Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RAM] Add example log system action type #175057

Merged
merged 13 commits into from
Jan 30, 2024
Merged

[RAM] Add example log system action type #175057

merged 13 commits into from
Jan 30, 2024

Conversation

Zacqary
Copy link
Contributor

@Zacqary Zacqary commented Jan 17, 2024
edited
Loading

Summary

Screenshot 2024-01-17 at 11 29 36 AM Screenshot 2024-01-17 at 11 29 32 AM

This adds an example action type called System Log, which is enabled when running Kibana with the --run-examples flag.

This action will log out to Kibana at the same rate as summarized alerts.

Please only refer to 29fa70d when reviewing. Other code changes were cherry-picked from main

ymao1 and others added 2 commits January 16, 2024 13:25
@ymao1 @kibanamachine @Zacqary
[Response Ops][Alerting] AAD for alerting example rules (elastic#174032)
b5353fb 
Towards elastic/response-ops-team#164

Registering alerting example rules with framework AAD. This creates a
new alerts index `.alerts-default.alerts-default` that will eventually
hold alerts for all rules that have not customized their registration.
This index contains only the mappings for the basic alerts as data
documents, no custom context or payload fields.

Run kibana using `--run-examples` flag. Create one of the example rule
types and let it alert and then resolve and see an alert document get
created in the `.alerts-default.alerts-default` index.

---------

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
@Zacqary
[RAM] Add example log system action type
29fa70d
@Zacqary Zacqary added release_note:skip Skip the PR/issue when compiling release notes Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) Feature:Alerting/RulesManagement Issues related to the Rules Management UX v8.13.0 labels Jan 17, 2024
@Zacqary Zacqary requested review from a team as code owners January 17, 2024 17:32
@elasticmachine
Copy link
Contributor

Pinging @elastic/response-ops (Team:ResponseOps)

@apmmachine
Copy link
Contributor

🤖 GitHub comments

Expand to view the GitHub comments

Just comment with:

  • /oblt-deploy : Deploy a Kibana instance using the Observability test environments.
  • /oblt-deploy-serverless : Deploy a serverless Kibana instance using the Observability test environments.
  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

XavierM
XavierM reviewed Jan 22, 2024
View reviewed changes
x-pack/plugins/alerting/server/routes/rule/apis/resolve/resolve_rule_route.ts Outdated
body: transformResolveResponseV1<RuleParamsV1>(rule),
};
return res.ok(response);
try {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why did we have to add the try/catch?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This route was failing because some schemas were missing system actions support so I added this for debugging, but it's not needed anymore. I'll remove.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool!

XavierM
XavierM reviewed Jan 22, 2024
View reviewed changes
...lugins/triggers_actions_ui/public/application/sections/action_connector_form/action_form.tsx Outdated
frequency: DEFAULT_FREQUENCY,
uuid: uuidv4(),
});
actions.push(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we create a function to avoid duplication code?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pushing a simplified version of this control flow

I looked into the git blame to find out why DEFAULT_FREQUENCY was being set sometimes, and defaultRuleFrequency was being set other times, and it turns out it's due to a bad merge, so I'm just setting defaultRuleFrequency no matter what going forward. This may end up fixing a bug that we haven't yet detected.

@patrykkopycinski patrykkopycinski mentioned this pull request Jan 23, 2024
Draft
JiaweiWu
JiaweiWu reviewed Jan 26, 2024
View reviewed changes
Copy link
Contributor

@JiaweiWu JiaweiWu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not really sure how I should go about testing this (looks like I might need to pull the entire feature branch?). But generally I think we should make sure the modifications we're making to non-example code is well tested.

x-pack/plugins/actions/server/routes/connector/get_all/get_all.ts Outdated Show resolved Hide resolved
x-pack/plugins/alerting/common/rule.ts Outdated Show resolved Hide resolved
x-pack/plugins/triggers_actions_ui/public/application/sections/rule_form/rule_edit.tsx
Comment on lines +84 to +91
clonedRule.actions = clonedRule.actions.map((action: SanitizedRuleAction) => {
if (actionHasDefinedGroup(action as SanitizedRuleAction)) {
return {
...action,
frequency,
} as SanitizedRuleAction;
}
return action as SanitizedRuleAction;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's add some jest tests to this as well, also curious to know why we have to cast the types so often, maybe worth trying to fix them, unless we're migrating types like we were the the http versioning stuff

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This migration code is for pre-8.6 rules, note the if (hasRuleLevelNotifyWhen || hasRuleLevelThrottle) check.

Adding this change here covers the highly unlikely edge case where a system action somehow gets added to a pre-8.6 rule that still has global frequency params before it's ever opened in the UI and migrated, and even then whatever frequency param we add would get stripped on rewrite. This was just to cover our bases in case something unexpected happens but I'm 99% sure the UI will function without problems if we don't push this. Happy to revert this code if it's a blocker.

...lugins/triggers_actions_ui/public/application/sections/action_connector_form/action_form.tsx Show resolved Hide resolved
XavierM
XavierM reviewed Jan 29, 2024
View reviewed changes
Copy link
Contributor

@XavierM XavierM left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Last question: I am wondering if we should have a designated API to get the system action and not mix them with our connectors APIs. Might make our code cleaner on the UI and less confusing.

@cnasikas, @Zacqary, @JiaweiWu what do you think?

@cnasikas
Copy link
Member

cnasikas commented Jan 29, 2024
edited
Loading

Last question: I am wondering if we should have a designated API to get the system action and not mix them with our connectors APIs. Might make our code cleaner on the UI and less confusing.

@cnasikas, @Zacqary, @JiaweiWu what do you think?

@XavierM For which API are you referring to? The connectors' APIs (Get all connectors API, Get connector API, List connector types API) do not return system actions.

@XavierM
Copy link
Contributor

XavierM commented Jan 29, 2024

@cnasikas I think in this PR, we are using the Get all connectors API to get the system actions on the UI with a new query param to include them. I feel like we should have a different APIs for getting all or the detail of the system action.

@cnasikas
Copy link
Member

@cnasikas I think in this PR, we are using the Get all connectors API to get the system actions on the UI with a new query param to include them. I feel like we should have a different APIs for getting all or the detail of the system action.

You are right @XavierM. You can see in the System Actions doc that this was the decision we took. We should not expose system actions to any of the connector's APIs and we should use separate internal APIs dedicated to system actions.

@XavierM
Copy link
Contributor

XavierM commented Jan 29, 2024

I missed that in the doc, I just realized when reviewing the PR!

@Zacqary
Copy link
Contributor Author

Zacqary commented Jan 29, 2024

@cnasikas I was reading over the System Actions doc and discussion but it was never clear where in the UI system actions actually do show up. Only that they're not supposed to be in the connectors list.

I didn't have anywhere to put this example action except in the connectors list with everything else. I combined fetching system actions with the get_all API because it didn't make sense to make two API calls to populate the same UI element. If you can clear up the requirements for me I'd be happy to adjust my approach to this PR.

@kibana-ci
Copy link
Collaborator

kibana-ci commented Jan 29, 2024
edited
Loading

⏳ Build in-progress, with failures

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #42 / Actions and Triggers app Rules list rules list should allow rules to be snoozed
  • [job] [logs] FTR Configs #42 / Actions and Triggers app Rules list rules list should allow rules to be snoozed
  • [job] [logs] FTR Configs #51 / Actions API @serverless @ess add_actions adding actions creates rule with a new webhook action
  • [job] [logs] FTR Configs #64 / Actions API @serverless @ess add_actions adding actions creates rule with a new webhook action
  • [job] [logs] FTR Configs #51 / Actions API @serverless @ess add_actions adding actions creates rule with a new webhook action
  • [job] [logs] FTR Configs #64 / Actions API @serverless @ess add_actions adding actions creates rule with a new webhook action
  • [job] [logs] FTR Configs #1 / aiops change point detection detects a change point when no split field is selected
  • [job] [logs] FTR Configs #82 / Alerting alerts should schedule task, run alert and schedule actions
  • [job] [logs] FTR Configs #82 / Alerting alerts should schedule task, run alert and schedule actions
  • [job] [logs] FTR Configs #45 / alerting api integration security and spaces enabled - Group 3 Alerts - Group 3 alerts bulkEdit superuser at space1 should handle bulk edit of rules appropriately
  • [job] [logs] FTR Configs #45 / alerting api integration security and spaces enabled - Group 3 Alerts - Group 3 alerts bulkEdit superuser at space1 should handle bulk edit of rules appropriately
  • [job] [logs] FTR Configs #62 / alerting api integration security and spaces enabled - Group 4 Alerts alerts alerts superuser at space1 should schedule task, run alert and schedule actions when appropriate
  • [job] [logs] FTR Configs #79 / alerting api integration security and spaces enabled - Group 4 Alerts alerts alerts superuser at space1 should schedule task, run alert and schedule actions when appropriate
  • [job] [logs] FTR Configs #79 / alerting api integration security and spaces enabled - Group 4 Alerts alerts alerts superuser at space1 should schedule task, run alert and schedule actions when appropriate
  • [job] [logs] FTR Configs #62 / alerting api integration security and spaces enabled - Group 4 Alerts alerts alerts superuser at space1 should schedule task, run alert and schedule actions when appropriate
  • [job] [logs] FTR Configs #8 / Alerting APIs Summary actions should schedule actions for summary of alerts per rule run
  • [job] [logs] FTR Configs #9 / Alerting APIs Summary actions should schedule actions for summary of alerts per rule run
  • [job] [logs] FTR Configs #33 / Alerting APIs Summary actions should schedule actions for summary of alerts per rule run
  • [job] [logs] FTR Configs #1 / Alerting bulkEdit should bulk edit rule with tags operation
  • [job] [logs] FTR Configs #49 / Alerting create legacy should handle create alert request appropriately
  • [job] [logs] FTR Configs #49 / Alerting create legacy should handle create alert request appropriately
  • [job] [logs] FTR Configs #77 / Alerts - Group 3 - schedule circuit breaker alerts Bulk edit with circuit breaker should prevent rules from being bulk edited if max schedules have been reached
  • [job] [logs] FTR Configs #77 / Alerts - Group 3 - schedule circuit breaker alerts Bulk edit with circuit breaker should prevent rules from being bulk edited if max schedules have been reached
  • [job] [logs] Defend Workflows Cypress Tests on Serverless #1 / Artifact tabs in Policy Details page Trusted applications tab Given there are no Trusted applications entries "before all" hook for "[ALL] User can add Trusted applications artifact" "before all" hook for "[ALL] User can add Trusted applications artifact"
  • [job] [logs] Defend Workflows Cypress Tests on Serverless #1 / Artifact tabs in Policy Details page Trusted applications tab Given there are no Trusted applications entries "before all" hook for "[ALL] User can add Trusted applications artifact" "before all" hook for "[ALL] User can add Trusted applications artifact"
  • [job] [logs] Defend Workflows Cypress Tests #4 / Automated Response Actions From alerts "before all" hook for "should have generated endpoint and rule" "before all" hook for "should have generated endpoint and rule"
  • [job] [logs] Serverless Rule Management - Security Solution Cypress Tests #4 / Bulk editing index patterns of rules with a data view only Add index patterns to custom rules with configured data view when data view checkbox is checked: rules are updated Add index patterns to custom rules with configured data view when data view checkbox is checked: rules are updated
  • [job] [logs] Rule Management - Security Solution Cypress Tests #7 / Bulk editing index patterns of rules with a data view only Add index patterns to custom rules with configured data view when data view checkbox is checked: rules are updated Add index patterns to custom rules with configured data view when data view checkbox is checked: rules are updated
  • [job] [logs] Serverless Rule Management - Security Solution Cypress Tests #4 / Bulk editing index patterns of rules with a data view only Add index patterns to custom rules with configured data view: all rules are skipped Add index patterns to custom rules with configured data view: all rules are skipped
  • [job] [logs] Rule Management - Security Solution Cypress Tests #7 / Bulk editing index patterns of rules with a data view only Add index patterns to custom rules with configured data view: all rules are skipped Add index patterns to custom rules with configured data view: all rules are skipped
  • [job] [logs] Serverless Rule Management - Security Solution Cypress Tests #4 / Bulk editing index patterns of rules with a data view only Delete index patterns in custom rules with configured data view: rules are skipped Delete index patterns in custom rules with configured data view: rules are skipped
  • [job] [logs] Rule Management - Security Solution Cypress Tests #7 / Bulk editing index patterns of rules with a data view only Delete index patterns in custom rules with configured data view: rules are skipped Delete index patterns in custom rules with configured data view: rules are skipped
  • [job] [logs] Serverless Rule Management - Security Solution Cypress Tests #4 / Bulk editing index patterns of rules with a data view only Overwrite index patterns in custom rules with configured data view when overwrite data view checkbox is checked: rules are updated Overwrite index patterns in custom rules with configured data view when overwrite data view checkbox is checked: rules are updated
  • [job] [logs] Rule Management - Security Solution Cypress Tests #7 / Bulk editing index patterns of rules with a data view only Overwrite index patterns in custom rules with configured data view when overwrite data view checkbox is checked: rules are updated Overwrite index patterns in custom rules with configured data view when overwrite data view checkbox is checked: rules are updated
  • [job] [logs] Serverless Rule Management - Security Solution Cypress Tests #4 / Bulk editing index patterns of rules with a data view only Overwrite index patterns in custom rules with configured data view when overwrite data view checkbox is NOT checked:: rules are skipped Overwrite index patterns in custom rules with configured data view when overwrite data view checkbox is NOT checked:: rules are skipped
  • [job] [logs] Rule Management - Security Solution Cypress Tests #7 / Bulk editing index patterns of rules with a data view only Overwrite index patterns in custom rules with configured data view when overwrite data view checkbox is NOT checked:: rules are skipped Overwrite index patterns in custom rules with configured data view when overwrite data view checkbox is NOT checked:: rules are skipped
  • [job] [logs] Serverless Rule Management - Security Solution Cypress Tests #4 / Bulk editing index patterns of rules with index patterns and rules with a data view Add index patterns to custom rules when overwrite data view checkbox is checked: all rules are updated Add index patterns to custom rules when overwrite data view checkbox is checked: all rules are updated
  • [job] [logs] Rule Management - Security Solution Cypress Tests #7 / Bulk editing index patterns of rules with index patterns and rules with a data view Add index patterns to custom rules when overwrite data view checkbox is checked: all rules are updated Add index patterns to custom rules when overwrite data view checkbox is checked: all rules are updated
  • [job] [logs] Serverless Rule Management - Security Solution Cypress Tests #4 / Bulk editing index patterns of rules with index patterns and rules with a data view Add index patterns to custom rules: one rule is updated, one rule is skipped Add index patterns to custom rules: one rule is updated, one rule is skipped
  • [job] [logs] Rule Management - Security Solution Cypress Tests #7 / Bulk editing index patterns of rules with index patterns and rules with a data view Add index patterns to custom rules: one rule is updated, one rule is skipped Add index patterns to custom rules: one rule is updated, one rule is skipped
  • [job] [logs] Jest Tests #13 / bulkEdit() actions operations should add system and default actions
  • [job] [logs] Jest Tests #13 / bulkEdit() actions operations should add the actions type to the response correctly
  • [job] [logs] Jest Tests #13 / bulkEdit() actions operations should add uuid to new actions
  • [job] [logs] Jest Tests #13 / bulkEdit() actions operations should construct the refs correctly and not persist the type of the action
  • [job] [logs] Jest Tests #13 / bulkEdit() actions operations should only increment revision once for multiple operations
  • [job] [logs] Jest Tests #13 / bulkEdit() actions operations should return an error if the system action does not exist
  • [job] [logs] Jest Tests #13 / bulkEdit() actions operations should set timeframe in alertsFilter null if doesn't exist
  • [job] [logs] Jest Tests #13 / bulkEdit() index pattern operations should add index patterns
  • [job] [logs] Jest Tests #13 / bulkEdit() index pattern operations should delete index patterns
  • [job] [logs] Jest Tests #13 / bulkEdit() index pattern operations should skip operation when params modifiers does not modify index pattern array
  • [job] [logs] Jest Tests #13 / bulkEdit() snoozeSchedule operations should add snooze schedule
