[Request] Prebuilt rule customization, upgrade, and export/import workflows - UI copy review

[ARWNightingale]

Epic: elastic/kibana#174168
Related to: #5061
PR: elastic/kibana#210817

Summary

Description

We are introducing the ability for users to customize prebuilt Elastic rules and adjusting the rule upgrade workflow to adapt to that change. This includes ability to:

• edit and customize prebuilt rules (modify almost all rule parameters, besides rule actions);
• export and import prebuilt rules, including customized ones;
• upgrade prebuilt rules while keeping the user customizations whenever possible.

More information in the main docs ticket: #5061.

Related links / assets

• Figma design
• Github epic

Collaborators

• PM: @approksiu
• Designer: @ARWNightingale
• Engineers: @banderror @xcrzx @maximpn @nikitaindik @dplumlee

Please reach out via the team channel.

UI copies

Prebuilt rule customization workflow

• Tooltips for the Author and License fields. Displayed on the Rule Editing page.

• "Modified Elastic rule" badge. Displayed on the Rule Details page, Rule Management page - Installed Rules table, and Rule Management page - Rule Updates table.

• "Modifications" filter. Displayed on the Rule Management page - Rule Updates table.

Prebuilt rule upgrade workflow - Rule Updates table

• Tooltips about rules having conflicts.

• Modal about rules having conflicts.

Prebuilt rule upgrade workflow - Rule Upgrade flyout

• Flyout header and footer.

• Updates tab: title and status bar.

• Updates tab: overall update status callouts.

• Rule field view: update status indicators.

Field has an update from Elastic, but it hasn't been customized by the user:

Field has been customized by the user, but there's no update from Elastic:

Field has been customized by the user AND it has an update from Elastic. The app was able to auto-merge these changes and suggest a final field value to upgrade to. This represents a potential conflict. The user has to review the conflict between their changes and the update from Elastic, review the "final update" value and either accept the suggested value or edit it before accepting:

Field has been customized by the user AND it has an update from Elastic. The app was NOT able to auto-merge these changes and suggest a final field value to upgrade to. This represents a conflict. The user has to review the conflict between their changes and the update from Elastic, edit the field value and resolve the conflict manually:

Conflict has been resolved by the user:

"Modified" badge and its tooltips:

• Rule field view: diff view and diff selector.

@pborgonovi had a concern about explanation wording for "My changes" in this tooltip. Please take a look and feel free to suggest an improvement.

• Rule field view: final update view, readonly mode.

• Rule field view: final update view, editing mode.

• Edge case: rule type change.

If it's a stock, non-customized prebuilt rule:

If it's a customized prebuilt rule:

Licensing restrictions

TBD. Details will be added by @xcrzx.

[nastasha-solomon]

Hey @ARWNightingale - some suggestions and a couple of questions about the field statuses and requested user actions:

The information in the card title is for a field that is ready for the update as it has been reviewed or edited and accepted.

• You can remove the period at the end since this is not a complete sentence.
• Is there a reason why “Reviewed and accepted” isn’t followed by additional information like the other statuses? For example, I would expect to see something like:
• Reviewed and accepted - The changes have been reviewed and accepted.

The information in the card title for a field that is ready for the update as there were no conflicts as the final update and all looks good.

• What actions would a user have taken to get to this point? I’m a little confused with the sentence “The update has no conflicts and has been applied to the final update” because I don’t understand how a field can be ready for an update if the update has already been applied to the final update (which seems to be the final version of the field).

The information in the card title for a field that needs to be reviewed as we have tried to solved a conflict in the merging of the current and elastic update.

• In this case, resolved is slightly more correct than solved. When you resolve something, you fix an issue or settle a dispute. When you solve something, you find the correct answer to a problem. (If you make this change, I also recommend applying it wherever "unsolved" is used in the UI copy for this feature.)
• The explanation can be shortened and I recommend removing "please” as we usually avoid it in copy Here’s a potential revision:
  Resolved conflict - Before accepting this change, review the suggested update.

The information in the card title for a field that needs a user to input the final update as the conflict is unsolvable by Elastic then its needs to be accepted.

• If you change solved to resolved, I recommend changing unsolved to unresolved here and anywhere else where unsolved is used for this feature.
• What’s a "merge version" and how is it related to the update that the user needs to, or chooses to, accept?
• In the second sentence, what is the "current version"?