[Security Solution] Add threshold, machine_learning_job_id and anomaly_threshold editable fields
#200323
Conversation
nikitaindik
added
release_note:skip
nikitaindik
force-pushed
the
machine-learning-fields
branch
from
c195e14 to
ff1858e
Compare
nikitaindik
force-pushed
the
machine-learning-fields
branch
from
ff1858e to
d13fb76
Compare
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
nikitaindik
force-pushed
the
machine-learning-fields
branch
from
f198cad to
b6a9d92
Compare
banderror
added
the
Feature:Prebuilt Detection Rules
I guess, it's my bias. That's the default width I use for browsing. It takes half of a 27-inch screen.
I've prepared deployments for you folks, so you can see how it behaves. You can use a rule called Potential LSASS Memory Dump via PssCaptureSnapShot in both deployments. Try resizing the window with this rule open in Rule editing page and in the Upgrade flyout to see the difference. With default styles: (link) With styles from this branch: (link) Looking forward to your feedback! |
|
Hey @nikitaindik, I dont mind the new width but do not particularly like the error message and the way it bumps things down that sways me to the narrower field approach. |
|
@vitaliidm @ARWNightingale Hey folks, I've simplified the styling a bit, removed reliance on constants, and ensured that the error text doesn't shrink. Here's how it looks: rep.movflyout.movWhat do you think? |
|
@nikitaindik looks great! thanks |
Screen.Recording.2024-12-18.at.12.05.26.movI have noticed when number input changes status from invalid to valid and vice versa, cursor position changes automatically due to error message appearing and disappearing. @ARWNightingale, what your thoughts on this? Should we leave it as it is now? |
|
@vitaliidm I dont like it to be honest, I did not notice that quick shift, ideally no movement would be best. Maybe that requires a little more room or a shorter error message? |
|
@ARWNightingale @vitaliidm Since error message can have different length in different languages, I guess our options are: Have a fixed size for number inputs, but it'll cause text to wrap (which is fine, imo) Schermopname.2024-12-18.om.17.15.45.movLimit the width of dropdowns to have some space left over for number inputs to expand Schermopname.2024-12-18.om.17.18.29.movThe downside with these options is that ideally we want to have as much width as possible for the dropdown since field names can be quite long. Schermopname.2024-12-18.om.17.24.11.mov |
|
@nikitaindik Im happy with the small drop and text wrap, I dont see this as a major UX issue. |
|
@vitaliidm I pushed the change, please take a look. |
|
@nikitaindik, I am approving this PR But before merge, let's address ML change too: Custom job button located far away on the right side of column, which does not look good Old UI
New UI
|
|
@vitaliidm Thanks for the review! 🙏 I've addressed your last comment about the spacing for ML button before merging. After the fix |
💚 Build Succeeded
Metrics [docs]Module Count
Async chunks
History
cc @nikitaindik |
|
Starting backport for target branches: 8.x https://github.com/elastic/kibana/actions/runs/12401252816 |
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
…nomaly_threshold` editable fields (elastic#200323) **Partially addresses: elastic#171520 ## Summary **Changes in this PR**: - `threshold` and `machine_learning_job_id`, `anomaly_threshold` are now editable in the Rule Upgrade flyout <img width="1840" alt="Schermafbeelding 2024-11-26 om 08 59 24" src="https://github.com/user-attachments/assets/b76ef89b-8051-4eba-8d67-9e86a0408e83"> ### Testing - Ensure the `prebuiltRulesCustomizationEnabled` feature flag is enabled. - To simulate the availability of prebuilt rule upgrades, downgrade a currently installed prebuilt rule using the `PATCH api/detection_engine/rules` API. - Set `version: 1` in the request body to downgrade it to version 1. - Modify other rule fields in the request body as needed to test the changes. (cherry picked from commit 042344e)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…and `anomaly_threshold` editable fields (#200323) (#204840) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] Add `threshold`, `machine_learning_job_id` and `anomaly_threshold` editable fields (#200323)](#200323) <!