## Changes\n- If `page` parameter is not passed, it's defaulted to 1. If `per_page`\nparameter is not passed it's defaulted to 20.\n- UI code now sends `page` and `per_page` parameters.\n- Client-side sorting and filtering was removed. It now happens on the\nbackend.\n- Added Cypress tests to match the test plan.\n- Refactored `reviewRuleInstallationHandler` to make it more readable,\nas suggested in the feedback for the backend PR.","sha":"2a8528027e41a5e0f17e9e401d0926f516419360"}}]}] BACKPORT--> Co-authored-by: Nikita Indik <nikita.indik@elastic.co>
nikitaindik
added a commit
that referenced
this pull request
Jan 22, 2026
…47375) (#249474) # Backport This will backport the following commits from `main` to `9.2`: - [[Security Solution] Installation review pagination: Backend (#247375)](#247375) <!--- Backport version: 10.2.0 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Nikita Indik","email":"nikita.indik@elastic.co"},"sourceCommit":{"committedDate":"2026-01-15T12:15:08Z","message":"[Security Solution] Installation review pagination: Backend (#247375)\n\n**Partially addresses: #241656**\n\n> **Note:** In this PR the endpoint is paginated, but `page` and\n`per_page` parameters are optional. If no pagination parameters are\nprovided, it will return all rules at once (same as previous behavior).\nWe want to release this PR first and then we'll make the pagination\nparameters required in a follow-up PR.\n\n## Summary\n\nThis PR adds pagination, sorting and filtering functionality to the\nprebuilt rules installation review endpoint\n(`internal/prebuilt_rules/installation/_review`) in accordance with the\n[API design\nproposal](https://docs.google.com/document/d/1AYlt8wJMoLD-V_owAd4qL-h76IOVnfDCZ77VNmmf-Ks/edit?usp=sharing)\n(internal).\n\nNo changes to the front end in this PR. I will make frontend use\nbackend-side pagination, sorting and filtering in a follow-up PR.\n\n## Changes\n- Implemented pagination, sorting and filtering of prebuilt rules.\n`page` and `per_page` parameters are optional. If these parameters are\nnot provided, endpoint will return all rules at once (same as previous\nbehaviour).\n- Added mappings for more fields of `security-rule` SO: `name`, `tags`,\n`severity`, `risk_score`\n- Split Prebuilt Rule Assets client into multiple files, because it\nbecame to large\n- Updated existing Prebuilt Rule Assets client methods to use\n`savedObjectsClient.search` instead of `savedObjectsClient.find`. This\nallows to use the \"terms\" aggregation to fetch needed rules without\nhaving to work around the \"max boolean clauses count reached\" issue.\n- Covered the changes with integration tests according to the recently\nmerged test plan ([PR](https://github.com/elastic/kibana/pull/244804))\n- Added a couple of new scenarios to test plans based on\n[suggestions](https://github.com/elastic/kibana/pull/244804#issuecomment-3634810653)\nfrom @pborgonovi\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Jean-Louis Leysens <jloleysens@gmail.com>\nCo-authored-by: Gerard Soldevila <gerard.soldevila@elastic.co>","sha":"e1d9b5969dfdaddbbd922b48742181e1de23275a","branchLabelMapping":{"^v9.4.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","performance","release_note:skip","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v9.3.0","v9.4.0","v9.2.5","v8.19.11"],"title":"[Security Solution] Installation review pagination: Backend","number":247375,"url":"https://github.com/elastic/kibana/pull/247375","mergeCommit":{"message":"[Security Solution] Installation review pagination: Backend (#247375)\n\n**Partially addresses: #241656**\n\n> **Note:** In this PR the endpoint is paginated, but `page` and\n`per_page` parameters are optional. If no pagination parameters are\nprovided, it will return all rules at once (same as previous behavior).\nWe want to release this PR first and then we'll make the pagination\nparameters required in a follow-up PR.\n\n## Summary\n\nThis PR adds pagination, sorting and filtering functionality to the\nprebuilt rules installation review endpoint\n(`internal/prebuilt_rules/installation/_review`) in accordance with the\n[API design\nproposal](https://docs.google.com/document/d/1AYlt8wJMoLD-V_owAd4qL-h76IOVnfDCZ77VNmmf-Ks/edit?usp=sharing)\n(internal).\n\nNo changes to the front end in this PR. I will make frontend use\nbackend-side pagination, sorting and filtering in a follow-up PR.\n\n## Changes\n- Implemented pagination, sorting and filtering of prebuilt rules.\n`page` and `per_page` parameters are optional. If these parameters are\nnot provided, endpoint will return all rules at once (same as previous\nbehaviour).\n- Added mappings for more fields of `security-rule` SO: `name`, `tags`,\n`severity`, `risk_score`\n- Split Prebuilt Rule Assets client into multiple files, because it\nbecame to large\n- Updated existing Prebuilt Rule Assets client methods to use\n`savedObjectsClient.search` instead of `savedObjectsClient.find`. This\nallows to use the \"terms\" aggregation to fetch needed rules without\nhaving to work around the \"max boolean clauses count reached\" issue.\n- Covered the changes with integration tests according to the recently\nmerged test plan ([PR](https://github.com/elastic/kibana/pull/244804))\n- Added a couple of new scenarios to test plans based on\n[suggestions](https://github.com/elastic/kibana/pull/244804#issuecomment-3634810653)\nfrom @pborgonovi\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Jean-Louis Leysens <jloleysens@gmail.com>\nCo-authored-by: Gerard Soldevila <gerard.soldevila@elastic.co>","sha":"e1d9b5969dfdaddbbd922b48742181e1de23275a"}},"sourceBranch":"main","suggestedTargetBranches":["9.2","8.19"],"targetPullRequestStates":[{"branch":"9.3","label":"v9.3.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/249181","number":249181,"state":"OPEN"},{"branch":"main","label":"v9.4.0","branchLabelMappingKey":"^v9.4.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/247375","number":247375,"mergeCommit":{"message":"[Security Solution] Installation review pagination: Backend (#247375)\n\n**Partially addresses: #241656**\n\n> **Note:** In this PR the endpoint is paginated, but `page` and\n`per_page` parameters are optional. If no pagination parameters are\nprovided, it will return all rules at once (same as previous behavior).\nWe want to release this PR first and then we'll make the pagination\nparameters required in a follow-up PR.\n\n## Summary\n\nThis PR adds pagination, sorting and filtering functionality to the\nprebuilt rules installation review endpoint\n(`internal/prebuilt_rules/installation/_review`) in accordance with the\n[API design\nproposal](https://docs.google.com/document/d/1AYlt8wJMoLD-V_owAd4qL-h76IOVnfDCZ77VNmmf-Ks/edit?usp=sharing)\n(internal).\n\nNo changes to the front end in this PR. I will make frontend use\nbackend-side pagination, sorting and filtering in a follow-up PR.\n\n## Changes\n- Implemented pagination, sorting and filtering of prebuilt rules.\n`page` and `per_page` parameters are optional. If these parameters are\nnot provided, endpoint will return all rules at once (same as previous\nbehaviour).\n- Added mappings for more fields of `security-rule` SO: `name`, `tags`,\n`severity`, `risk_score`\n- Split Prebuilt Rule Assets client into multiple files, because it\nbecame to large\n- Updated existing Prebuilt Rule Assets client methods to use\n`savedObjectsClient.search` instead of `savedObjectsClient.find`. This\nallows to use the \"terms\" aggregation to fetch needed rules without\nhaving to work around the \"max boolean clauses count reached\" issue.\n- Covered the changes with integration tests according to the recently\nmerged test plan ([PR](https://github.com/elastic/kibana/pull/244804))\n- Added a couple of new scenarios to test plans based on\n[suggestions](https://github.com/elastic/kibana/pull/244804#issuecomment-3634810653)\nfrom @pborgonovi\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Jean-Louis Leysens <jloleysens@gmail.com>\nCo-authored-by: Gerard Soldevila <gerard.soldevila@elastic.co>","sha":"e1d9b5969dfdaddbbd922b48742181e1de23275a"}},{"branch":"9.2","label":"v9.2.5","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.11","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
nikitaindik
added a commit
that referenced
this pull request
Jan 22, 2026