  • [job] [logs] Jest Tests #13 / bulkEdit() snoozeSchedule operations should not unsnooze a snoozed rule when bulk adding snooze schedules
  • [job] [logs] Jest Tests #13 / bulkEdit() snoozeSchedule operations should snooze
  • [job] [logs] Jest Tests #13 / bulkEdit() tags operations should add new tag
  • [job] [logs] Jest Tests #13 / bulkEdit() tags operations should delete tag
  • [job] [logs] Jest Tests #13 / bulkEdit() tags operations should set tags
  • [job] [logs] Jest Tests #13 / bulkEdit() tags operations should skip operation when adding already existing tags
  • [job] [logs] Jest Tests #13 / bulkEdit() tags operations should skip operation when adding no tags
  • [job] [logs] Jest Tests #13 / bulkEdit() tags operations should skip operation when deleting no tags
  • [job] [logs] Jest Tests #13 / bulkEdit() tags operations should skip operation when deleting non existing tags
  • [job] [logs] x-pack/test/detection_engine_api_integration/security_and_spaces/group1/config.ts / detection engine api security and spaces enabled - Group 1 create_rules_bulk creating rules in bulk per-action frequencies actions without frequencies it sets each action's frequency attribute to default value when 'throttle' is undefined
  • [job] [logs] x-pack/test/detection_engine_api_integration/security_and_spaces/group1/config.ts / detection engine api security and spaces enabled - Group 1 create_rules_bulk creating rules in bulk per-action frequencies actions without frequencies it sets each action's frequency attribute to default value when 'throttle' is undefined
  • [job] [logs] x-pack/test/detection_engine_api_integration/security_and_spaces/group10/config.ts / detection engine api security and spaces enabled - Group 10 import_rules importing rules with an index should migrate legacy actions in existing rule if overwrite is set to true
  • [job] [logs] x-pack/test/detection_engine_api_integration/security_and_spaces/group10/config.ts / detection engine api security and spaces enabled - Group 10 import_rules importing rules with an index should migrate legacy actions in existing rule if overwrite is set to true
  • [job] [logs] FTR Configs #18 / Detection rule type telemetry @ess @serverless Detection rule telemetry "kql" rule type should show "notifications_disabled" to be "1" for rule that has at least "1" action(s) and the alert is "disabled"/"in-active"
  • [job] [logs] FTR Configs #83 / Detection rule type telemetry @ess @serverless Detection rule telemetry "kql" rule type should show "notifications_disabled" to be "1" for rule that has at least "1" action(s) and the alert is "disabled"/"in-active"
  • [job] [logs] FTR Configs #83 / Detection rule type telemetry @ess @serverless Detection rule telemetry "kql" rule type should show "notifications_disabled" to be "1" for rule that has at least "1" action(s) and the alert is "disabled"/"in-active"
  • [job] [logs] FTR Configs #18 / Detection rule type telemetry @ess @serverless Detection rule telemetry "kql" rule type should show "notifications_disabled" to be "1" for rule that has at least "1" action(s) and the alert is "disabled"/"in-active"
  • [job] [logs] Rule Management - Security Solution Cypress Tests #6 / Detection rules, bulk edit of rule actions All actions privileges "before each" hook for "Add a rule action to rules (existing connector)" "before each" hook for "Add a rule action to rules (existing connector)"
  • [job] [logs] Rule Management - Security Solution Cypress Tests #6 / Detection rules, bulk edit of rule actions All actions privileges "before each" hook for "Add a rule action to rules (existing connector)" "before each" hook for "Add a rule action to rules (existing connector)"
  • [job] [logs] Rule Management - Security Solution Cypress Tests #6 / Detection rules, bulk edit of rule actions Restricted action privileges User with no privileges can't add rule actions User with no privileges can't add rule actions
  • [job] [logs] Rule Management - Security Solution Cypress Tests #6 / Detection rules, bulk edit of rule actions Restricted action privileges User with no privileges can't add rule actions User with no privileges can't add rule actions
  • [job] [logs] FTR Configs #2 / Detection User Roles APIs @ess @serverless @brokenInServerless read_privileges should return expected privileges for a "platform_engineer" user
  • [job] [logs] FTR Configs #2 / Detection User Roles APIs @ess @serverless @brokenInServerless read_privileges should return expected privileges for a "platform_engineer" user
  • [job] [logs] Defend Workflows Cypress Tests #13 / Document signing: "before all" hook for "should fail if data tampered" "before all" hook for "should fail if data tampered"
  • [job] [logs] Defend Workflows Cypress Tests #13 / Document signing: "before all" hook for "should fail if data tampered" "before all" hook for "should fail if data tampered"
  • [job] [logs] FTR Configs #13 / Endpoint plugin When attempting to call an endpoint api "after all" hook in "When attempting to call an endpoint api"
  • [job] [logs] FTR Configs #68 / Endpoint plugin When attempting to call an endpoint api "after all" hook in "When attempting to call an endpoint api"
  • [job] [logs] FTR Configs #13 / Endpoint plugin When attempting to call an endpoint api "after all" hook in "When attempting to call an endpoint api"
  • [job] [logs] FTR Configs #13 / Endpoint plugin When attempting to call an endpoint api "before all" hook in "When attempting to call an endpoint api"
  • [job] [logs] FTR Configs #68 / Endpoint plugin When attempting to call an endpoint api "before all" hook in "When attempting to call an endpoint api"
  • [job] [logs] FTR Configs #13 / Endpoint plugin When attempting to call an endpoint api "before all" hook in "When attempting to call an endpoint api"
  • [job] [logs] FTR Configs #3 / endpoint Response Actions Responder "before all" hook in "Response Actions Responder"
  • [job] [logs] FTR Configs #75 / endpoint Response Actions Responder "before all" hook in "Response Actions Responder"
  • [job] [logs] FTR Configs #38 / endpoint When on the Endpoint Policy Details Page "after all" hook in "When on the Endpoint Policy Details Page"
  • [job] [logs] FTR Configs #38 / endpoint When on the Endpoint Policy Details Page "after all" hook in "When on the Endpoint Policy Details Page"
  • [job] [logs] FTR Configs #38 / endpoint When on the Endpoint Policy Details Page "before all" hook in "When on the Endpoint Policy Details Page"
  • [job] [logs] FTR Configs #38 / endpoint When on the Endpoint Policy Details Page "before all" hook in "When on the Endpoint Policy Details Page"
  • [job] [logs] Jest Tests #11 / getAllSystemConnectorsRoute ensures the license allows getting all connectors
  • [job] [logs] Jest Tests #11 / getAllSystemConnectorsRoute ensures the license check prevents getting all connectors
  • [job] [logs] Jest Tests #11 / getAllSystemConnectorsRoute get all connectors with proper parameters
  • [job] [logs] Jest Tests #11 / listTypesSystemRoute ensures the license allows listing action types
  • [job] [logs] Jest Tests #11 / listTypesSystemRoute ensures the license check prevents listing action types
  • [job] [logs] Jest Tests #11 / listTypesSystemRoute lists action types with proper parameters
  • [job] [logs] Jest Tests #11 / listTypesSystemRoute passes feature_id if provided as query parameter
  • [job] [logs] Jest Tests #15 / loadActionTypes should call list types API
  • [job] [logs] Jest Tests #15 / loadAllActions should call getAll actions API
  • [job] [logs] FTR Configs #57 / Monitoring app Cluster listing Alerts should show a toast when alerts are created successfully
  • [job] [logs] FTR Configs #57 / Monitoring app Cluster listing Alerts should show a toast when alerts are created successfully
  • [job] [logs] FTR Configs #86 / Observability Rules Synthetics SyntheticsRules creates rule when settings are configured
  • [job] [logs] FTR Configs #86 / Observability Rules Synthetics SyntheticsRules creates rule when settings are configured
  • [job] [logs] Defend Workflows Cypress Tests on Serverless #5 / Response actions history page "before all" hook for "retains expanded action details on page reload" "before all" hook for "retains expanded action details on page reload"
  • [job] [logs] Defend Workflows Cypress Tests on Serverless #5 / Response actions history page "before all" hook for "retains expanded action details on page reload" "before all" hook for "retains expanded action details on page reload"
  • [job] [logs] Defend Workflows Cypress Tests #2 / Response console Execute operations: "before all" hook for ""execute --command" - should execute a command" "before all" hook for ""execute --command" - should execute a command"
  • [job] [logs] Defend Workflows Cypress Tests on Serverless #1 / Response console Execute operations: "before all" hook for ""execute --command" - should execute a command" "before all" hook for ""execute --command" - should execute a command"
  • [job] [logs] Defend Workflows Cypress Tests on Serverless #1 / Response console Execute operations: "before all" hook for ""execute --command" - should execute a command" "before all" hook for ""execute --command" - should execute a command"
  • [job] [logs] Defend Workflows Cypress Tests #12 / Response console From Alerts "before all" hook for "should open responder from alert details flyout" "before all" hook for "should open responder from alert details flyout"
  • [job] [logs] Defend Workflows Cypress Tests #12 / Response console From Alerts "before all" hook for "should open responder from alert details flyout" "before all" hook for "should open responder from alert details flyout"
  • [job] [logs] Defend Workflows Cypress Tests #14 / Response console From endpoint list "before all" hook for "should open responder" "before all" hook for "should open responder"
  • [job] [logs] Defend Workflows Cypress Tests #14 / Response console From endpoint list "before all" hook for "should open responder" "before all" hook for "should open responder"
  • [job] [logs] Defend Workflows Cypress Tests #4 / Response console Host Isolation: "before all" hook for "should isolate a host from response console" "before all" hook for "should isolate a host from response console"
  • [job] [logs] Defend Workflows Cypress Tests #5 / Response console Processes operations: "before all" hook for ""processes" - should obtain a list of processes" "before all" hook for ""processes" - should obtain a list of processes"
