[Security Solution] Implement rule customization license checks#206079
Merged
xcrzx merged 1 commit intoelastic:mainfrom Jan 29, 2025
xcrzx:licensing
Merged
[Security Solution] Implement rule customization license checks#206079xcrzx merged 1 commit intoelastic:mainfrom xcrzx:licensing
xcrzx merged 1 commit intoelastic:mainfrom
xcrzx:licensing
Conversation
Contributor
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
Contributor
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Contributor
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
jbudz
approved these changes
Jan 15, 2025
Contributor
jbudz
left a comment
There was a problem hiding this comment.
.buildkite/ftr_*_configs.yml LGTM
dhurley14
approved these changes
Jan 24, 2025
Contributor
dhurley14
left a comment
There was a problem hiding this comment.
detection engine changes LGTM just one nit.
...gins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_editing/index.tsx
Outdated
Show resolved
Hide resolved
Contributor
|
@xcrzx, thanks for the PR and the walkthrough you gave me over Zoom! While I'm still reviewing the code, here are my findings from the manual testing. I have thoroughly tested the changes locally under both ECH and Serverless with the feature flag on and off and with different licenses/tiers. Main scenarios outlined in the PR description work as expected.
There's an issue with showing "Modified" badges (which depend on
Also, we may want to add a line about prebuilt rule customizations to a modal that's displayed when you click on "revert to Basic license" button in ECH (Stack Mgmt -> License management) And I also noticed a copy issue in the bulk actions modal which is probably unrelated to your changes. I'll continue taking a look at the code. |
agusruidiazgd
approved these changes
Jan 28, 2025
Contributor
agusruidiazgd
left a comment
There was a problem hiding this comment.
LGTM from explore team
Contributor
Author
Hey @nikitaindik, thanks for looking into that. I've updated the logic to recalculate the
|
Contributor
💛 Build succeeded, but was flaky
Failed CI StepsTest FailuresMetrics [docs]Module Count
Async chunks
Page load bundle
History
cc @xcrzx |
nikitaindik
approved these changes
Jan 29, 2025
Contributor
nikitaindik
left a comment
There was a problem hiding this comment.
Thanks, @xcrzx! I have re-tested a few scenarios on ECH and Serverless and can confirm that the bug with is_customized I noticed earlier is fixed.
I have reviewed the code. Thanks for explaining me the bits I didn't fully understand.
I think this PR is good to go! 🎉
Contributor
|
Starting backport for target branches: 8.x |
Contributor
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
Contributor
Author
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
xcrzx
pushed a commit
that referenced
this pull request
Jan 30, 2025
…#206079) (#208893) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] Implement rule customization license checks (#206079)](#206079) <!--- Backport version: 9.6.4 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Dmitrii Shevchenko","email":"dmitrii.shevchenko@elastic.co"},"sourceCommit":{"committedDate":"2025-01-29T17:20:47Z","message":"[Security Solution] Implement rule customization license checks (#206079)\n\n**Resolves:** https://github.com/elastic/security-team/issues/10410\n\n## Summary\n\nWe want to make Rule Customization available at higher license tiers. \n\n### **Intended Workflows/UX** \n\n#### **Basic/Platinum/Security Essentials License Tiers** \n- **Editing Prebuilt Rules:** \n- Allow the 8.16 behavior: only actions, exceptions, snoozing, and\nenable/disable options can be modified.\n- On the rule editing page, all tabs except *Actions* are disabled.\nDisabled tabs will display a hover explanation:\n- \"Upgrade to Enterprise to enable prebuilt rule customization\" for ECH.\n- \"Upgrade to Security Complete to enable prebuilt rule customization\"\nfor Serverless.\n<img width=\"356\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/72e60933-aaaf-45a0-9660-4cd066d3afec\"\n/>\n\n- Rule editing via API is not restricted (tracked separately:\nhttps://github.com/elastic/security-team/issues/11504.\n\n- **Bulk Actions:** \n- Modifications to rule content via bulk actions are not allowed.\nPrebuilt rules are excluded from bulk actions if the license level is\ninsufficient. Users will see an explanation for the exclusion.\n - Serverless\n<img width=\"737\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/99fef72f-dd38-4c73-a9e3-7b4c8018b4ed\"\n/>\n - ECH\n\n- On the API level (`_bulk_action`), an error is returned if a user\ntries to modify a prebuilt rule without the required license. Response\nin this case looks like this:\n ```json\n {\n \"statusCode\": 500,\n \"error\": \"Internal Server Error\",\n \"message\": \"Bulk edit failed\",\n \"attributes\": {\n \"errors\": [\n {\n \"message\": \"Elastic rule can't be edited\",\n \"status_code\": 500,\n \"rules\": []\n }\n ]\n }\n }\n ```\n\n- **Rule Updates:** \n - Updates are restricted to Elastic’s incoming updates only. \n - The rule upgrade flyout is in read-only mode.\n<img width=\"949\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/16a56430-63e6-4096-8ffd-b97f828abdd4\"\n/>\n- For previously customized rules where customization is now disabled\ndue to insufficient licensing, a notification will appear on the upgrade\nflyout, clarifying that only an upgrade to Elastic's version is\navailable.\n\n\n- On the API level (`_perform`), only requests with `pick_version =\ntarget` are permitted. Requests with `rule.fields` values are not\nallowed.\n API response when `pick_version` is not `target`:\n ```json\n {\n\"message\": \"Only the 'TARGET' version can be selected for a rule update;\nreceived: 'CURRENT'\",\n \"status_code\": 400\n }\n ```\n API response when the `fields` value is provided:\n ```json\n {\n\"message\": \"Rule field customization is not allowed. Received fields:\nname, description\",\n \"status_code\": 400\n }\n ```\n\n- **Customized Rules:** \n- Existing customizations remain intact, and the “Modified” badge is\nretained\n - On the rule management, monitoring, and update tables:\n\n\n - On the rule update flyout:\n\n\n - On the rule details page:\n\n\n\n- When we edit a rule with customizations (e.g., change rule's actions),\nthe rule should stay marked as customized\n\n\n- **Import/Export Scenarios:** \n- These are handled separately\n(https://github.com/elastic/security-team/issues/11502)\n\n#### **Enterprise/Security Complete License Tiers** \n- All rules can be fully edited\n- Upgraded prebuilt or customized rules will have an editable view,\nenabling full customization","sha":"199378c60c5364a796f99d944989032d5f38bf6e","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","ui-copy","Feature:Prebuilt Detection Rules","backport:version","v8.18.0"],"title":"[Security Solution] Implement rule customization license checks","number":206079,"url":"https://github.com/elastic/kibana/pull/206079","mergeCommit":{"message":"[Security Solution] Implement rule customization license checks (#206079)\n\n**Resolves:** https://github.com/elastic/security-team/issues/10410\n\n## Summary\n\nWe want to make Rule Customization available at higher license tiers. \n\n### **Intended Workflows/UX** \n\n#### **Basic/Platinum/Security Essentials License Tiers** \n- **Editing Prebuilt Rules:** \n- Allow the 8.16 behavior: only actions, exceptions, snoozing, and\nenable/disable options can be modified.\n- On the rule editing page, all tabs except *Actions* are disabled.\nDisabled tabs will display a hover explanation:\n- \"Upgrade to Enterprise to enable prebuilt rule customization\" for ECH.\n- \"Upgrade to Security Complete to enable prebuilt rule customization\"\nfor Serverless.\n<img width=\"356\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/72e60933-aaaf-45a0-9660-4cd066d3afec\"\n/>\n\n- Rule editing via API is not restricted (tracked separately:\nhttps://github.com/elastic/security-team/issues/11504.\n\n- **Bulk Actions:** \n- Modifications to rule content via bulk actions are not allowed.\nPrebuilt rules are excluded from bulk actions if the license level is\ninsufficient. Users will see an explanation for the exclusion.\n - Serverless\n<img width=\"737\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/99fef72f-dd38-4c73-a9e3-7b4c8018b4ed\"\n/>\n - ECH\n\n- On the API level (`_bulk_action`), an error is returned if a user\ntries to modify a prebuilt rule without the required license. Response\nin this case looks like this:\n ```json\n {\n \"statusCode\": 500,\n \"error\": \"Internal Server Error\",\n \"message\": \"Bulk edit failed\",\n \"attributes\": {\n \"errors\": [\n {\n \"message\": \"Elastic rule can't be edited\",\n \"status_code\": 500,\n \"rules\": []\n }\n ]\n }\n }\n ```\n\n- **Rule Updates:** \n - Updates are restricted to Elastic’s incoming updates only. \n - The rule upgrade flyout is in read-only mode.\n<img width=\"949\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/16a56430-63e6-4096-8ffd-b97f828abdd4\"\n/>\n- For previously customized rules where customization is now disabled\ndue to insufficient licensing, a notification will appear on the upgrade\nflyout, clarifying that only an upgrade to Elastic's version is\navailable.\n\n\n- On the API level (`_perform`), only requests with `pick_version =\ntarget` are permitted. Requests with `rule.fields` values are not\nallowed.