…247375) (#249475) # Backport This will backport the following commits from `main` to `8.19`: - [[Security Solution] Installation review pagination: Backend (#247375)](#247375) <!--- Backport version: 10.2.0 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Nikita Indik","email":"nikita.indik@elastic.co"},"sourceCommit":{"committedDate":"2026-01-15T12:15:08Z","message":"[Security Solution] Installation review pagination: Backend (#247375)\n\n**Partially addresses: #241656**\n\n> **Note:** In this PR the endpoint is paginated, but `page` and\n`per_page` parameters are optional. If no pagination parameters are\nprovided, it will return all rules at once (same as previous behavior).\nWe want to release this PR first and then we'll make the pagination\nparameters required in a follow-up PR.\n\n## Summary\n\nThis PR adds pagination, sorting and filtering functionality to the\nprebuilt rules installation review endpoint\n(`internal/prebuilt_rules/installation/_review`) in accordance with the\n[API design\nproposal](https://docs.google.com/document/d/1AYlt8wJMoLD-V_owAd4qL-h76IOVnfDCZ77VNmmf-Ks/edit?usp=sharing)\n(internal).\n\nNo changes to the front end in this PR. I will make frontend use\nbackend-side pagination, sorting and filtering in a follow-up PR.\n\n## Changes\n- Implemented pagination, sorting and filtering of prebuilt rules.\n`page` and `per_page` parameters are optional. If these parameters are\nnot provided, endpoint will return all rules at once (same as previous\nbehaviour).\n- Added mappings for more fields of `security-rule` SO: `name`, `tags`,\n`severity`, `risk_score`\n- Split Prebuilt Rule Assets client into multiple files, because it\nbecame to large\n- Updated existing Prebuilt Rule Assets client methods to use\n`savedObjectsClient.search` instead of `savedObjectsClient.find`. This\nallows to use the \"terms\" aggregation to fetch needed rules without\nhaving to work around the \"max boolean clauses count reached\" issue.\n- Covered the changes with integration tests according to the recently\nmerged test plan ([PR](https://github.com/elastic/kibana/pull/244804))\n- Added a couple of new scenarios to test plans based on\n[suggestions](https://github.com/elastic/kibana/pull/244804#issuecomment-3634810653)\nfrom @pborgonovi\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Jean-Louis Leysens <jloleysens@gmail.com>\nCo-authored-by: Gerard Soldevila <gerard.soldevila@elastic.co>","sha":"e1d9b5969dfdaddbbd922b48742181e1de23275a","branchLabelMapping":{"^v9.4.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","performance","release_note:skip","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v9.3.0","v9.4.0","v9.2.5","v8.19.11"],"title":"[Security Solution] Installation review pagination: Backend","number":247375,"url":"https://github.com/elastic/kibana/pull/247375","mergeCommit":{"message":"[Security Solution] Installation review pagination: Backend (#247375)\n\n**Partially addresses: #241656**\n\n> **Note:** In this PR the endpoint is paginated, but `page` and\n`per_page` parameters are optional. If no pagination parameters are\nprovided, it will return all rules at once (same as previous behavior).\nWe want to release this PR first and then we'll make the pagination\nparameters required in a follow-up PR.\n\n## Summary\n\nThis PR adds pagination, sorting and filtering functionality to the\nprebuilt rules installation review endpoint\n(`internal/prebuilt_rules/installation/_review`) in accordance with the\n[API design\nproposal](https://docs.google.com/document/d/1AYlt8wJMoLD-V_owAd4qL-h76IOVnfDCZ77VNmmf-Ks/edit?usp=sharing)\n(internal).\n\nNo changes to the front end in this PR. I will make frontend use\nbackend-side pagination, sorting and filtering in a follow-up PR.\n\n## Changes\n- Implemented pagination, sorting and filtering of prebuilt rules.\n`page` and `per_page` parameters are optional. If these parameters are\nnot provided, endpoint will return all rules at once (same as previous\nbehaviour).\n- Added mappings for more fields of `security-rule` SO: `name`, `tags`,\n`severity`, `risk_score`\n- Split Prebuilt Rule Assets client into multiple files, because it\nbecame to large\n- Updated existing Prebuilt Rule Assets client methods to use\n`savedObjectsClient.search` instead of `savedObjectsClient.find`. This\nallows to use the \"terms\" aggregation to fetch needed rules without\nhaving to work around the \"max boolean clauses count reached\" issue.\n- Covered the changes with integration tests according to the recently\nmerged test plan ([PR](https://github.com/elastic/kibana/pull/244804))\n- Added a couple of new scenarios to test plans based on\n[suggestions](https://github.com/elastic/kibana/pull/244804#issuecomment-3634810653)\nfrom @pborgonovi\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Jean-Louis Leysens <jloleysens@gmail.com>\nCo-authored-by: Gerard Soldevila <gerard.soldevila@elastic.co>","sha":"e1d9b5969dfdaddbbd922b48742181e1de23275a"}},"sourceBranch":"main","suggestedTargetBranches":["9.2","8.19"],"targetPullRequestStates":[{"branch":"9.3","label":"v9.3.