  • [job] [logs] Detection Engine - Security Solution Cypress Tests #1 / Rule actions during detection rule creation Indexes a new document after the index action is triggered Indexes a new document after the index action is triggered
  • [job] [logs] Detection Engine - Security Solution Cypress Tests #1 / Rule actions during detection rule creation Indexes a new document after the index action is triggered Indexes a new document after the index action is triggered
  • [job] [logs] FTR Configs #44 / Rule creation API @serverless @ess create_rules @brokenInServerless per-action frequencies actions without frequencies sets each action's frequency attribute to default value when 'throttle' is undefined
  • [job] [logs] FTR Configs #44 / Rule creation API @serverless @ess create_rules @brokenInServerless per-action frequencies actions without frequencies sets each action's frequency attribute to default value when 'throttle' is undefined
  • [job] [logs] Serverless Rule Management - Security Solution Cypress Tests #8 / rule snoozing Rules management table snoozes a rule with actions for 2 days snoozes a rule with actions for 2 days
  • [job] [logs] Rule Management - Security Solution Cypress Tests #3 / rule snoozing Rules management table snoozes a rule with actions for 2 days snoozes a rule with actions for 2 days
  • [job] [logs] Serverless Rule Management - Security Solution Cypress Tests #8 / rule snoozing Rules management table snoozes a rule with actions for 2 days snoozes a rule with actions for 2 days
  • [job] [logs] Rule Management - Security Solution Cypress Tests #3 / rule snoozing Rules management table snoozes a rule with actions for 2 days snoozes a rule with actions for 2 days
  • [job] [logs] Defend Workflows Cypress Tests #2 / Unenroll agent from fleet changing when agent tamper protection is enabled but then is switched to a policy with it disabled "before each" hook for "should unenroll from fleet without issues" "before each" hook for "should unenroll from fleet without issues"
  • [job] [logs] Defend Workflows Cypress Tests #1 / Unenroll agent from fleet when agent tamper protection is disabled but then is switched to a policy with it enabled "before each" hook for "should unenroll from fleet without issues" "before each" hook for "should unenroll from fleet without issues"
  • [job] [logs] Defend Workflows Cypress Tests #15 / Unenroll agent from fleet when agent tamper protection is enabled "before each" hook for "should unenroll from fleet without issues" "before each" hook for "should unenroll from fleet without issues"
  • [job] [logs] Defend Workflows Cypress Tests #13 / Unenroll agent from fleet with agent tamper protection is disabled "before each" hook for "should unenroll from fleet without issues" "before each" hook for "should unenroll from fleet without issues"
  • [job] [logs] Defend Workflows Cypress Tests #13 / Unenroll agent from fleet with agent tamper protection is disabled "before each" hook for "should unenroll from fleet without issues" "before each" hook for "should unenroll from fleet without issues"
  • [job] [logs] Defend Workflows Cypress Tests #4 / Uninstall agent from host changing agent policy when agent tamper protection is disabled but then is switched to a policy with it enabled "before each" hook for "should uninstall from host without issues" "before each" hook for "should uninstall from host without issues"
  • [job] [logs] Defend Workflows Cypress Tests #6 / Uninstall agent from host changing agent policy when agent tamper protection is enabled but then is switched to a policy with it also enabled "before each" hook for "should uninstall from host without issues" "before each" hook for "should uninstall from host without issues"
  • [job] [logs] Defend Workflows Cypress Tests #5 / Uninstall agent from host changing agent policy when agent tamper protection is enabled but then is switched to a policy with it disabled "before each" hook for "should uninstall from host without issues" "before each" hook for "should uninstall from host without issues"
  • [job] [logs] Defend Workflows Cypress Tests #14 / Uninstall agent from host when agent tamper protection is disabled "before each" hook for "should uninstall from host without issues" "before each" hook for "should uninstall from host without issues"
  • [job] [logs] Defend Workflows Cypress Tests #14 / Uninstall agent from host when agent tamper protection is disabled "before each" hook for "should uninstall from host without issues" "before each" hook for "should uninstall from host without issues"
  • [job] [logs] FTR Configs #9 / Uptime app with real-world data uptime simple status alert has created a valid simple alert with expected parameters
  • [job] [logs] Jest Tests #1 / useLoadConnectors should call api to load action types
  • [job] [logs] Defend Workflows Cypress Tests on Serverless #6 / When on the Endpoint List in Security Essentials PLI and Isolated hosts exist "before all" hook for "should display release options in host row actions" "before all" hook for "should display release options in host row actions"
  • [job] [logs] Defend Workflows Cypress Tests on Serverless #6 / When on the Endpoint List in Security Essentials PLI and Isolated hosts exist "before all" hook for "should display release options in host row actions" "before all" hook for "should display release options in host row actions"

