Edit related_integrations field for custom rules in UI and API

[maximpn]

Description

There is a PR adding functionality to add and edit rule's related integrations. Currently related integrations are only hardcoded in Elastic prebuilt rules. Users can view them on rules details page. When the mentioned above PR is merged users will be able to add related integrations when creating a custom rule. On top of that users will be able to update related integrations when editing a rule.

Background & resources

• PRs: [Security Solution] Allow users to edit related_integrations field for custom rules kibana#178295
• Issues/metas: [Security Solution] Allow users to edit related_integrations field for custom rules kibana#173595
• Point of contact: @maximpn
• Test environments: https://maximpn-pr-178295-edit-related-integrations.kbndev.co/ (use default username and password)

Which documentation set does this change impact?

ESS and serverless

ESS release

8.15

Serverless release

Mon, 6th May 2024

Feature differences

The feature is identical in ESS/serverless.

API docs impact

The feature touched existing rule management endpoints. All endpoints will accept related integrations as well as return them. The followings APIs are affected

• Get rule GET /api/detection_engine/rules
• Create rule POST /api/detection_engine/rules
• Update rule PUT /api/detection_engine/rules
• Patch rule PATCH /api/detection_engine/rules
• Find rules GET /api/detection_engine/rules/_find
• Bulk create rules POST /api/detection_engine/rules/_bulk_create (endpoint is deprecated)
• Bulk update rules PUT /api/detection_engine/rules/_bulk_update (endpoint is deprecated)
• Bulk patch rules PATCH /api/detection_engine/rules/_bulk_update (endpoint is deprecated)
• Bulk actions POST /api/detection_engine/rules/_bulk_action
  • Edit rules
  • Export rules
  • Import rules
  • Rule response from bulk operations
• Import rules POST /api/detection_engine/rules/_import
• Export rules POST /api/detection_engine/rules/_export

Prerequisites, privileges, feature flags

There is not a feature flag for the feature.

---

### Tasks
- [x] https://github.com/elastic/staging-serverless-security-docs/pull/337
- [ ] https://github.com/elastic/security-docs/pull/5151
- [x] API docs (classic) — https://github.com/elastic/security-docs/pull/5183

[joepeeples]

@maximpn Thanks for creating the issue! Turnaround for serverless publishing is a little tighter than the 2 weeks that we typically need, but I think I can make it work.

@approksiu I wanted to point out that the estimated serverless and ESS/stateful release dates for this are pretty far apart: April 29 for serverless and months later on July 23 for the ESS release in 8.15.0. We don't currently have a way of announcing new features for serverless (no serverless "What's New" or even serverless release notes/changelog), so until 8.15 comes out, serverless customers might not know that there's a new feature unless they just stumble across it. Of course, we'll include it in the docs so they won't be without help, and maybe it's OK for something like this which is just a small part of a larger proper feature. It's just a really long gap, and not something we've dealt with before, so I wanted to at least call attention to it. Thanks!

[approksiu]

@joepeeples valid points! I think it's fine in this instance or for a few smaller features like this. The design team is working on new concepts that will address these concerns - we should be able to inform users about the features in UI in the future.

[maximpn]

Thanks for creating the issue! Turnaround for serverless publishing is a little tighter than the 2 weeks that we typically need, but I think I can make it work.

@joepeeples there is no pressure here. If you 100% sure it's impossible to updates the docs by April 29 it can be next Serverless releases on May 6 or May 13. Just l let us know what works the best for you.

[joepeeples]

it can be next Serverless releases on May 6 or May 13. Just l let us know what works the best for you.

Thanks @maximpn, could we shoot for May 6 then? There are some other serverless updates I'm currently working to finish by end of April.