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/249181","number":249181,"state":"OPEN"},{"branch":"main","label":"v9.4.0","branchLabelMappingKey":"^v9.4.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/247375","number":247375,"mergeCommit":{"message":"[Security Solution] Installation review pagination: Backend (#247375)\n\n**Partially addresses: #241656**\n\n> **Note:** In this PR the endpoint is paginated, but `page` and\n`per_page` parameters are optional. If no pagination parameters are\nprovided, it will return all rules at once (same as previous behavior).\nWe want to release this PR first and then we'll make the pagination\nparameters required in a follow-up PR.\n\n## Summary\n\nThis PR adds pagination, sorting and filtering functionality to the\nprebuilt rules installation review endpoint\n(`internal/prebuilt_rules/installation/_review`) in accordance with the\n[API design\nproposal](https://docs.google.com/document/d/1AYlt8wJMoLD-V_owAd4qL-h76IOVnfDCZ77VNmmf-Ks/edit?usp=sharing)\n(internal).\n\nNo changes to the front end in this PR. I will make frontend use\nbackend-side pagination, sorting and filtering in a follow-up PR.\n\n## Changes\n- Implemented pagination, sorting and filtering of prebuilt rules.\n`page` and `per_page` parameters are optional. If these parameters are\nnot provided, endpoint will return all rules at once (same as previous\nbehaviour).\n- Added mappings for more fields of `security-rule` SO: `name`, `tags`,\n`severity`, `risk_score`\n- Split Prebuilt Rule Assets client into multiple files, because it\nbecame to large\n- Updated existing Prebuilt Rule Assets client methods to use\n`savedObjectsClient.search` instead of `savedObjectsClient.find`. This\nallows to use the \"terms\" aggregation to fetch needed rules without\nhaving to work around the \"max boolean clauses count reached\" issue.\n- Covered the changes with integration tests according to the recently\nmerged test plan ([PR](https://github.com/elastic/kibana/pull/244804))\n- Added a couple of new scenarios to test plans based on\n[suggestions](https://github.com/elastic/kibana/pull/244804#issuecomment-3634810653)\nfrom @pborgonovi\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Jean-Louis Leysens <jloleysens@gmail.com>\nCo-authored-by: Gerard Soldevila <gerard.soldevila@elastic.co>","sha":"e1d9b5969dfdaddbbd922b48742181e1de23275a"}},{"branch":"9.2","label":"v9.2.5","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.11","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
kibanamachine
removed
the
backport missing
nikitaindik
added a commit
to nikitaindik/kibana
that referenced
this pull request
Jan 22, 2026
…#248259) **Partially addresses: elastic#241656 **Backend PR: elastic#247375 >⚠️ Note: This PR should be merged only when the [backend PR](elastic#247375) is merged and released in Serverless (after Monday 19-Jan-2026). ## Summary This PR builds on top of the [backend PR](elastic#247375) and adds frontend changes for the installation review pagination. ## Changes - If `page` parameter is not passed, it's defaulted to 1. If `per_page` parameter is not passed it's defaulted to 20. - UI code now sends `page` and `per_page` parameters. - Client-side sorting and filtering was removed. It now happens on the backend. - Added Cypress tests to match the test plan. - Refactored `reviewRuleInstallationHandler` to make it more readable, as suggested in the feedback for the backend PR. (cherry picked from commit 2a85280) # Conflicts: # x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/add_prebuilt_rules_table/add_prebuilt_rules_table_context.tsx # x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_installation/review_rule_installation_route.ts # x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/install_prebuilt_rules/review_installation.ts
nikitaindik
added a commit
to nikitaindik/kibana
that referenced
this pull request
Jan 22, 2026
…#248259) **Partially addresses: elastic#241656 **Backend PR: elastic#247375 >⚠️ Note: This PR should be merged only when the [backend PR](elastic#247375) is merged and released in Serverless (after Monday 19-Jan-2026). ## Summary This PR builds on top of the [backend PR](elastic#247375) and adds frontend changes for the installation review pagination. ## Changes - If `page` parameter is not passed, it's defaulted to 1. If `per_page` parameter is not passed it's defaulted to 20. - UI code now sends `page` and `per_page` parameters. - Client-side sorting and filtering was removed. It now happens on the backend. - Added Cypress tests to match the test plan. - Refactored `reviewRuleInstallationHandler` to make it more readable, as suggested in the feedback for the backend PR. (cherry picked from commit 2a85280) # Conflicts: # x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/add_prebuilt_rules_table/add_prebuilt_rules_table.tsx # x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/add_prebuilt_rules_table/add_prebuilt_rules_table_context.tsx # x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_installation/review_rule_installation_route.ts # x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/constants.ts # x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/install_prebuilt_rules/review_installation.ts
qn895
pushed a commit
to qn895/kibana
that referenced
this pull request
Jan 22, 2026
…#248259) **Partially addresses: elastic#241656 **Backend PR: elastic#247375 >⚠️ Note: This PR should be merged only when the [backend PR](elastic#247375) is merged and released in Serverless (after Monday 19-Jan-2026). ## Summary This PR builds on top of the [backend PR](elastic#247375) and adds frontend changes for the installation review pagination. ## Changes - If `page` parameter is not passed, it's defaulted to 1. If `per_page` parameter is not passed it's defaulted to 20. - UI code now sends `page` and `per_page` parameters. - Client-side sorting and filtering was removed. It now happens on the backend. - Added Cypress tests to match the test plan. - Refactored `reviewRuleInstallationHandler` to make it more readable, as suggested in the feedback for the backend PR.
dennis-tismenko
pushed a commit
to dennis-tismenko/kibana
that referenced
this pull request
Jan 22, 2026
…#248259) **Partially addresses: elastic#241656 **Backend PR: elastic#247375 >⚠️ Note: This PR should be merged only when the [backend PR](elastic#247375) is merged and released in Serverless (after Monday 19-Jan-2026). ## Summary This PR builds on top of the [backend PR](elastic#247375) and adds frontend changes for the installation review pagination. ## Changes - If `page` parameter is not passed, it's defaulted to 1. If `per_page` parameter is not passed it's defaulted to 20. - UI code now sends `page` and `per_page` parameters. - Client-side sorting and filtering was removed. It now happens on the backend. - Added Cypress tests to match the test plan. - Refactored `reviewRuleInstallationHandler` to make it more readable, as suggested in the feedback for the backend PR.
nikitaindik
added a commit
that referenced
this pull request
Jan 23, 2026
…248259) (#250009) # Backport This will backport the following commits from `main` to `9.2`: - [[Security Solution] Installation review pagination: Frontend (#248259)](#248259) <!--- Backport version: 10.2.0 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Nikita Indik","email":"nikita.indik@elastic.co"},"sourceCommit":{"committedDate":"2026-01-21T16:24:33Z","message":"[Security Solution] Installation review pagination: Frontend (#248259)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/241656**\n**Backend PR: https://github.com/elastic/kibana/pull/247375**\n\n>⚠️ Note: This PR should be merged only when the [backend\nPR](#247375) is merged and\nreleased in Serverless (after Monday 19-Jan-2026).\n\n## Summary\nThis PR builds on top of the [backend\nPR](#247375) and adds frontend\nchanges for the installation review pagination.\n\n## Changes\n- If `page` parameter is not passed, it's defaulted to 1. If `per_page`\nparameter is not passed it's defaulted to 20.\n- UI code now sends `page` and `per_page` parameters.\n- Client-side sorting and filtering was removed. It now happens on the\nbackend.\n- Added Cypress tests to match the test plan.\n- Refactored `reviewRuleInstallationHandler` to make it more readable,\nas suggested in the feedback for the backend PR.","sha":"2a8528027e41a5e0f17e9e401d0926f516419360","branchLabelMapping":{"^v9.4.