\n API response when `pick_version` is not `target`:\n ```json\n {\n\"message\": \"Only the 'TARGET' version can be selected for a rule update;\nreceived: 'CURRENT'\",\n \"status_code\": 400\n }\n ```\n API response when the `fields` value is provided:\n ```json\n {\n\"message\": \"Rule field customization is not allowed. Received fields:\nname, description\",\n \"status_code\": 400\n }\n ```\n\n- **Customized Rules:** \n- Existing customizations remain intact, and the “Modified” badge is\nretained\n - On the rule management, monitoring, and update tables:\n\n\n - On the rule update flyout:\n\n\n - On the rule details page:\n\n\n\n- When we edit a rule with customizations (e.g., change rule's actions),\nthe rule should stay marked as customized\n\n\n- **Import/Export Scenarios:** \n- These are handled separately\n(https://github.com/elastic/security-team/issues/11502)\n\n#### **Enterprise/Security Complete License Tiers** \n- All rules can be fully edited\n- Upgraded prebuilt or customized rules will have an editable view,\nenabling full customization","sha":"199378c60c5364a796f99d944989032d5f38bf6e"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/206079","number":206079,"mergeCommit":{"message":"[Security Solution] Implement rule customization license checks (#206079)\n\n**Resolves:** https://github.com/elastic/security-team/issues/10410\n\n## Summary\n\nWe want to make Rule Customization available at higher license tiers. \n\n### **Intended Workflows/UX** \n\n#### **Basic/Platinum/Security Essentials License Tiers** \n- **Editing Prebuilt Rules:** \n- Allow the 8.16 behavior: only actions, exceptions, snoozing, and\nenable/disable options can be modified.\n- On the rule editing page, all tabs except *Actions* are disabled.\nDisabled tabs will display a hover explanation:\n- \"Upgrade to Enterprise to enable prebuilt rule customization\" for ECH.\n- \"Upgrade to Security Complete to enable prebuilt rule customization\"\nfor Serverless.\n<img width=\"356\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/72e60933-aaaf-45a0-9660-4cd066d3afec\"\n/>\n\n- Rule editing via API is not restricted (tracked separately:\nhttps://github.com/elastic/security-team/issues/11504.\n\n- **Bulk Actions:** \n- Modifications to rule content via bulk actions are not allowed.\nPrebuilt rules are excluded from bulk actions if the license level is\ninsufficient. Users will see an explanation for the exclusion.\n - Serverless\n<img width=\"737\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/99fef72f-dd38-4c73-a9e3-7b4c8018b4ed\"\n/>\n - ECH\n\n- On the API level (`_bulk_action`), an error is returned if a user\ntries to modify a prebuilt rule without the required license. Response\nin this case looks like this:\n ```json\n {\n \"statusCode\": 500,\n \"error\": \"Internal Server Error\",\n \"message\": \"Bulk edit failed\",\n \"attributes\": {\n \"errors\": [\n {\n \"message\": \"Elastic rule can't be edited\",\n \"status_code\": 500,\n \"rules\": []\n }\n ]\n }\n }\n ```\n\n- **Rule Updates:** \n - Updates are restricted to Elastic’s incoming updates only. \n - The rule upgrade flyout is in read-only mode.\n<img width=\"949\" alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/16a56430-63e6-4096-8ffd-b97f828abdd4\"\n/>\n- For previously customized rules where customization is now disabled\ndue to insufficient licensing, a notification will appear on the upgrade\nflyout, clarifying that only an upgrade to Elastic's version is\navailable.\n\n\n- On the API level (`_perform`), only requests with `pick_version =\ntarget` are permitted. Requests with `rule.fields` values are not\nallowed.\n API response when `pick_version` is not `target`:\n ```json\n {\n\"message\": \"Only the 'TARGET' version can be selected for a rule update;\nreceived: 'CURRENT'\",\n \"status_code\": 400\n }\n ```\n API response when the `fields` value is provided:\n ```json\n {\n\"message\": \"Rule field customization is not allowed. Received fields:\nname, description\",\n \"status_code\": 400\n }\n ```\n\n- **Customized Rules:** \n- Existing customizations remain intact, and the “Modified” badge is\nretained\n - On the rule management, monitoring, and update tables:\n\n\n - On the rule update flyout:\n\n\n - On the rule details page:\n\n\n\n- When we edit a rule with customizations (e.g., change rule's actions),\nthe rule should stay marked as customized\n\n\n- **Import/Export Scenarios:** \n- These are handled separately\n(https://github.com/elastic/security-team/issues/11502)\n\n#### **Enterprise/Security Complete License Tiers** \n- All rules can be fully edited\n- Upgraded prebuilt or customized rules will have an editable view,\nenabling full customization","sha":"199378c60c5364a796f99d944989032d5f38bf6e"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT-->
nikitaindik
added a commit
that referenced
this pull request
Mar 24, 2025
