[Security Solution][Detections] Disables add exception for ML and threshold rules (#75802)
This commit is contained in:
parent
1fee8f16ef
commit
5f89e0003b
|
@ -9,6 +9,8 @@ import ApolloClient from 'apollo-client';
|
|||
import { Dispatch } from 'redux';
|
||||
|
||||
import { EuiText } from '@elastic/eui';
|
||||
import { RuleType } from '../../../../common/detection_engine/types';
|
||||
import { isMlRule } from '../../../../common/machine_learning/helpers';
|
||||
import { RowRendererId } from '../../../../common/types/timeline';
|
||||
import { DEFAULT_INDEX_PATTERN } from '../../../../common/constants';
|
||||
import { Status } from '../../../../common/detection_engine/schemas/common/schemas';
|
||||
|
@ -39,6 +41,7 @@ import {
|
|||
import { Ecs, TimelineNonEcsData } from '../../../graphql/types';
|
||||
import { AddExceptionModalBaseProps } from '../../../common/components/exceptions/add_exception_modal';
|
||||
import { getMappedNonEcsValue } from '../../../common/components/exceptions/helpers';
|
||||
import { isThresholdRule } from '../../../../common/detection_engine/utils';
|
||||
|
||||
export const buildAlertStatusFilter = (status: Status): Filter[] => [
|
||||
{
|
||||
|
@ -193,6 +196,7 @@ export const requiredFieldsForActions = [
|
|||
'signal.rule.query',
|
||||
'signal.rule.to',
|
||||
'signal.rule.id',
|
||||
'signal.rule.type',
|
||||
'signal.original_event.kind',
|
||||
'signal.original_event.module',
|
||||
|
||||
|
@ -317,6 +321,15 @@ export const getAlertActions = ({
|
|||
return module === 'endpoint' && kind === 'alert';
|
||||
};
|
||||
|
||||
const exceptionsAreAllowed = () => {
|
||||
const ruleTypes = getMappedNonEcsValue({
|
||||
data: nonEcsRowData,
|
||||
fieldName: 'signal.rule.type',
|
||||
});
|
||||
const [ruleType] = ruleTypes as RuleType[];
|
||||
return !isMlRule(ruleType) && !isThresholdRule(ruleType);
|
||||
};
|
||||
|
||||
return [
|
||||
{
|
||||
...getInvestigateInResolverAction({ dispatch, timelineId }),
|
||||
|
@ -386,7 +399,7 @@ export const getAlertActions = ({
|
|||
}
|
||||
},
|
||||
id: 'addException',
|
||||
isActionDisabled: () => !canUserCRUD || !hasIndexWrite,
|
||||
isActionDisabled: () => !canUserCRUD || !hasIndexWrite || !exceptionsAreAllowed(),
|
||||
dataTestSubj: 'add-exception-menu-item',
|
||||
ariaLabel: 'Add Exception',
|
||||
content: <EuiText size="m">{i18n.ACTION_ADD_EXCEPTION}</EuiText>,
|
||||
|
|
Loading…
Reference in a new issue