[ML] Add ability to create and edit detector rules from the anomalies table #20339
Description
The machine learning model detects statistically anomalous results but it has no knowledge of the meaning of the values being modeled. Rules allow users to supply a detector with domain knowledge that can improve the quality of the results.
For example, a detector that performs a population analysis looking at bytes sent over IP addresses could benefit from a rule defining a list of IP addresses that the user knows to be 'safe'. Anomalous results for those IP addresses would then not be created.
Another example would be a detector looking for anomalies in the median value of CPU utilization. A user might want to inform the detector that any results where the actual value is less than 5 are not interesting.
Following the work to redesign detector rules in elastic/elasticsearch#31110, this is a meta issue listing the initial set of features that need to be implemented to allow rules to be created and edited from the UI.
- Add a link to the menu in the Anomalies table allowing the user to create or edit a rule
- Display a list of the rules that have already been created
- Allow the user to create a new rule
- Allow the user to delete a rule that has been configured for a detector
- Allow the user to configure whether the rule should skip results and/or model updates
- Configuration of numerical conditions
- Add condition
- Edit condition
- Delete condition
- Configuration of categorical scope filters
- Add filter
- Delete filter
- Display a message on when the rule takes effect and advice on re-running the job
- Indicate on the results page that a detector contains rules
- Check permissions before allowing user to create, edit or delete a rule
Prototype screen design:
