-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Restructuring folders of Detection Engine + refactoring Rule Management #142950
[Security Solution] Restructuring folders of Detection Engine + refactoring Rule Management #142950
Conversation
912c1f0
to
82c825b
Compare
6c53dd6
to
72dbef3
Compare
f94c54b
to
66cf3f7
Compare
7de12d7
to
8f55566
Compare
@marshallmain @vitaliidm Thanks for your great questions about the semantics of what is a model.
What's a model? Sometimes people call "models" data that they store in a DB, e.g. in Rails, it's an Active Record pattern. I use the term model in a broader sense. It's our domain model, meaning "things" that our app "consists of", "operates on", "shows", "allows the user to interact with", etc. Normally these things are known to the end users. Examples: rule, rule action, rule execution status, alert, source event, etc. It can be:
So this is stuff I suggest keeping in the As for the
Schema is all about validation. You can have a type (e.g. an interface) without a schema for it if it gives you enough safety. If you need an additional safety net (or you just have a weak type system) you can write a schema for this type to implement parsing and additional validation (e.g. allowed range of values for a property, etc). You can have a model without a schema. Hope this clarifies it a bit. Feel free to drop any other questions on me until we're aligned. |
It seemed to me acceptable in this case because I wouldn't expect us to be working with a lot of endpoints at the same time. So compared to calling all components
Yes, the idea is to continue moving stuff from |
💚 Build Succeeded
Metrics [docs]Module Count
Public APIs missing comments
Async chunks
Page load bundle
Unknown metric groupsAPI count
ESLint disabled in files
ESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: cc @xcrzx @banderror |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approving without review, so Alerts Area doesn't block the merge.
cc @marshallmain
I'm on board with making those file names unique. Besides making it easier to navigate between open tabs, it also makes it much easier to find a particular file by its name in IDE, Chrome DevTools, or in the console. |
* main: (57 commits) [Files] Filepicker (elastic#143111) [Infrastructure UI] Replace Lens table with EUI table and own api (elastic#142871) [api-docs] Daily api_docs build (elastic#143829) [api-docs] Daily api_docs build (elastic#143825) [api-docs] Daily api_docs build (elastic#143823) [Security Solution] Restructuring folders of Detection Engine + refactoring Rule Management (elastic#142950) [Dev tools] Fix performance issue with autocomplete suggestions (elastic#143428) [Security Solution] Disable ML rule's edit button link under basic license (elastic#143260) [Lens] Use the language-documentation package for formula (elastic#143649) [api-docs] Daily api_docs build (elastic#143811) [Security Solution] Fix missing title on inspect pop-up (elastic#143601) fix incorrect filters being passed to events table causing duplicate entries in our inpsect tool request tab (elastic#143239) [Security Solution][Endpoint] `get-file` response action kibana download file API (elastic#143708) Rely on refresh context to update stats independently of overview cards. (elastic#143308) [RAM] Rule event log - Fix incorrect results when filtering by message and outcome simultaneously (elastic#143119) [ML] Display link to create data view from error cases in data frame analytics results pages (elastic#143596) Update links in README :) (elastic#143675) Add more tests for ml_inference_logic (elastic#143764) skip failing test suite (elastic#143717) [DOCS] Add assignees to case APIs (elastic#143610) ...
…out (#146904) ## Summary These changes fixes the issue with the unexpected "Failed to Fetch Rule" error toast that appears when user opens the alert details from the Rule Preview page. The issue was introduced by [recent refactoring](#142950) where we switched from the optional toast to showing error toast always when it is not possible to fetch the rule (see `useRuleWithFallback` hook). In case of Rule Preview the rule does not exist and thus server returns 404 (not found) error. In case of Rule Preview we would like to ignore this error and build the rule from the alert. Bug Ticket: #146858
…out (elastic#146904) ## Summary These changes fixes the issue with the unexpected "Failed to Fetch Rule" error toast that appears when user opens the alert details from the Rule Preview page. The issue was introduced by [recent refactoring](elastic#142950) where we switched from the optional toast to showing error toast always when it is not possible to fetch the rule (see `useRuleWithFallback` hook). In case of Rule Preview the rule does not exist and thus server returns 404 (not found) error. In case of Rule Preview we would like to ignore this error and build the rule from the alert. Bug Ticket: elastic#146858 (cherry picked from commit 1b4c661)
…ew Flyout (#146904) (#146921) # Backport This will backport the following commits from `main` to `8.6`: - [[Security Solution] Failed to Fetch Rules and Timeline in Preview Flyout (#146904)](#146904) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Ievgen Sorokopud","email":"ievgen.sorokopud@elastic.co"},"sourceCommit":{"committedDate":"2022-12-02T20:17:54Z","message":"[Security Solution] Failed to Fetch Rules and Timeline in Preview Flyout (#146904)\n\n## Summary\r\n\r\nThese changes fixes the issue with the unexpected \"Failed to Fetch Rule\"\r\nerror toast that appears when user opens the alert details from the Rule\r\nPreview page.\r\n\r\nThe issue was introduced by [recent\r\nrefactoring](#142950) where we\r\nswitched from the optional toast to showing error toast always when it\r\nis not possible to fetch the rule (see `useRuleWithFallback` hook). In\r\ncase of Rule Preview the rule does not exist and thus server returns 404\r\n(not found) error. In case of Rule Preview we would like to ignore this\r\nerror and build the rule from the alert.\r\n\r\nBug Ticket: #146858","sha":"1b4c66101b02dd4c01582a0e7b684eb5b499101a","branchLabelMapping":{"^v8.7.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team: SecuritySolution","Team:Detection Rules","Team:Detection Alerts","backport:prev-minor","ci:cloud-deploy","v8.7.0"],"number":146904,"url":"https://github.com/elastic/kibana/pull/146904","mergeCommit":{"message":"[Security Solution] Failed to Fetch Rules and Timeline in Preview Flyout (#146904)\n\n## Summary\r\n\r\nThese changes fixes the issue with the unexpected \"Failed to Fetch Rule\"\r\nerror toast that appears when user opens the alert details from the Rule\r\nPreview page.\r\n\r\nThe issue was introduced by [recent\r\nrefactoring](#142950) where we\r\nswitched from the optional toast to showing error toast always when it\r\nis not possible to fetch the rule (see `useRuleWithFallback` hook). In\r\ncase of Rule Preview the rule does not exist and thus server returns 404\r\n(not found) error. In case of Rule Preview we would like to ignore this\r\nerror and build the rule from the alert.\r\n\r\nBug Ticket: #146858","sha":"1b4c66101b02dd4c01582a0e7b684eb5b499101a"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.7.0","labelRegex":"^v8.7.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/146904","number":146904,"mergeCommit":{"message":"[Security Solution] Failed to Fetch Rules and Timeline in Preview Flyout (#146904)\n\n## Summary\r\n\r\nThese changes fixes the issue with the unexpected \"Failed to Fetch Rule\"\r\nerror toast that appears when user opens the alert details from the Rule\r\nPreview page.\r\n\r\nThe issue was introduced by [recent\r\nrefactoring](#142950) where we\r\nswitched from the optional toast to showing error toast always when it\r\nis not possible to fetch the rule (see `useRuleWithFallback` hook). In\r\ncase of Rule Preview the rule does not exist and thus server returns 404\r\n(not found) error. In case of Rule Preview we would like to ignore this\r\nerror and build the rule from the alert.\r\n\r\nBug Ticket: #146858","sha":"1b4c66101b02dd4c01582a0e7b684eb5b499101a"}}]}] BACKPORT--> Co-authored-by: Ievgen Sorokopud <ievgen.sorokopud@elastic.co>
Partially addresses: #138600, #92169, #138606
Addresses: #136957, #136962, #138614
Summary
In this PR we are:
detection_engine
, and we moved some (not all) code into them. More on that is below. New subdomains introduced:fleet_integrations
prebuilt_rules
rule_actions_legacy
rule_exceptions
rule_management
rule_preview
rule_schema
rule_creation_ui
rule_details_ui
rule_management_ui
rule_exceptions_ui
Restructuring folders into subdomains
For the background and problem statement, please refer to #138600
We were focusing on code that is closely related to the Rules area: either owned by us de facto (we work on it) or owned by us de jure (according to the CODEOWNERS file). Or goal was to explicitly extract code that we don't own de facto into separate subdomains, transfer ownership to other area teams, and reflect this in the CODEOWNERS file. On the other hand, we wanted the code that we own to also be organized in clear subdomains that we could easily own via CODEOWNERS. We didn't touch the code that is already explicitly owned by other area teams, e.g.
x-pack/plugins/security_solution/server/lib/detection_engine/rule_types
.This is a draft "domain map" - an architectural diagram that shows how the Detection Engine could be split into subdomains. It's more a TO-BE idea/aspiration rather than an AS-IS statement. Any feedback, critiques, and suggestions would be extremely appreciated!
It shows the flow of dependencies between subdomains and proposes some rules:
Dashed lines show some existing dependencies that we think should be eliminated.
Ownership TO-BE is color-coded. We updated the CODEOWNERS file according to the new folders.
The folder restructuring is not 100% finished but we did a big part of it. Most of the FE code continues to live in legacy folders, e.g. see
x-pack/plugins/security_solution/public/detections
. So this work is to be continued...Refactoring of Rule Management FE
useQuery
anduseMutation
hooks fromreact-query
. That allowed us to introduce the following improvements to our codebase:useRule
could be used on any level in the component tree to access response data directly. So, no need to put the hook on the top level anymore and use prop-drilling to make the response data available to all children components that require it.security_solution/public/detection_engine/rule_management/api/hooks
contains abstraction layer on top of the Kibana's HTTP client. All data fetching should happen exclusively through that layer to ensure that:security_solution/public/detection_engine/rule_management/logic
.Checklist