--- Backport version: 8.9.8 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Nikita Indik","email":"nikita.indik@elastic.co"},"sourceCommit":{"committedDate":"2024-12-18T21:01:57Z","message":"[Security Solution] Add `threshold`, `machine_learning_job_id` and `anomaly_threshold` editable fields (#200323)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/171520**\n\n## Summary\n**Changes in this PR**:\n- `threshold` and `machine_learning_job_id`, `anomaly_threshold` are now\neditable in the Rule Upgrade flyout\n\n<img width=\"1840\" alt=\"Schermafbeelding 2024-11-26 om 08 59 24\"\nsrc=\"https://github.com/user-attachments/assets/b76ef89b-8051-4eba-8d67-9e86a0408e83\">\n\n\n### Testing\n- Ensure the `prebuiltRulesCustomizationEnabled` feature flag is\nenabled.\n- To simulate the availability of prebuilt rule upgrades, downgrade a\ncurrently installed prebuilt rule using the `PATCH\napi/detection_engine/rules` API.\n - Set `version: 1` in the request body to downgrade it to version 1.\n- Modify other rule fields in the request body as needed to test the\nchanges.","sha":"042344e27db3b9ae07f5af3b7b1840105afc2a5b","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","ci:cloud-deploy","ci:project-deploy-security","backport:version","v8.18.0"],"number":200323,"url":"https://github.com/elastic/kibana/pull/200323","mergeCommit":{"message":"[Security Solution] Add `threshold`, `machine_learning_job_id` and `anomaly_threshold` editable fields (#200323)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/171520**\n\n## Summary\n**Changes in this PR**:\n- `threshold` and `machine_learning_job_id`, `anomaly_threshold` are now\neditable in the Rule Upgrade flyout\n\n<img width=\"1840\" alt=\"Schermafbeelding 2024-11-26 om 08 59 24\"\nsrc=\"https://github.com/user-attachments/assets/b76ef89b-8051-4eba-8d67-9e86a0408e83\">\n\n\n### Testing\n- Ensure the `prebuiltRulesCustomizationEnabled` feature flag is\nenabled.\n- To simulate the availability of prebuilt rule upgrades, downgrade a\ncurrently installed prebuilt rule using the `PATCH\napi/detection_engine/rules` API.\n - Set `version: 1` in the request body to downgrade it to version 1.\n- Modify other rule fields in the request body as needed to test the\nchanges.","sha":"042344e27db3b9ae07f5af3b7b1840105afc2a5b"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/200323","number":200323,"mergeCommit":{"message":"[Security Solution] Add `threshold`, `machine_learning_job_id` and `anomaly_threshold` editable fields (#200323)\n\n**Partially addresses: https://github.com/elastic/kibana/issues/171520**\n\n## Summary\n**Changes in this PR**:\n- `threshold` and `machine_learning_job_id`, `anomaly_threshold` are now\neditable in the Rule Upgrade flyout\n\n<img width=\"1840\" alt=\"Schermafbeelding 2024-11-26 om 08 59 24\"\nsrc=\"https://github.com/user-attachments/assets/b76ef89b-8051-4eba-8d67-9e86a0408e83\">\n\n\n### Testing\n- Ensure the `prebuiltRulesCustomizationEnabled` feature flag is\nenabled.\n- To simulate the availability of prebuilt rule upgrades, downgrade a\ncurrently installed prebuilt rule using the `PATCH\napi/detection_engine/rules` API.\n - Set `version: 1` in the request body to downgrade it to version 1.\n- Modify other rule fields in the request body as needed to test the\nchanges.","sha":"042344e27db3b9ae07f5af3b7b1840105afc2a5b"}},{"branch":"8.x","label":"v8.18.0","labelRegex":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT-->
…nomaly_threshold` editable fields (elastic#200323) **Partially addresses: elastic#171520 ## Summary **Changes in this PR**: - `threshold` and `machine_learning_job_id`, `anomaly_threshold` are now editable in the Rule Upgrade flyout <img width="1840" alt="Schermafbeelding 2024-11-26 om 08 59 24" src="https://github.com/user-attachments/assets/b76ef89b-8051-4eba-8d67-9e86a0408e83"> ### Testing - Ensure the `prebuiltRulesCustomizationEnabled` feature flag is enabled. - To simulate the availability of prebuilt rule upgrades, downgrade a currently installed prebuilt rule using the `PATCH api/detection_engine/rules` API. - Set `version: 1` in the request body to downgrade it to version 1. - Modify other rule fields in the request body as needed to test the changes.
Partially addresses: #171520
Summary
Changes in this PR:
thresholdandmachine_learning_job_id,anomaly_thresholdare now editable in the Rule Upgrade flyoutTesting
prebuiltRulesCustomizationEnabledfeature flag is enabled.PATCH api/detection_engine/rulesAPI.version: 1in the request body to downgrade it to version 1.