-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution][Detections] Implement "select all" rules #100554
Conversation
7167ef6
to
0ca06c4
Compare
b6543a0
to
3bac34a
Compare
7445ab1
to
c00073c
Compare
@elasticmachine merge upstream |
1 similar comment
@elasticmachine merge upstream |
Pinging @elastic/security-solution (Team: SecuritySolution) |
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
Hi @xcrzx, thanks for implementing this long overdue feature! I did some testing and found a couple of issues that I think we should look into.
|
afd419a
to
7bc37f8
Compare
Hey @peluja1012, Thank you for reviewing this PR.
With the "select all" feature, there is no easy way to say if the user has selected prebuilt rules. So disabling the Export button doesn't seem like an option to me. But what about showing a notification to the user with something like: "Successfully exported X of Y rules. Prebuilt rules were excluded from the resulting file."?
Sure, no problem. I'll limit the maximum number of rows by 100.
Yea, I've also seen this. There is some strange logic implemented which resets the current selection on every refresh. I don't know whether it was implemented on purpose, but we could improve the rule table's UX a little bit by removing it. UPD: I think I've found out why the table's selection gets reset after every update. Fresh data could contain a different set of rows, so previously selected rows could become no longer visible on the current page. But in the case when all rows are selected, we can keep the selection. |
baf2a2f
to
775a6a8
Compare
Hi @xcrzx, this sounds good to me. Thanks!
👍 |
d898781
to
9db2f46
Compare
9db2f46
to
18eb397
Compare
💛 Build succeeded, but was flaky
Test FailuresKibana Pipeline / general / Chrome X-Pack UI Functional Tests.x-pack/test/functional/apps/monitoring/elasticsearch/nodes·js.Monitoring app Elasticsearch nodes listing with only online nodes should filter for non-existent indexStandard Out
Stack Trace
Metrics [docs]Module Count
Async chunks
Page load bundle
History
To update your PR or re-run it, just comment with: cc @xcrzx |
* Use this method to watch value for changes. | ||
* | ||
* CAUTION: you probably don't need this hook. Try to use useEffect first. | ||
* It is only useful in rare cases when a value differs by reference but not by content between renders. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks for the updates
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thanks for your hard work on this feature @xcrzx!
💚 Backport successful
This backport PR will be merged automatically after passing CI. |
* master: (54 commits) Implement "select all" rules feature (elastic#100554) [ML] Remove script fields from the Anomaly detection alerting rule executor (elastic#101607) [Security solutions][Endpoint] Update event filtering texts (elastic#101563) [Enterprise Search] Mocks/tests tech debt - avoid hungry mocking (elastic#101107) [FTR] Updates esArchive paths [FTR] Updates esArchive paths [Security Solution][Detection Engine] Adds runtime field tests (elastic#101664) Added APM PHP agent to the list of agent names (elastic#101062) [CI] Restore old version_info behavior when .git directory is present (elastic#101642) [Fleet] Add fleet server telemetry (elastic#101400) [APM] Syncs agent config settings to APM Fleet policies (elastic#100744) [esArchiver] drop support for --dir, use repo-relative paths instead (elastic#101345) Revert "[xpack/test] restore incremental: false in ts project" [Security Solution] Remove Host Isolation feature flag (elastic#101655) [xpack/test] restore incremental: false in ts project [DOCS] Adds link to video landing page (elastic#101413) [ML] Move Index Data Visualizer into separate plugin (Part 1) (elastic#100922) Improve security plugin return types (elastic#101492) [ts] migrate `x-pack/test` to composite ts project (elastic#101441) [App Search] Updated Search UI to new URL (elastic#101320) ...
Addresses: #99440
Summary
Screen.Recording.2021-06-01.at.17.42.25.mov
detection_engine/rules/_bulk_action
API endpoint. It accepts a filter query, and a bulks action:enable
,disable
,export
,delete
,duplicate
. Under the hood, it queries detection rules using the provided filter string and applies the action to each of them. Currently, the number of rules is limited to 10,000.userHasNoPermissions
touserHasPermissions
to get rid of expressions likeuserHasNoPermissions={false}
🤯.<GenericDownloader />
component intodownloadBlob
method. That simplifies file download logic and allows to download rules without knowing their ids.Checklist