…reflect licensing changes (#215008) **Partially addresses: #202068 **Related PR with licensing checks implementation: #206079 ## Summary This PR updates the Prebuilt Rule Customization test plan to reflect [recent changes](#206079) related to licensing. Changes to rule upgrade scenarios will be handled in a separate PR.
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Mar 24, 2025
…reflect licensing changes (elastic#215008) **Partially addresses: elastic#202068 **Related PR with licensing checks implementation: elastic#206079 ## Summary This PR updates the Prebuilt Rule Customization test plan to reflect [recent changes](elastic#206079) related to licensing. Changes to rule upgrade scenarios will be handled in a separate PR. (cherry picked from commit 2929f28)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Mar 24, 2025
…reflect licensing changes (elastic#215008) **Partially addresses: elastic#202068 **Related PR with licensing checks implementation: elastic#206079 ## Summary This PR updates the Prebuilt Rule Customization test plan to reflect [recent changes](elastic#206079) related to licensing. Changes to rule upgrade scenarios will be handled in a separate PR. (cherry picked from commit 2929f28)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Mar 24, 2025
…reflect licensing changes (elastic#215008) **Partially addresses: elastic#202068 **Related PR with licensing checks implementation: elastic#206079 ## Summary This PR updates the Prebuilt Rule Customization test plan to reflect [recent changes](elastic#206079) related to licensing. Changes to rule upgrade scenarios will be handled in a separate PR. (cherry picked from commit 2929f28)
kibanamachine
added a commit
that referenced
this pull request
Mar 24, 2025
…ns to reflect licensing changes (#215008) (#215730) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] Update prebuilt rule customization test plans to reflect licensing changes (#215008)](#215008) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Nikita Indik","email":"nikita.indik@elastic.co"},"sourceCommit":{"committedDate":"2025-03-24T14:50:34Z","message":"[Security Solution] Update prebuilt rule customization test plans to reflect licensing changes (#215008)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/202068**\n**Related PR with licensing checks implementation:\nhttps://github.com//pull/206079**\n\n## Summary\nThis PR updates the Prebuilt Rule Customization test plan to reflect\n[recent changes](#206079) related\nto licensing.\n\nChanges to rule upgrade scenarios will be handled in a separate PR.","sha":"2929f2857d585a6c1c60e09fc3616083527af410","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","test-plan","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security Solution] Update prebuilt rule customization test plans to reflect licensing changes","number":215008,"url":"https://github.com/elastic/kibana/pull/215008","mergeCommit":{"message":"[Security Solution] Update prebuilt rule customization test plans to reflect licensing changes (#215008)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/202068**\n**Related PR with licensing checks implementation:\nhttps://github.com//pull/206079**\n\n## Summary\nThis PR updates the Prebuilt Rule Customization test plan to reflect\n[recent changes](#206079) related\nto licensing.\n\nChanges to rule upgrade scenarios will be handled in a separate PR.","sha":"2929f2857d585a6c1c60e09fc3616083527af410"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/215008","number":215008,"mergeCommit":{"message":"[Security Solution] Update prebuilt rule customization test plans to reflect licensing changes (#215008)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/202068**\n**Related PR with licensing checks implementation:\nhttps://github.com//pull/206079**\n\n## Summary\nThis PR updates the Prebuilt Rule Customization test plan to reflect\n[recent changes](#206079) related\nto licensing.\n\nChanges to rule upgrade scenarios will be handled in a separate PR.","sha":"2929f2857d585a6c1c60e09fc3616083527af410"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Nikita Indik <nikita.indik@elastic.co>
kibanamachine
added a commit
that referenced
this pull request
Mar 24, 2025
…ans to reflect licensing changes (#215008) (#215727) # Backport This will backport the following commits from `main` to `8.18`: - [[Security Solution] Update prebuilt rule customization test plans to reflect licensing changes (#215008)](#215008) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Nikita Indik","email":"nikita.indik@elastic.co"},"sourceCommit":{"committedDate":"2025-03-24T14:50:34Z","message":"[Security Solution] Update prebuilt rule customization test plans to reflect licensing changes (#215008)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/202068**\n**Related PR with licensing checks implementation:\nhttps://github.com//pull/206079**\n\n## Summary\nThis PR updates the Prebuilt Rule Customization test plan to reflect\n[recent changes](#206079) related\nto licensing.\n\nChanges to rule upgrade scenarios will be handled in a separate PR.","sha":"2929f2857d585a6c1c60e09fc3616083527af410","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","test-plan","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security Solution] Update prebuilt rule customization test plans to reflect licensing changes","number":215008,"url":"https://github.com/elastic/kibana/pull/215008","mergeCommit":{"message":"[Security Solution] Update prebuilt rule customization test plans to reflect licensing changes (#215008)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/202068**\n**Related PR with licensing checks implementation:\nhttps://github.com//pull/206079**\n\n## Summary\nThis PR updates the Prebuilt Rule Customization test plan to reflect\n[recent changes](#206079) related\nto licensing.\n\nChanges to rule upgrade scenarios will be handled in a separate PR.","sha":"2929f2857d585a6c1c60e09fc3616083527af410"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/215008","number":215008,"mergeCommit":{"message":"[Security Solution] Update prebuilt rule customization test plans to reflect licensing changes (#215008)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/202068**\n**Related PR with licensing checks implementation:\nhttps://github.com//pull/206079**\n\n## Summary\nThis PR updates the Prebuilt Rule Customization test plan to reflect\n[recent changes](#206079) related\nto licensing.\n\nChanges to rule upgrade scenarios will be handled in a separate PR.","sha":"2929f2857d585a6c1c60e09fc3616083527af410"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Nikita Indik <nikita.indik@elastic.co>
kibanamachine
added a commit
that referenced
this pull request
Mar 24, 2025
…ns to reflect licensing changes (#215008) (#215731) # Backport This will backport the following commits from `main` to `9.0`: - [[Security Solution] Update prebuilt rule customization test plans to reflect licensing changes (#215008)](#215008) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Nikita Indik","email":"nikita.indik@elastic.co"},"sourceCommit":{"committedDate":"2025-03-24T14:50:34Z","message":"[Security Solution] Update prebuilt rule customization test plans to reflect licensing changes (#215008)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/202068**\n**Related PR with licensing checks implementation:\nhttps://github.com//pull/206079**\n\n## Summary\nThis PR updates the Prebuilt Rule Customization test plan to reflect\n[recent changes](#206079) related\nto licensing.\n\nChanges to rule upgrade scenarios will be handled in a separate PR.","sha":"2929f2857d585a6c1c60e09fc3616083527af410","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","test-plan","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security Solution] Update prebuilt rule customization test plans to reflect licensing changes","number":215008,"url":"https://github.com/elastic/kibana/pull/215008","mergeCommit":{"message":"[Security Solution] Update prebuilt rule customization test plans to reflect licensing changes (#215008)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/202068**\n**Related PR with licensing checks implementation:\nhttps://github.com//pull/206079**\n\n## Summary\nThis PR updates the Prebuilt Rule Customization test plan to reflect\n[recent changes](#206079) related\nto licensing.\n\nChanges to rule upgrade scenarios will be handled in a separate PR.","sha":"2929f2857d585a6c1c60e09fc3616083527af410"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/215008","number":215008,"mergeCommit":{"message":"[Security Solution] Update prebuilt rule customization test plans to reflect licensing changes (#215008)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/202068**\n**Related PR with licensing checks implementation:\nhttps://github.com//pull/206079**\n\n## Summary\nThis PR updates the Prebuilt Rule Customization test plan to reflect\n[recent changes](#206079) related\nto licensing.\n\nChanges to rule upgrade scenarios will be handled in a separate PR.","sha":"2929f2857d585a6c1c60e09fc3616083527af410"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Nikita Indik <nikita.indik@elastic.co>
JoseLuisGJ
pushed a commit
to JoseLuisGJ/kibana
that referenced
this pull request
Mar 24, 2025
…reflect licensing changes (elastic#215008) **Partially addresses: elastic#202068 **Related PR with licensing checks implementation: elastic#206079 ## Summary This PR updates the Prebuilt Rule Customization test plan to reflect [recent changes](elastic#206079) related to licensing. Changes to rule upgrade scenarios will be handled in a separate PR.
cqliu1
pushed a commit
to cqliu1/kibana
that referenced
this pull request
Mar 31, 2025
…reflect licensing changes (elastic#215008) **Partially addresses: elastic#202068 **Related PR with licensing checks implementation: elastic#206079 ## Summary This PR updates the Prebuilt Rule Customization test plan to reflect [recent changes](elastic#206079) related to licensing. Changes to rule upgrade scenarios will be handled in a separate PR.
nikitaindik
added a commit
that referenced
this pull request
May 30, 2025
…s to reflect licensing changes (#216003) **Partially addresses: #202068 **Related PR with licensing checks implementation: #206079 ## Summary This PR updates the Prebuilt Rule Upgrade and import/export test plans to reflect [recent changes](#206079) related to licensing. --------- Co-authored-by: Maxim Palenov <maxim.palenov@elastic.co>
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
May 30, 2025
…s to reflect licensing changes (elastic#216003) **Partially addresses: elastic#202068 **Related PR with licensing checks implementation: elastic#206079 ## Summary This PR updates the Prebuilt Rule Upgrade and import/export test plans to reflect [recent changes](elastic#206079) related to licensing. --------- Co-authored-by: Maxim Palenov <maxim.palenov@elastic.co> (cherry picked from commit 8f89803)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
May 30, 2025
…s to reflect licensing changes (elastic#216003) **Partially addresses: elastic#202068 **Related PR with licensing checks implementation: elastic#206079 ## Summary This PR updates the Prebuilt Rule Upgrade and import/export test plans to reflect [recent changes](elastic#206079) related to licensing. --------- Co-authored-by: Maxim Palenov <maxim.palenov@elastic.co> (cherry picked from commit 8f89803)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
May 30, 2025
…s to reflect licensing changes (elastic#216003) **Partially addresses: elastic#202068 **Related PR with licensing checks implementation: elastic#206079 ## Summary This PR updates the Prebuilt Rule Upgrade and import/export test plans to reflect [recent changes](elastic#206079) related to licensing. --------- Co-authored-by: Maxim Palenov <maxim.palenov@elastic.co> (cherry picked from commit 8f89803)
kibanamachine
added a commit
that referenced
this pull request
May 30, 2025
…t plans to reflect licensing changes (#216003) (#222055) # Backport This will backport the following commits from `main` to `9.0`: - [[Security Solution] Update prebuilt rule upgrade and import test plans to reflect licensing changes (#216003)](#216003) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Nikita Indik","email":"nikita.indik@elastic.co"},"sourceCommit":{"committedDate":"2025-05-30T13:21:57Z","message":"[Security Solution] Update prebuilt rule upgrade and import test plans to reflect licensing changes (#216003)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/202068**\n**Related PR with licensing checks implementation:\nhttps://github.com//pull/206079**\n\n## Summary\nThis PR updates the Prebuilt Rule Upgrade and import/export test plans\nto reflect [recent\nchanges](#206079) related to\nlicensing.\n\n---------\n\nCo-authored-by: Maxim Palenov <maxim.palenov@elastic.co>","sha":"8f898034f9225adf26e0a33ece24bb9c2b3c8199","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","test-plan","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security Solution] Update prebuilt rule upgrade and import test plans to reflect licensing changes","number":216003,"url":"https://github.com/elastic/kibana/pull/216003","mergeCommit":{"message":"[Security Solution] Update prebuilt rule upgrade and import test plans to reflect licensing changes (#216003)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/202068**\n**Related PR with licensing checks implementation:\nhttps://github.com//pull/206079**\n\n## Summary\nThis PR updates the Prebuilt Rule Upgrade and import/export test plans\nto reflect [recent\nchanges](#206079) related to\nlicensing.\n\n---------\n\nCo-authored-by: Maxim Palenov <maxim.palenov@elastic.co>","sha":"8f898034f9225adf26e0a33ece24bb9c2b3c8199"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.19"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/216003","number":216003,"mergeCommit":{"message":"[Security Solution] Update prebuilt rule upgrade and import test plans to reflect licensing changes (#216003)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/202068**\n**Related PR with licensing checks implementation:\nhttps://github.com//pull/206079**\n\n## Summary\nThis PR updates the Prebuilt Rule Upgrade and import/export test plans\nto reflect [recent\nchanges](#206079) related to\nlicensing.\n\n---------\n\nCo-authored-by: Maxim Palenov <maxim.palenov@elastic.co>","sha":"8f898034f9225adf26e0a33ece24bb9c2b3c8199"}},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Nikita Indik <nikita.indik@elastic.co> Co-authored-by: Maxim Palenov <maxim.palenov@elastic.co>
