forked from elastic/kibana
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Rules migration] Add functionality to display matched prebuilt rules…
… details (elastic#11360) (elastic#203035) ## Summary [Internal link](elastic/security-team#10820) to the feature details These changes add functionality that allows to display matched prebuilt rules details. ### New route There is a new route `/internal/siem_migrations/rules/{migration_id}/prebuilt_rules` that will return all prebuilt rules matched by translated rules within a specific migration. ### UI changes The rule migration details flyout was updated to display matched prebuilt rule data in both `Translation` and `Overview` tabs. https://github.com/user-attachments/assets/3da49653-e0ab-4d8b-892e-dd05cf73743b ### Other changes Also, as part of this PR, batching of a rule installation/creation was added. --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Sergi Massaneda <[email protected]>
- Loading branch information
1 parent
ee91b88
commit 54375bd
Showing
22 changed files
with
638 additions
and
200 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
36 changes: 36 additions & 0 deletions
36
x-pack/plugins/security_solution/common/siem_migrations/rules/utils.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import type { Severity } from '../../api/detection_engine'; | ||
import { DEFAULT_TRANSLATION_FIELDS, DEFAULT_TRANSLATION_SEVERITY } from '../constants'; | ||
import type { ElasticRule, ElasticRulePartial } from '../model/rule_migration.gen'; | ||
|
||
export type MigrationPrebuiltRule = ElasticRulePartial & | ||
Required<Pick<ElasticRulePartial, 'title' | 'description' | 'prebuilt_rule_id'>>; | ||
|
||
export type MigrationCustomRule = ElasticRulePartial & | ||
Required<Pick<ElasticRulePartial, 'title' | 'description' | 'query' | 'query_language'>>; | ||
|
||
export const isMigrationPrebuiltRule = (rule?: ElasticRule): rule is MigrationPrebuiltRule => | ||
!!(rule?.title && rule?.description && rule?.prebuilt_rule_id); | ||
|
||
export const isMigrationCustomRule = (rule?: ElasticRule): rule is MigrationCustomRule => | ||
!isMigrationPrebuiltRule(rule) && | ||
!!(rule?.title && rule?.description && rule?.query && rule?.query_language); | ||
|
||
export const convertMigrationCustomRuleToSecurityRulePayload = (rule: MigrationCustomRule) => { | ||
return { | ||
type: rule.query_language, | ||
language: rule.query_language, | ||
query: rule.query, | ||
name: rule.title, | ||
description: rule.description, | ||
|
||
...DEFAULT_TRANSLATION_FIELDS, | ||
severity: (rule.severity as Severity) ?? DEFAULT_TRANSLATION_SEVERITY, | ||
}; | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.