maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

[Security Solution][Detections] Disables add exception for ML and threshold rules (#75802)

Browse source
This commit is contained in:
Davis Plumlee 2020-08-25 18:13:41 -04:00 committed by GitHub
parent 1fee8f16ef
commit 5f89e0003b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx
View file

@ -9,6 +9,8 @@ import ApolloClient from 'apollo-client';
import { Dispatch } from 'redux';
import { EuiText } from '@elastic/eui';
import { RuleType } from '../../../../common/detection_engine/types';
import { isMlRule } from '../../../../common/machine_learning/helpers';
import { RowRendererId } from '../../../../common/types/timeline';
import { DEFAULT_INDEX_PATTERN } from '../../../../common/constants';
import { Status } from '../../../../common/detection_engine/schemas/common/schemas';
@ -39,6 +41,7 @@ import {
import { Ecs, TimelineNonEcsData } from '../../../graphql/types';
import { AddExceptionModalBaseProps } from '../../../common/components/exceptions/add_exception_modal';
import { getMappedNonEcsValue } from '../../../common/components/exceptions/helpers';
import { isThresholdRule } from '../../../../common/detection_engine/utils';
export const buildAlertStatusFilter = (status: Status): Filter[] => [
{
@ -193,6 +196,7 @@ export const requiredFieldsForActions = [
'signal.rule.query',
'signal.rule.to',
'signal.rule.id',
'signal.rule.type',
'signal.original_event.kind',
'signal.original_event.module',
@ -317,6 +321,15 @@ export const getAlertActions = ({
return module === 'endpoint' && kind === 'alert';
};
const exceptionsAreAllowed = () => {
const ruleTypes = getMappedNonEcsValue({
data: nonEcsRowData,
fieldName: 'signal.rule.type',
});
const [ruleType] = ruleTypes as RuleType[];
return !isMlRule(ruleType) && !isThresholdRule(ruleType);
};
return [
{
...getInvestigateInResolverAction({ dispatch, timelineId }),
@ -386,7 +399,7 @@ export const getAlertActions = ({
}
},
id: 'addException',
isActionDisabled: () => !canUserCRUD || !hasIndexWrite,
isActionDisabled: () => !canUserCRUD || !hasIndexWrite || !exceptionsAreAllowed(),
dataTestSubj: 'add-exception-menu-item',
ariaLabel: 'Add Exception',
content: <EuiText size="m">{i18n.ACTION_ADD_EXCEPTION}</EuiText>,