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@JiaweiWu
Copy link
Contributor

Last question: I am wondering if we should have a designated API to get the system action and not mix them with our connectors APIs. Might make our code cleaner on the UI and less confusing.

@cnasikas, @Zacqary, @JiaweiWu what do you think?

@XavierM Yea I was actually thinking something like this while reviewing this PR, it seems like the checks to determine whether or not its system action is going to be added everywhere.

@Zacqary
Copy link
Contributor Author

Zacqary commented Jan 30, 2024

Pushed the following changes:

  • New internal API that duplicates /connectors (get_all) and includes system actions. This will always be called by Kibana, because the use of get_all is not to populate the connectors list, but to populate existing actions. When editing a rule, newly-created or existing system actions will fail to load and display if their corresponding default preconfigured system action connector has not been loaded into memory. Unless something major changes in the UI, we currently have to do this, but at least we don't have to expose it to user-facing APIs.
  • New internal API that duplicates /connector_types (list_types) and includes system actions. This is the API we use to populate the action type list. The internal version will only be called if the user is configuring an example rule type.

JiaweiWu
JiaweiWu approved these changes Jan 30, 2024
View reviewed changes
Copy link
Contributor

@JiaweiWu JiaweiWu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@Zacqary Zacqary merged commit 299142c into elastic:system_actions_mvp Jan 30, 2024
31 of 91 checks passed
This was referenced Feb 5, 2024
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@XavierM XavierM XavierM left review comments

@cnasikas cnasikas cnasikas left review comments

@JiaweiWu JiaweiWu JiaweiWu approved these changes

Assignees
No one assigned
Labels
Feature:Alerting/RulesManagement Issues related to the Rules Management UX release_note:skip Skip the PR/issue when compiling release notes Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) v8.13.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@Zacqary @elasticmachine @apmmachine @cnasikas @XavierM @kibana-ci @JiaweiWu @ymao1 @kibanamachine