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","performance","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","ci:build-cloud-image","backport:version","v9.3.0","v9.4.0","v9.2.5","v8.19.11"],"title":"[Security Solution] Installation review pagination: Frontend","number":248259,"url":"https://github.com/elastic/kibana/pull/248259","mergeCommit":{"message":"[Security Solution] Installation review pagination: Frontend (#248259)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/241656**\n**Backend PR: https://github.com/elastic/kibana/pull/247375**\n\n>⚠️ Note: This PR should be merged only when the [backend\nPR](#247375) is merged and\nreleased in Serverless (after Monday 19-Jan-2026).\n\n## Summary\nThis PR builds on top of the [backend\nPR](#247375) and adds frontend\nchanges for the installation review pagination.\n\n## Changes\n- If `page` parameter is not passed, it's defaulted to 1. If `per_page`\nparameter is not passed it's defaulted to 20.\n- UI code now sends `page` and `per_page` parameters.\n- Client-side sorting and filtering was removed. It now happens on the\nbackend.\n- Added Cypress tests to match the test plan.\n- Refactored `reviewRuleInstallationHandler` to make it more readable,\nas suggested in the feedback for the backend PR.","sha":"2a8528027e41a5e0f17e9e401d0926f516419360"}},"sourceBranch":"main","suggestedTargetBranches":["9.2","8.19"],"targetPullRequestStates":[{"branch":"9.3","label":"v9.3.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/249913","number":249913,"state":"MERGED","mergeCommit":{"sha":"b6297bbc54e274ced69eb9b28f63271c74808daa","message":"[9.3] [Security Solution] Installation review pagination: Frontend (#248259) (#249913)\n\n# Backport\n\nThis will backport the following commits from `main` to `9.3`:\n- [[Security Solution] Installation review pagination: Frontend\n(#248259)](https://github.com/elastic/kibana/pull/248259)\n\n\n\n### Questions ?\nPlease refer to the [Backport tool\ndocumentation](https://github.com/sorenlouv/backport)\n\n\n\nCo-authored-by: Nikita Indik <nikita.indik@elastic.co>"}},{"branch":"main","label":"v9.4.0","branchLabelMappingKey":"^v9.4.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/248259","number":248259,"mergeCommit":{"message":"[Security Solution] Installation review pagination: Frontend (#248259)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/241656**\n**Backend PR: https://github.com/elastic/kibana/pull/247375**\n\n>⚠️ Note: This PR should be merged only when the [backend\nPR](#247375) is merged and\nreleased in Serverless (after Monday 19-Jan-2026).\n\n## Summary\nThis PR builds on top of the [backend\nPR](#247375) and adds frontend\nchanges for the installation review pagination.\n\n## Changes\n- If `page` parameter is not passed, it's defaulted to 1. If `per_page`\nparameter is not passed it's defaulted to 20.\n- UI code now sends `page` and `per_page` parameters.\n- Client-side sorting and filtering was removed. It now happens on the\nbackend.\n- Added Cypress tests to match the test plan.\n- Refactored `reviewRuleInstallationHandler` to make it more readable,\nas suggested in the feedback for the backend PR.","sha":"2a8528027e41a5e0f17e9e401d0926f516419360"}},{"branch":"9.2","label":"v9.2.5","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.11","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT-->
nikitaindik
added a commit
that referenced
this pull request
Jan 23, 2026
…248259) (#250011) # Backport This will backport the following commits from `main` to `8.19`: - [[Security Solution] Installation review pagination: Frontend (#248259)](#248259) <!--- Backport version: 10.2.0 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Nikita Indik","email":"nikita.indik@elastic.co"},"sourceCommit":{"committedDate":"2026-01-21T16:24:33Z","message":"[Security Solution] Installation review pagination: Frontend (#248259)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/241656**\n**Backend PR: https://github.com/elastic/kibana/pull/247375**\n\n>⚠️ Note: This PR should be merged only when the [backend\nPR](#247375) is merged and\nreleased in Serverless (after Monday 19-Jan-2026).\n\n## Summary\nThis PR builds on top of the [backend\nPR](#247375) and adds frontend\nchanges for the installation review pagination.\n\n## Changes\n- If `page` parameter is not passed, it's defaulted to 1. If `per_page`\nparameter is not passed it's defaulted to 20.\n- UI code now sends `page` and `per_page` parameters.\n- Client-side sorting and filtering was removed. It now happens on the\nbackend.\n- Added Cypress tests to match the test plan.