From 5f89e0003beb1c6d75494b0cea582bb8a7aa8259 Mon Sep 17 00:00:00 2001
From: Davis Plumlee <56367316+dplumlee@users.noreply.github.com>
Date: Tue, 25 Aug 2020 18:13:41 -0400
Subject: [PATCH] [Security Solution][Detections] Disables add exception for ML
 and threshold rules (#75802)

---
 .../components/alerts_table/default_config.tsx    | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx
index 5bab2e3c7897..ca17d331c67e 100644
--- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx
@@ -9,6 +9,8 @@ import ApolloClient from 'apollo-client';
 import { Dispatch } from 'redux';
 
 import { EuiText } from '@elastic/eui';
+import { RuleType } from '../../../../common/detection_engine/types';
+import { isMlRule } from '../../../../common/machine_learning/helpers';
 import { RowRendererId } from '../../../../common/types/timeline';
 import { DEFAULT_INDEX_PATTERN } from '../../../../common/constants';
 import { Status } from '../../../../common/detection_engine/schemas/common/schemas';
@@ -39,6 +41,7 @@ import {
 import { Ecs, TimelineNonEcsData } from '../../../graphql/types';
 import { AddExceptionModalBaseProps } from '../../../common/components/exceptions/add_exception_modal';
 import { getMappedNonEcsValue } from '../../../common/components/exceptions/helpers';
+import { isThresholdRule } from '../../../../common/detection_engine/utils';
 
 export const buildAlertStatusFilter = (status: Status): Filter[] => [
   {
@@ -193,6 +196,7 @@ export const requiredFieldsForActions = [
   'signal.rule.query',
   'signal.rule.to',
   'signal.rule.id',
+  'signal.rule.type',
   'signal.original_event.kind',
   'signal.original_event.module',
 
@@ -317,6 +321,15 @@ export const getAlertActions = ({
     return module === 'endpoint' && kind === 'alert';
   };
 
+  const exceptionsAreAllowed = () => {
+    const ruleTypes = getMappedNonEcsValue({
+      data: nonEcsRowData,
+      fieldName: 'signal.rule.type',
+    });
+    const [ruleType] = ruleTypes as RuleType[];
+    return !isMlRule(ruleType) && !isThresholdRule(ruleType);
+  };
+
   return [
     {
       ...getInvestigateInResolverAction({ dispatch, timelineId }),
@@ -386,7 +399,7 @@ export const getAlertActions = ({
         }
       },
       id: 'addException',
-      isActionDisabled: () => !canUserCRUD || !hasIndexWrite,
+      isActionDisabled: () => !canUserCRUD || !hasIndexWrite || !exceptionsAreAllowed(),
       dataTestSubj: 'add-exception-menu-item',
       ariaLabel: 'Add Exception',
       content: <EuiText size="m">{i18n.ACTION_ADD_EXCEPTION}</EuiText>,