[Security] Adds field mapping support to rule creation Part II#71402
[Security] Adds field mapping support to rule creation Part II#71402spong merged 7 commits intoelastic:masterfrom
Conversation
…and fixes EditAboutStep rehydration
|
Pinging @elastic/siem (Team:SIEM) |
…ete for severityOverride, and fixes rule details description rollup
rylnd
left a comment
There was a problem hiding this comment.
Played around a bit with creating rules with overrides and things look to be working! Nothing's obviously broken, at least 😉 .
Thanks for improving those form components while you were in there 👍
|
|
||
| export const buildSeverityDescription = (severity: AboutStepSeverity): ListItems[] => [ | ||
| { | ||
| title: label, |
There was a problem hiding this comment.
Does this fix that UI warning about title being undefined?
There was a problem hiding this comment.
Yeah, I think that should take care of it. Was a little split on pulling in the i18n from the fields vs leveraging the forms schema label. I think it'll be best to use the label from the schema, but will need to re-work the data model for these complex fields once the hooksform fixes land.
| } else if (Array.isArray(get(field, data))) { | ||
| const values: string[] = get(field, data); | ||
| return buildStringArrayDescription(label, field, values); | ||
| // TODO: Add custom UI for Risk/Severity Mappings (and fix missing label) |
| import { AutocompleteFieldMatchComponent } from '../../../../common/components/autocomplete/field_value_match'; | ||
|
|
||
| const SeverityMappingParentContainer = styled(EuiFlexItem)` | ||
| max-width: 471px; |
There was a problem hiding this comment.
I want to work with @marrasherrier after the first BC to determine the best styling for the serverity/risk overrides, as it's a lot of fields bunched up together (and is hard to make sense of the longer field/values). This is just to lock the container in place with the left-most portion of the form row.
| expect(riskScore).toEqual({ riskScore: 57, riskScoreMeta: {} }); | ||
| }); | ||
|
|
||
| // TODO: Enhance... |
There was a problem hiding this comment.
Yeah, there are plenty of tests to write for exercising all the areas around building these mappings. I think I saw a situation where the io-ts type wasn't validating correctly and was getting risk scores > 100. So more to dig into here for sure. 🙂
💚 Build SucceededBuild metrics
History
To update your PR or re-run it, just comment with: |
… (#71775) ## Summary Followup to #70288, which includes: - [X] Rule Execution logic for: - [X] Severity Override - [X] Risk Score Override - [X] Rule Name Override - [X] Timestamp Override - [X] Support for toggling display of Building Block Rules: - [X] Main Detections Page - [X] Rule Details Page - [X] Integrates `AutocompleteField` for: - [X] Severity Override - [X] Risk Score Override - [X] Rule Name Override - [X] Timestamp Override - [X] Fixes rehydration of `EditAboutStep` in `Edit Rule` - [X] Fixes `Rule Details` Description rollup Additional followup cleanup: - [ ] Adds risk_score` to `risk_score_mapping` - [ ] Improves field validation - [ ] Disables override fields for ML Rules - [ ] Orders `SeverityMapping` by `severity` on create/update - [ ] Allow unbounded max-signals ### Checklist Delete any items that are not applicable to this PR. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md) - [ ] [Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials - Syncing w/ @benskelker - [X] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios ### For maintainers - [X] This was checked for breaking API changes and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Summary
Followup to #70288, which includes:
AutocompleteFieldfor:EditAboutStepinEdit RuleRule DetailsDescription rollupAdditional followup cleanup:
torisk_score_mapping`SeverityMappingbyseverityon create/updateChecklist
Delete any items that are not applicable to this PR.
For maintainers