\n- Refactored `reviewRuleInstallationHandler` to make it more readable,\nas suggested in the feedback for the backend PR.","sha":"2a8528027e41a5e0f17e9e401d0926f516419360","branchLabelMapping":{"^v9.4.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","performance","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","ci:build-cloud-image","backport:version","v9.3.0","v9.4.0","v9.2.5","v8.19.11"],"title":"[Security Solution] Installation review pagination: Frontend","number":248259,"url":"https://github.com/elastic/kibana/pull/248259","mergeCommit":{"message":"[Security Solution] Installation review pagination: Frontend (#248259)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/241656**\n**Backend PR: https://github.com/elastic/kibana/pull/247375**\n\n>⚠️ Note: This PR should be merged only when the [backend\nPR](#247375) is merged and\nreleased in Serverless (after Monday 19-Jan-2026).\n\n## Summary\nThis PR builds on top of the [backend\nPR](#247375) and adds frontend\nchanges for the installation review pagination.\n\n## Changes\n- If `page` parameter is not passed, it's defaulted to 1. If `per_page`\nparameter is not passed it's defaulted to 20.\n- UI code now sends `page` and `per_page` parameters.\n- Client-side sorting and filtering was removed. It now happens on the\nbackend.\n- Added Cypress tests to match the test plan.\n- Refactored `reviewRuleInstallationHandler` to make it more readable,\nas suggested in the feedback for the backend PR.","sha":"2a8528027e41a5e0f17e9e401d0926f516419360"}},"sourceBranch":"main","suggestedTargetBranches":["9.2","8.19"],"targetPullRequestStates":[{"branch":"9.3","label":"v9.3.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/249913","number":249913,"state":"MERGED","mergeCommit":{"sha":"b6297bbc54e274ced69eb9b28f63271c74808daa","message":"[9.3] [Security Solution] Installation review pagination: Frontend (#248259) (#249913)\n\n# Backport\n\nThis will backport the following commits from `main` to `9.3`:\n- [[Security Solution] Installation review pagination: Frontend\n(#248259)](https://github.com/elastic/kibana/pull/248259)\n\n\n\n### Questions ?\nPlease refer to the [Backport tool\ndocumentation](https://github.com/sorenlouv/backport)\n\n\n\nCo-authored-by: Nikita Indik <nikita.indik@elastic.co>"}},{"branch":"main","label":"v9.4.0","branchLabelMappingKey":"^v9.4.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/248259","number":248259,"mergeCommit":{"message":"[Security Solution] Installation review pagination: Frontend (#248259)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/241656**\n**Backend PR: https://github.com/elastic/kibana/pull/247375**\n\n>⚠️ Note: This PR should be merged only when the [backend\nPR](#247375) is merged and\nreleased in Serverless (after Monday 19-Jan-2026).\n\n## Summary\nThis PR builds on top of the [backend\nPR](#247375) and adds frontend\nchanges for the installation review pagination.\n\n## Changes\n- If `page` parameter is not passed, it's defaulted to 1. If `per_page`\nparameter is not passed it's defaulted to 20.\n- UI code now sends `page` and `per_page` parameters.\n- Client-side sorting and filtering was removed. It now happens on the\nbackend.\n- Added Cypress tests to match the test plan.\n- Refactored `reviewRuleInstallationHandler` to make it more readable,\nas suggested in the feedback for the backend PR.","sha":"2a8528027e41a5e0f17e9e401d0926f516419360"}},{"branch":"9.2","label":"v9.2.5","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.11","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT-->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Partially addresses: #241656
Summary
This PR adds pagination, sorting and filtering functionality to the prebuilt rules installation review endpoint (
internal/prebuilt_rules/installation/_review) in accordance with the API design proposal (internal).No changes to the front end in this PR. I will make frontend use backend-side pagination, sorting and filtering in a follow-up PR.
Changes
pageandper_pageparameters are optional. If these parameters are not provided, endpoint will return all rules at once (same as previous behaviour).security-ruleSO:name,tags,severity,risk_scoresavedObjectsClient.searchinstead ofsavedObjectsClient.find. This allows to use the "terms" aggregation to fetch needed rules without having to work around the "max boolean clauses count reached" issue.