kibanamachine
added a commit
that referenced
this pull request
May 30, 2025
…st plans to reflect licensing changes (#216003) (#222053) # Backport This will backport the following commits from `main` to `8.18`: - [[Security Solution] Update prebuilt rule upgrade and import test plans to reflect licensing changes (#216003)](#216003) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Nikita Indik","email":"nikita.indik@elastic.co"},"sourceCommit":{"committedDate":"2025-05-30T13:21:57Z","message":"[Security Solution] Update prebuilt rule upgrade and import test plans to reflect licensing changes (#216003)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/202068**\n**Related PR with licensing checks implementation:\nhttps://github.com//pull/206079**\n\n## Summary\nThis PR updates the Prebuilt Rule Upgrade and import/export test plans\nto reflect [recent\nchanges](#206079) related to\nlicensing.\n\n---------\n\nCo-authored-by: Maxim Palenov <maxim.palenov@elastic.co>","sha":"8f898034f9225adf26e0a33ece24bb9c2b3c8199","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","test-plan","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security Solution] Update prebuilt rule upgrade and import test plans to reflect licensing changes","number":216003,"url":"https://github.com/elastic/kibana/pull/216003","mergeCommit":{"message":"[Security Solution] Update prebuilt rule upgrade and import test plans to reflect licensing changes (#216003)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/202068**\n**Related PR with licensing checks implementation:\nhttps://github.com//pull/206079**\n\n## Summary\nThis PR updates the Prebuilt Rule Upgrade and import/export test plans\nto reflect [recent\nchanges](#206079) related to\nlicensing.\n\n---------\n\nCo-authored-by: Maxim Palenov <maxim.palenov@elastic.co>","sha":"8f898034f9225adf26e0a33ece24bb9c2b3c8199"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.19"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/216003","number":216003,"mergeCommit":{"message":"[Security Solution] Update prebuilt rule upgrade and import test plans to reflect licensing changes (#216003)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/202068**\n**Related PR with licensing checks implementation:\nhttps://github.com//pull/206079**\n\n## Summary\nThis PR updates the Prebuilt Rule Upgrade and import/export test plans\nto reflect [recent\nchanges](#206079) related to\nlicensing.\n\n---------\n\nCo-authored-by: Maxim Palenov <maxim.palenov@elastic.co>","sha":"8f898034f9225adf26e0a33ece24bb9c2b3c8199"}},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Nikita Indik <nikita.indik@elastic.co> Co-authored-by: Maxim Palenov <maxim.palenov@elastic.co>
kibanamachine
added a commit
that referenced
this pull request
May 30, 2025
…st plans to reflect licensing changes (#216003) (#222054) # Backport This will backport the following commits from `main` to `8.19`: - [[Security Solution] Update prebuilt rule upgrade and import test plans to reflect licensing changes (#216003)](#216003) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Nikita Indik","email":"nikita.indik@elastic.co"},"sourceCommit":{"committedDate":"2025-05-30T13:21:57Z","message":"[Security Solution] Update prebuilt rule upgrade and import test plans to reflect licensing changes (#216003)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/202068**\n**Related PR with licensing checks implementation:\nhttps://github.com//pull/206079**\n\n## Summary\nThis PR updates the Prebuilt Rule Upgrade and import/export test plans\nto reflect [recent\nchanges](#206079) related to\nlicensing.\n\n---------\n\nCo-authored-by: Maxim Palenov <maxim.palenov@elastic.co>","sha":"8f898034f9225adf26e0a33ece24bb9c2b3c8199","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","test-plan","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security Solution] Update prebuilt rule upgrade and import test plans to reflect licensing changes","number":216003,"url":"https://github.com/elastic/kibana/pull/216003","mergeCommit":{"message":"[Security Solution] Update prebuilt rule upgrade and import test plans to reflect licensing changes (#216003)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/202068**\n**Related PR with licensing checks implementation:\nhttps://github.com//pull/206079**\n\n## Summary\nThis PR updates the Prebuilt Rule Upgrade and import/export test plans\nto reflect [recent\nchanges](#206079) related to\nlicensing.\n\n---------\n\nCo-authored-by: Maxim Palenov <maxim.palenov@elastic.co>","sha":"8f898034f9225adf26e0a33ece24bb9c2b3c8199"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.19"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/216003","number":216003,"mergeCommit":{"message":"[Security Solution] Update prebuilt rule upgrade and import test plans to reflect licensing changes (#216003)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/202068**\n**Related PR with licensing checks implementation:\nhttps://github.com//pull/206079**\n\n## Summary\nThis PR updates the Prebuilt Rule Upgrade and import/export test plans\nto reflect [recent\nchanges](#206079) related to\nlicensing.\n\n---------\n\nCo-authored-by: Maxim Palenov <maxim.palenov@elastic.co>","sha":"8f898034f9225adf26e0a33ece24bb9c2b3c8199"}},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Nikita Indik <nikita.indik@elastic.co> Co-authored-by: Maxim Palenov <maxim.palenov@elastic.co>
zacharyparikh
pushed a commit
to zacharyparikh/kibana
that referenced
this pull request
Jun 4, 2025
…s to reflect licensing changes (elastic#216003) **Partially addresses: elastic#202068 **Related PR with licensing checks implementation: elastic#206079 ## Summary This PR updates the Prebuilt Rule Upgrade and import/export test plans to reflect [recent changes](elastic#206079) related to licensing. --------- Co-authored-by: Maxim Palenov <maxim.palenov@elastic.co>
nickpeihl
pushed a commit
to nickpeihl/kibana
that referenced
this pull request
Jun 12, 2025
…s to reflect licensing changes (elastic#216003) **Partially addresses: elastic#202068 **Related PR with licensing checks implementation: elastic#206079 ## Summary This PR updates the Prebuilt Rule Upgrade and import/export test plans to reflect [recent changes](elastic#206079) related to licensing. --------- Co-authored-by: Maxim Palenov <maxim.palenov@elastic.co>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Resolves: https://github.com/elastic/security-team/issues/10410
Summary
We want to make Rule Customization available at higher license tiers.
Intended Workflows/UX
Basic/Platinum/Security Essentials License Tiers
Editing Prebuilt Rules:
Allow the 8.16 behavior: only actions, exceptions, snoozing, and enable/disable options can be modified.
On the rule editing page, all tabs except Actions are disabled. Disabled tabs will display a hover explanation:
Rule editing via API is not restricted (tracked separately: https://github.com/elastic/security-team/issues/11504.
Bulk Actions:
Modifications to rule content via bulk actions are not allowed. Prebuilt rules are excluded from bulk actions if the license level is insufficient. Users will see an explanation for the exclusion.
On the API level (
_bulk_action), an error is returned if a user tries to modify a prebuilt rule without the required license. Response in this case looks like this:{ "statusCode": 500, "error": "Internal Server Error", "message": "Bulk edit failed", "attributes": { "errors": [ { "message": "Elastic rule can't be edited", "status_code": 500, "rules": [] } ] } }Rule Updates:
_perform), only requests withpick_version = targetare permitted. Requests withrule.fieldsvalues are not allowed.API response when
pick_versionis nottarget:{ "message": "Only the 'TARGET' version can be selected for a rule update; received: 'CURRENT'", "status_code": 400 }fieldsvalue is provided:{ "message": "Rule field customization is not allowed. Received fields: name, description", "status_code": 400 }Customized Rules:
Existing customizations remain intact, and the “Modified” badge is retained
When we edit a rule with customizations (e.g., change rule's actions), the rule should stay marked as customized
Import/Export Scenarios:
Enterprise/Security Complete License Tiers