[Security Solution] Fix backend logic to support rule snoozing #147736
Assignees
Labels
8.8 candidate
Feature:Rule Actions
Security Solution Detection Rule Actions area
Feature:Rule Management
Security Solution Detection Rule Management area
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Comments
banderror
added
Team:Detections and Resp
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
This was referenced Apr 12, 2023
Merged
3 tasks
maximpn
added a commit
that referenced
this issue
Apr 19, 2023
…all our BE endpoints (#154804) **Addresses:** #147736 ## Summary This PR removes automatic rule muting and unmuting at Security solution's APIs. ### Checklist - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
maximpn
added a commit
that referenced
this issue
May 5, 2023
…and throttle rule fields (#154924) **Addresses:** #147736 ## Summary This PR removes `throttle` field normalization based on `muteAll`'s value from Security Solution's `transformFromAlertThrottle` helper function used as a part of rule level to action level `throttle` upgrading functionality. ### Checklist - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
maximpn
added a commit
to kibanamachine/kibana
that referenced
this issue
May 5, 2023
…and throttle rule fields (elastic#154924) **Addresses:** elastic#147736 ## Summary This PR removes `throttle` field normalization based on `muteAll`'s value from Security Solution's `transformFromAlertThrottle` helper function used as a part of rule level to action level `throttle` upgrading functionality. ### Checklist - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit 9e9232b)
kibanamachine
referenced
this issue
May 5, 2023
…tions and throttle rule fields (#154924) (#156818) # Backport This will backport the following commits from `main` to `8.8`: - [[Security Solution] Adjust the on-read normalization for the actions and throttle rule fields (#154924)](#154924) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Maxim Palenov","email":"maxim.palenov@elastic.co"},"sourceCommit":{"committedDate":"2023-05-05T10:04:22Z","message":"[Security Solution] Adjust the on-read normalization for the actions and throttle rule fields (#154924)\n\n**Addresses:** https://github.com/elastic/kibana/issues/147736\r\n\r\n## Summary\r\n\r\nThis PR removes `throttle` field normalization based on `muteAll`'s value from Security Solution's `transformFromAlertThrottle` helper function used as a part of rule level to action level `throttle` upgrading functionality. \r\n\r\n\r\n### Checklist\r\n\r\n- [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials\r\n- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios","sha":"9e9232b0b3a9eb3fdf6685cb559cf09331c5df2d","branchLabelMapping":{"^v8.9.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Detections and Resp","Team: SecuritySolution","Feature:Rule Management","Team:Detection Rules","v8.8.0","v8.9.0"],"number":154924,"url":"https://github.com/elastic/kibana/pull/154924","mergeCommit":{"message":"[Security Solution] Adjust the on-read normalization for the actions and throttle rule fields (#154924)\n\n**Addresses:** https://github.com/elastic/kibana/issues/147736\r\n\r\n## Summary\r\n\r\nThis PR removes `throttle` field normalization based on `muteAll`'s value from Security Solution's `transformFromAlertThrottle` helper function used as a part of rule level to action level `throttle` upgrading functionality. \r\n\r\n\r\n### Checklist\r\n\r\n- [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials\r\n- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios","sha":"9e9232b0b3a9eb3fdf6685cb559cf09331c5df2d"}},"sourceBranch":"main","suggestedTargetBranches":["8.8"],"targetPullRequestStates":[{"branch":"8.8","label":"v8.8.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.9.0","labelRegex":"^v8.9.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/154924","number":154924,"mergeCommit":{"message":"[Security Solution] Adjust the on-read normalization for the actions and throttle rule fields (#154924)\n\n**Addresses:** https://github.com/elastic/kibana/issues/147736\r\n\r\n## Summary\r\n\r\nThis PR removes `throttle` field normalization based on `muteAll`'s value from Security Solution's `transformFromAlertThrottle` helper function used as a part of rule level to action level `throttle` upgrading functionality. \r\n\r\n\r\n### Checklist\r\n\r\n- [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials\r\n- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios","sha":"9e9232b0b3a9eb3fdf6685cb559cf09331c5df2d"}}]}] BACKPORT--> Co-authored-by: Maxim Palenov <maxim.palenov@elastic.co>
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Epic: https://github.com/elastic/security-team/issues/5308 (internal)
Depends on: #147735
Summary
Once we have support for snoozing in the Rules table, we should fix a couple of things on our BE side to make sure we don't end up with bugs in bulk editing rule actions and in the UI on the Rule Editing page. Muting/snoozing state should be decoupled from actions and their frequency.
_bulk_actionendpoint (PR).actionsandthrottlerule fields we do right now before we return a rule from our API endpoints. Currently, it takes into account whether a rule is muted, if it is muted it returnsthrottle: 'no_actions'. We will need to remove this. Seesecurity_solution/server/lib/detection_engine/rule_management/normalization/rule_actions.ts.The text was updated successfully, but these errors were encountered: