[RAM] add support of bulk update "muteAll" rule property in rulesClient #139084
Labels
8.5 candidate
Feature:Alerting/RulesManagement
Issues related to the Rules Management UX
Feature:Rule Management
Security Solution Detection Rule Management area
performance
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team:ResponseOps
Label for the ResponseOps team (formerly the Cases and Alerting teams)
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Comments
vitaliidm
changed the title
vitaliidm
added
8.5 candidate
Team:Endpoint Response
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
vitaliidm
added
Feature:Rule Management
vitaliidm
changed the title
vitaliidm
added
Team:ResponseOps
|
Pinging @elastic/response-ops (Team:ResponseOps) |
3 tasks
|
@vitaliidm, we think that this #139742 will allow you to create bulk snooze with out problem. And we will also hope that this #137430 will allow your users to take advantage of the new snooze functionality that we created. |
vitaliidm
added a commit
that referenced
this issue
Sep 6, 2022
## Summary - addresses elastic/security-team#2072 - adds new bulk edit actions: `add_rule_actions`, `set_rule_actions` - moved immutability check from rule `validateMutatedParams` to action validator. Because, rule immutability depends on actions performed on it, not only on `immutable` property - adds some test coverage - using workaround for #139084, by muting/unmuting single rule. This would only happen: - if rule was muted before, throttle set to some value - rule was unmuted, throttle set to `no_actions` ### Feature recording Note: callouts on recording are not up to date https://user-images.githubusercontent.com/92328789/185381912-6c4a25f6-fb36-4c31-bf08-8ec28f2358c0.mov ### Screen <img width="1465" alt="Screenshot 2022-08-25 at 17 23 56" src="https://user-images.githubusercontent.com/92328789/186731607-574687b8-8a7a-43de-8f30-6cda3dcecfc5.png"> ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) ### Release note Adding bulk edit of rule actions
|
Hey @vitaliidm! It seems that the functionality added in #139742 allows to set/unset |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the feature:
Add support of bulk update "muteAll" rule property in rulesClient
Describe a specific use case for the feature:
To add/update rule actions on Security Solution side, we need an ability to update
muteAllrule property in bulk.It needed for cases:
no_actions, but rule was unmutedReference in code:
https://github.com/elastic/kibana/blob/8.4/x-pack/plugins/security_solution/server/lib/detection_engine/rules/utils.ts#L122-L147
Proposals of implementation
bulkEditmethodProposed new operation would look like:
Also, we will need to address some additional logic, that exists in current
muteAll/unmuteAllmethods... mutedInstanceIds: [], snoozeSchedule: clearUnscheduledSnooze(attributes), ...The text was updated successfully, but these errors were encountered: