Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Rework test plan for importing prebuilt rules #213434

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

[Security Solution] Rework test plan for importing prebuilt rules #213434

wants to merge 9 commits into from
+374 −112

Conversation

banderror
Copy link
Contributor

@banderror banderror commented Mar 6, 2025
edited
Loading

Epic: #174168
Partially addresses: #202079, #210358

Summary

We started to rework and introduce functional changes to our existing test plans for prebuilt rule customization, upgrade, and export/import workflows.

Specifically, this PR:

  • Restructures the test plan, introduces a more fine-grained list of sections.
  • Rewrites almost all the existing scenarios. In most cases it boils down to splitting a scenario into 2+ more specific scenarios, where each describes exactly what happens in the GIVEN and THEN sections. This is very important, as it:
    • makes these scenarios ready to be implemented right away: 1 scenario = 1 test to write
    • helps with ensuring that we covered edge cases
  • Adds new scenarios for handling missing base versions according to #210358.
  • Adds a placeholder section for licensing scenarios according to #11502.
  • Removes scenarios for the overwrite request parameter - this is common importing logic which is not related to prebuilt rules.
  • Addresses my own comments from this review.

The new test plan should be in line with the changes discussed in #210358.

@banderror banderror added release_note:skip Skip the PR/issue when compiling release notes test-plan v9.0.0 Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Detection Rule Management Security Detection Rule Management Team Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area backport:version Backport to applied version labels v8.18.0 v9.1.0 v8.19.0 labels Mar 6, 2025
@banderror banderror self-assigned this Mar 6, 2025
@banderror banderror mentioned this pull request Mar 6, 2025
Open
14 tasks
@banderror banderror force-pushed the rework-prebuilt-rule-import-test-plan branch 4 times, most recently from 90c067b to 155993a Compare March 7, 2025 15:41
@banderror banderror mentioned this pull request Mar 7, 2025
Merged
4 tasks
@banderror banderror force-pushed the rework-prebuilt-rule-import-test-plan branch from 155993a to 87353e9 Compare March 7, 2025 18:14
@banderror banderror marked this pull request as ready for review March 7, 2025 18:14
@banderror banderror requested a review from a team as a code owner March 7, 2025 18:14
@banderror banderror requested a review from jkelas March 7, 2025 18:14
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

@banderror banderror requested review from maximpn, nikitaindik, dplumlee and pborgonovi and removed request for jkelas March 7, 2025 18:15
@elasticmachine
Copy link
Contributor

💚 Build Succeeded

cc @banderror

@banderror banderror force-pushed the rework-prebuilt-rule-import-test-plan branch from 87353e9 to 952239b Compare March 10, 2025 10:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maximpn maximpn Awaiting requested review from maximpn

@nikitaindik nikitaindik Awaiting requested review from nikitaindik

@dplumlee dplumlee Awaiting requested review from dplumlee

@pborgonovi pborgonovi Awaiting requested review from pborgonovi

At least 1 approving review is required to merge this pull request.

Assignees

@banderror banderror

Labels
backport:version Backport to applied version labels Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area release_note:skip Skip the PR/issue when compiling release notes Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. test-plan v8.18.0 v8.19.0 v9.0.0 v9.1.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@banderror @elasticmachine