Skip to content

[Security Solution][Detections] Associate Endpoint Exceptions List to Rule during rule creation/update#71794

Merged
rylnd merged 3 commits intoelastic:masterfrom
rylnd:associate_endpoint_list_to_rule
Jul 15, 2020
Merged

[Security Solution][Detections] Associate Endpoint Exceptions List to Rule during rule creation/update#71794
rylnd merged 3 commits intoelastic:masterfrom
rylnd:associate_endpoint_list_to_rule

Conversation

@rylnd
Copy link
Copy Markdown
Contributor

@rylnd rylnd commented Jul 15, 2020
edited
Loading

Summary

This adds the following:

  • Checkbox to associate/dissociate a given rule with the global exceptions list on create/edit
  • Changes default stacking of the Alerts Histogram to be signal.rule.name
  • Fixes a react warning on the rule creation form(s)

TODO

Followup Actions:

For maintainers

rylnd added 3 commits July 14, 2020 18:29
@rylnd
Add checkbox to associate rule with global endpoint exception list
6ef36a7 
This works on creation, now we need edit.
@rylnd
Fix DomNesting error on ML Card Description
74d6bcf 
EuiText generates a div, but this is inside of an EuiCard which is a
paragraph. Defines a span with equivalent styles, instead.
@rylnd
Change default stack of alerts histogram to signal.rule.name
d0d46aa
@rylnd rylnd self-assigned this Jul 15, 2020
@rylnd rylnd changed the title [Security Solution][Detections] Associate Endpoint Exceptions List to Rule during rule creation [Security Solution][Detections] Associate Endpoint Exceptions List to Rule during rule creation/update Jul 15, 2020
@rylnd
Copy link
Copy Markdown
Contributor Author

rylnd commented Jul 15, 2020

@benskelker this adds the "Associate Global Endpoint Exception List" option to rule creation/update.

@kibanamachine
Copy link
Copy Markdown
Contributor

kibanamachine commented Jul 15, 2020

💚 Build Succeeded

Build metrics

‼️ unable to find a baseline build for [master@8da80fe]. Try merging the upstream branch and trying again.

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@rylnd rylnd marked this pull request as ready for review July 15, 2020 01:46
@rylnd rylnd requested review from a team as code owners July 15, 2020 01:46
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Jul 15, 2020

Pinging @elastic/siem (Team:SIEM)

spong
spong reviewed Jul 15, 2020
View reviewed changes
x-pack/plugins/security_solution/public/detections/components/alerts_histogram_panel/index.tsx
({
chartHeight,
defaultStackByOption = alertsHistogramOptions[0],
defaultStackByOption = alertsHistogramOptions[8], // signal.rule.name
Copy link
Copy Markdown
Member

@spong spong Jul 15, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! 🙂

spong
spong approved these changes Jul 15, 2020
View reviewed changes
Copy link
Copy Markdown
Member

@spong spong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks for the extra fixes here too @rylnd! 🙂

@rylnd rylnd merged commit cbe8f00 into elastic:master Jul 15, 2020
@rylnd rylnd deleted the associate_endpoint_list_to_rule branch July 15, 2020 02:28
@rylnd rylnd mentioned this pull request Jul 15, 2020
Merged
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jul 15, 2020
@gmmorris
Merge branch 'master' into alerting/consumer-based-rbac
6b090eb 
* master: (82 commits)
  Fixed the spacing of child accordion items for policy response dialog. (elastic#71677)
  [SECURITY] Timeline bug 7.9 (elastic#71748)
  use fixed isChromeVisible method (elastic#71813)
  [SIEM][Detection Engine][Lists] Adds specific endpoint_list REST API and API for abilities to auto-create the endpoint_list if it gets deleted (elastic#71792)
  [test] Skips flaky Saved Objects Management test
  [APM] Remove watcher integration (elastic#71655)
  [APM] Increase `xpack.apm.ui.transactionGroupBucketSize` (elastic#71661)
  [test] Skips Ingest Manager test preventing ES promotion
  [test] Skips flaky detection engine tests
  Revert "re-fix navigate path for master add SAML login to login_page (elastic#71337)"
  [tests] Temporarily skipped Fleet tests
  [test] Skipped monitoring test
  [Security Solution][Detections] Associate Endpoint Exceptions List to Rule during rule creation/update (elastic#71794)
  Add endpoint exception creation API validation (elastic#71791)
  Skip jest tests that timeout waiting for react (elastic#71801)
  [Security Solution][Exceptions] - Adds filtering to endpoint index patterns by exceptional fields (elastic#71757)
  [Reporting] Re-delete a file (elastic#71730)
  [Security Solution] [Detections] Fixes bug for determining when we hit max signals after filtering with lists (elastic#71768)
  [Ingest Manager] Better display of Fleet requirements (elastic#71686)
  [tests] Temporarily skipped to promote snapshot
  ...
cnasikas pushed a commit that referenced this pull request Jul 15, 2020
@rylnd @elasticmachine
[7.x] [Security Solution][Detections] Associate Endpoint Exceptions L…
0abba5b 
…ist to Rule during rule creation/update (#71794) (#71806)

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
@MindyRS MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Sep 23, 2021
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Sep 23, 2021

Pinging @elastic/security-solution (Team: SecuritySolution)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@spong spong spong approved these changes

Assignees

@rylnd rylnd

Labels

release_note:enhancement Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM v7.9.0 v8.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@rylnd @kibanamachine @elasticmachine @spong @MindyRS