[Security Solution][Detections][Threshold Rules] Threshold rule exceptions (#85103)
* Threshold rule exceptions * Clean up * Disable value lists for threshold rule exceptions * lint Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
Madison Caldwell
GitHub
parent
7b32835226
commit
9719932297
|
|
@ -7,7 +7,7 @@ import React, { useCallback } from 'react';
|
|||
import { EuiFormRow, EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
|
||||
import styled from 'styled-components';
|
||||
|
||||
import { isEqlRule } from '../../../../../common/detection_engine/utils';
|
||||
import { isEqlRule, isThresholdRule } from '../../../../../common/detection_engine/utils';
|
||||
import { Type } from '../../../../../common/detection_engine/schemas/common/schemas';
|
||||
import { IFieldType, IIndexPattern } from '../../../../../../../../src/plugins/data/common';
|
||||
import { FieldComponent } from '../../autocomplete/field';
|
||||
|
|
@ -149,7 +149,7 @@ export const BuilderEntryItem: React.FC<EntryItemProps> = ({
|
|||
entry,
|
||||
listType,
|
||||
entry.field != null && entry.field.type === 'boolean',
|
||||
isFirst && !isEqlRule(ruleType)
|
||||
isFirst && !isEqlRule(ruleType) && !isThresholdRule(ruleType)
|
||||
);
|
||||
const comboBox = (
|
||||
<OperatorComponent
|
||||
|
|
|
|||
|
|
@ -19,8 +19,7 @@ import { getOr } from 'lodash/fp';
|
|||
import { useAppToasts } from '../../../../common/hooks/use_app_toasts';
|
||||
import { TimelineId } from '../../../../../common/types/timeline';
|
||||
import { DEFAULT_INDEX_PATTERN } from '../../../../../common/constants';
|
||||
import { Status, Type } from '../../../../../common/detection_engine/schemas/common/schemas';
|
||||
import { isThresholdRule } from '../../../../../common/detection_engine/utils';
|
||||
import { Status } from '../../../../../common/detection_engine/schemas/common/schemas';
|
||||
import { timelineActions } from '../../../../timelines/store/timeline';
|
||||
import { EventsTd, EventsTdContent } from '../../../../timelines/components/timeline/styles';
|
||||
import { DEFAULT_ICON_BUTTON_WIDTH } from '../../../../timelines/components/timeline/helpers';
|
||||
|
|
@ -323,12 +322,6 @@ const AlertContextMenuComponent: React.FC<AlertContextMenuProps> = ({
|
|||
setOpenAddExceptionModal('detection');
|
||||
}, [closePopover]);
|
||||
|
||||
const areExceptionsAllowed = useMemo((): boolean => {
|
||||
const ruleTypes = getOr([], 'signal.rule.type', ecsRowData);
|
||||
const [ruleType] = ruleTypes as Type[];
|
||||
return !isThresholdRule(ruleType);
|
||||
}, [ecsRowData]);
|
||||
|
||||
// eslint-disable-next-line react-hooks/exhaustive-deps
|
||||
const addExceptionComponent = (
|
||||
<EuiContextMenuItem
|
||||
|
|
@ -337,7 +330,7 @@ const AlertContextMenuComponent: React.FC<AlertContextMenuProps> = ({
|
|||
data-test-subj="add-exception-menu-item"
|
||||
id="addException"
|
||||
onClick={handleAddExceptionClick}
|
||||
disabled={!canUserCRUD || !hasIndexWrite || !areExceptionsAllowed}
|
||||
disabled={!canUserCRUD || !hasIndexWrite}
|
||||
>
|
||||
<EuiText data-test-subj="addExceptionButton" size="m">
|
||||
{i18n.ACTION_ADD_EXCEPTION}
|
||||
|
|
|
|||
|
|
@ -8,7 +8,6 @@ import { EuiAccordion, EuiFlexItem, EuiSpacer, EuiFormRow } from '@elastic/eui';
|
|||
import React, { FC, memo, useCallback, useEffect, useState } from 'react';
|
||||
import styled from 'styled-components';
|
||||
|
||||
import { isThresholdRule } from '../../../../../common/detection_engine/utils';
|
||||
import {
|
||||
RuleStepProps,
|
||||
RuleStep,
|
||||
|
|
@ -75,8 +74,6 @@ const StepAboutRuleComponent: FC<StepAboutRuleProps> = ({
|
|||
const [severityValue, setSeverityValue] = useState<string>(initialState.severity.value);
|
||||
const [indexPatternLoading, { indexPatterns }] = useFetchIndex(defineRuleData?.index ?? []);
|
||||
|
||||
const canUseExceptions = defineRuleData?.ruleType && !isThresholdRule(defineRuleData.ruleType);
|
||||
|
||||
const { form } = useForm<AboutStepRule>({
|
||||
defaultValue: initialState,
|
||||
options: { stripEmptyFields: false },
|
||||
|
|
@ -282,7 +279,7 @@ const StepAboutRuleComponent: FC<StepAboutRuleProps> = ({
|
|||
idAria: 'detectionEngineStepAboutRuleAssociatedToEndpointList',
|
||||
'data-test-subj': 'detectionEngineStepAboutRuleAssociatedToEndpointList',
|
||||
euiFieldProps: {
|
||||
disabled: isLoading || !canUseExceptions,
|
||||
disabled: isLoading,
|
||||
},
|
||||
}}
|
||||
/>
|
||||
|
|
|
|||
|
|
@ -82,7 +82,6 @@ import { DEFAULT_INDEX_PATTERN } from '../../../../../../common/constants';
|
|||
import { useFullScreen } from '../../../../../common/containers/use_full_screen';
|
||||
import { Display } from '../../../../../hosts/pages/display';
|
||||
import { ExceptionListTypeEnum, ExceptionListIdentifiers } from '../../../../../shared_imports';
|
||||
import { isThresholdRule } from '../../../../../../common/detection_engine/utils';
|
||||
import { useRuleAsync } from '../../../../containers/detection_engine/rules/use_rule_async';
|
||||
import { showGlobalFilters } from '../../../../../timelines/components/timeline/helpers';
|
||||
import { timelineSelectors } from '../../../../../timelines/store/timeline';
|
||||
|
|
@ -104,7 +103,6 @@ enum RuleDetailTabs {
|
|||
}
|
||||
|
||||
const getRuleDetailsTabs = (rule: Rule | null) => {
|
||||
const canUseExceptions = rule && !isThresholdRule(rule.type);
|
||||
return [
|
||||
{
|
||||
id: RuleDetailTabs.alerts,
|
||||
|
|
@ -115,7 +113,7 @@ const getRuleDetailsTabs = (rule: Rule | null) => {
|
|||
{
|
||||
id: RuleDetailTabs.exceptions,
|
||||
name: i18n.EXCEPTIONS_TAB,
|
||||
disabled: !canUseExceptions,
|
||||
disabled: false,
|
||||
dataTestSubj: 'exceptionsTab',
|
||||
},
|
||||
{
|
||||
|
|
|
|||
|
|
@ -338,7 +338,7 @@ export const signalRulesAlertType = ({
|
|||
must: [
|
||||
{
|
||||
term: {
|
||||
[threshold.field ?? 'signal.rule.rule_id']: bucket.key,
|
||||
[threshold.field || 'signal.rule.rule_id']: bucket.key,
|
||||
},
|
||||
},
|
||||
{
|
||||
|
|
|
|||
Loading…
Reference in a new issue