[Security Solution] Add validation error description on prebuilt rule editing #191832
Open
Assignees
Labels
8.18 candidate
Feature:Rule Edit
Security Solution Detection Rule Editing workflow
needs design
needs product
Team:Detection Engine
Security Solution Detection Engine Area
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Comments
e40pud
added
discuss
Feature:Rule Edit
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detection-engine (Team:Detection Engine) |
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
e40pud
changed the title
This was referenced Aug 30, 2024
|
@approksiu @e40pud /cc @peluja1012 @yctercero for resourcing
I completely agree with @vitaliidm and I propose to address this issue in two stages:
|
|
@banderror what would be an expected behaviour in case of editing a prebuilt rule which has a syntax error (or any other potential error which counts as a blocking error). Do we still want to show error callout "You have an invalid input in this tab: ..."? |
|
@e40pud Great point, I think it doesn't make sense to validate any fields that are under the disabled tabs on the Rule Editing page. The user won't be able to fix any validation errors there anyway. If we can't disable the validation for the disabled tabs itself, we shouldn't show any callouts or modals about the errors there. In other words, we should only validate the Actions tab. Again, this logic should only be applicable to prebuilt rules. |
e40pud
added a commit
to e40pud/kibana
that referenced
this issue
Sep 12, 2024
Merged
1 task
e40pud
added a commit
that referenced
this issue
Sep 13, 2024
… editing (#191832) (#192683) ## Summary Partially addressed #191832 With these changes: - We revert to the #180407 (comment). Specifically, we return back the validation errors to the modal window. An example of this modal is in the ticket description. - Additionally, on the Rule Editing page and **only for prebuilt rules** we: 1) hide the callout that says "You have an invalid input in this tab: ...", and 2) we don't show the modal if there are any data validation errors. We shouldn't show this modal and this callout until we release the prebuilt rule customization feature. 3) We will only validate the Actions tab. - Fix MKI flaky cypress tests introduced in #191487 ([1](https://buildkite.com/organizations/elastic/analytics/suites/serverless-mki-cypress-detection-engine/tests/b1f442af-db44-8029-a9fb-7e3d988303b3?branch=main), [2](https://buildkite.com/organizations/elastic/analytics/suites/serverless-mki-cypress-detection-engine/tests/995655b6-ae70-86fd-b483-c65846cd8d66?branch=main), [3](https://buildkite.com/organizations/elastic/analytics/suites/serverless-mki-cypress-detection-engine/tests/02318f5c-6ca1-8779-a5a4-60f52a55b344?branch=main)). All three tests are failing due to missing `[data-test-subj="eqlRuleType"]` element. After checking and comparing my tests to other similar tests in the file, the only difference that I've found was extra `login();` call. Thus removing those. Here is the screen recording showing the new behaviour for prebuilt rules. The has missing data source query validation error, though we do not show it and allow user just to save the rule. Only Actions tab is validated on rule save action. https://github.com/user-attachments/assets/ce968f51-1a53-41b2-ad06-1b31dec085a6 ### Checklist Delete any items that are not applicable to this PR. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed * [Detection Engine - Cypress](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6925) (100 ESS & 100 Serverless) * [Rule Management - Cypress](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6926) (100 ESS & 100 Serverless) * [Prebuilt Rules - Cypress](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6927) (100 ESS & 100 Serverless)
|
@banderror the Stage 1 of the list above was done and merged in this PR. |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Sep 13, 2024
… editing (elastic#191832) (elastic#192683) ## Summary Partially addressed elastic#191832 With these changes: - We revert to the elastic#180407 (comment). Specifically, we return back the validation errors to the modal window. An example of this modal is in the ticket description. - Additionally, on the Rule Editing page and **only for prebuilt rules** we: 1) hide the callout that says "You have an invalid input in this tab: ...", and 2) we don't show the modal if there are any data validation errors. We shouldn't show this modal and this callout until we release the prebuilt rule customization feature. 3) We will only validate the Actions tab. - Fix MKI flaky cypress tests introduced in elastic#191487 ([1](https://buildkite.com/organizations/elastic/analytics/suites/serverless-mki-cypress-detection-engine/tests/b1f442af-db44-8029-a9fb-7e3d988303b3?branch=main), [2](https://buildkite.com/organizations/elastic/analytics/suites/serverless-mki-cypress-detection-engine/tests/995655b6-ae70-86fd-b483-c65846cd8d66?branch=main), [3](https://buildkite.com/organizations/elastic/analytics/suites/serverless-mki-cypress-detection-engine/tests/02318f5c-6ca1-8779-a5a4-60f52a55b344?branch=main)). All three tests are failing due to missing `[data-test-subj="eqlRuleType"]` element. After checking and comparing my tests to other similar tests in the file, the only difference that I've found was extra `login();` call. Thus removing those. Here is the screen recording showing the new behaviour for prebuilt rules. The has missing data source query validation error, though we do not show it and allow user just to save the rule. Only Actions tab is validated on rule save action. https://github.com/user-attachments/assets/ce968f51-1a53-41b2-ad06-1b31dec085a6 ### Checklist Delete any items that are not applicable to this PR. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed * [Detection Engine - Cypress](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6925) (100 ESS & 100 Serverless) * [Rule Management - Cypress](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6926) (100 ESS & 100 Serverless) * [Prebuilt Rules - Cypress](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6927) (100 ESS & 100 Serverless) (cherry picked from commit c937e95)
kibanamachine
added a commit
that referenced
this issue
Sep 13, 2024
…t rule editing (#191832) (#192683) (#192819) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] Add validation error description on prebuilt rule editing (#191832) (#192683)](#192683) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Ievgen Sorokopud","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-09-13T08:37:39Z","message":"[Security Solution] Add validation error description on prebuilt rule editing (#191832) (#192683)\n\n## Summary\r\n\r\nPartially addressed https://github.com/elastic/kibana/issues/191832\r\n\r\nWith these changes:\r\n- We revert to the\r\nhttps://github.com//issues/180407#issuecomment-2312891214.\r\nSpecifically, we return back the validation errors to the modal window.\r\nAn example of this modal is in the ticket description.\r\n- Additionally, on the Rule Editing page and **only for prebuilt rules**\r\nwe: 1) hide the callout that says \"You have an invalid input in this\r\ntab: ...\", and 2) we don't show the modal if there are any data\r\nvalidation errors. We shouldn't show this modal and this callout until\r\nwe release the prebuilt rule customization feature. 3) We will only\r\nvalidate the Actions tab.\r\n- Fix MKI flaky cypress tests introduced in\r\nhttps://github.com//pull/191487\r\n([1](https://buildkite.com/organizations/elastic/analytics/suites/serverless-mki-cypress-detection-engine/tests/b1f442af-db44-8029-a9fb-7e3d988303b3?branch=main),\r\n[2](https://buildkite.com/organizations/elastic/analytics/suites/serverless-mki-cypress-detection-engine/tests/995655b6-ae70-86fd-b483-c65846cd8d66?branch=main),\r\n[3](https://buildkite.com/organizations/elastic/analytics/suites/serverless-mki-cypress-detection-engine/tests/02318f5c-6ca1-8779-a5a4-60f52a55b344?branch=main)).\r\nAll three tests are failing due to missing\r\n`[data-test-subj=\"eqlRuleType\"]` element. After checking and comparing\r\nmy tests to other similar tests in the file, the only difference that\r\nI've found was extra `login();` call. Thus removing those.\r\n\r\nHere is the screen recording showing the new behaviour for prebuilt\r\nrules. The has missing data source query validation error, though we do\r\nnot show it and allow user just to save the rule. Only Actions tab is\r\nvalidated on rule save action.\r\n\r\n\r\nhttps://github.com/user-attachments/assets/ce968f51-1a53-41b2-ad06-1b31dec085a6\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n* [Detection Engine -\r\nCypress](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6925)\r\n(100 ESS & 100 Serverless)\r\n* [Rule Management -\r\nCypress](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6926)\r\n(100 ESS & 100 Serverless)\r\n* [Prebuilt Rules -\r\nCypress](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6927)\r\n(100 ESS & 100 Serverless)","sha":"c937e95e3137821b510fa480ee28f0cf3afb85ad","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team: SecuritySolution","ci:cloud-deploy","Team:Detection Engine","ci:project-deploy-security","v8.16.0"],"title":"[Security Solution] Add validation error description on prebuilt rule editing (#191832)","number":192683,"url":"https://github.com/elastic/kibana/pull/192683","mergeCommit":{"message":"[Security Solution] Add validation error description on prebuilt rule editing (#191832) (#192683)\n\n## Summary\r\n\r\nPartially addressed https://github.com/elastic/kibana/issues/191832\r\n\r\nWith these changes:\r\n- We revert to the\r\nhttps://github.com//issues/180407#issuecomment-2312891214.\r\nSpecifically, we return back the validation errors to the modal window.\r\nAn example of this modal is in the ticket description.\r\n- Additionally, on the Rule Editing page and **only for prebuilt rules**\r\nwe: 1) hide the callout that says \"You have an invalid input in this\r\ntab: ...\", and 2) we don't show the modal if there are any data\r\nvalidation errors. We shouldn't show this modal and this callout until\r\nwe release the prebuilt rule customization feature. 3) We will only\r\nvalidate the Actions tab.\r\n- Fix MKI flaky cypress tests introduced in\r\nhttps://github.com//pull/191487\r\n([1](https://buildkite.com/organizations/elastic/analytics/suites/serverless-mki-cypress-detection-engine/tests/b1f442af-db44-8029-a9fb-7e3d988303b3?branch=main),\r\n[2](https://buildkite.com/organizations/elastic/analytics/suites/serverless-mki-cypress-detection-engine/tests/995655b6-ae70-86fd-b483-c65846cd8d66?branch=main),\r\n[3](https://buildkite.com/organizations/elastic/analytics/suites/serverless-mki-cypress-detection-engine/tests/02318f5c-6ca1-8779-a5a4-60f52a55b344?branch=main)).\r\nAll three tests are failing due to missing\r\n`[data-test-subj=\"eqlRuleType\"]` element. After checking and comparing\r\nmy tests to other similar tests in the file, the only difference that\r\nI've found was extra `login();` call. Thus removing those.\r\n\r\nHere is the screen recording showing the new behaviour for prebuilt\r\nrules. The has missing data source query validation error, though we do\r\nnot show it and allow user just to save the rule. Only Actions tab is\r\nvalidated on rule save action.\r\n\r\n\r\nhttps://github.com/user-attachments/assets/ce968f51-1a53-41b2-ad06-1b31dec085a6\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n* [Detection Engine -\r\nCypress](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6925)\r\n(100 ESS & 100 Serverless)\r\n* [Rule Management -\r\nCypress](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6926)\r\n(100 ESS & 100 Serverless)\r\n* [Prebuilt Rules -\r\nCypress](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6927)\r\n(100 ESS & 100 Serverless)","sha":"c937e95e3137821b510fa480ee28f0cf3afb85ad"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/192683","number":192683,"mergeCommit":{"message":"[Security Solution] Add validation error description on prebuilt rule editing (#191832) (#192683)\n\n## Summary\r\n\r\nPartially addressed https://github.com/elastic/kibana/issues/191832\r\n\r\nWith these changes:\r\n- We revert to the\r\nhttps://github.com//issues/180407#issuecomment-2312891214.\r\nSpecifically, we return back the validation errors to the modal window.\r\nAn example of this modal is in the ticket description.\r\n- Additionally, on the Rule Editing page and **only for prebuilt rules**\r\nwe: 1) hide the callout that says \"You have an invalid input in this\r\ntab: ...\", and 2) we don't show the modal if there are any data\r\nvalidation errors. We shouldn't show this modal and this callout until\r\nwe release the prebuilt rule customization feature. 3) We will only\r\nvalidate the Actions tab.\r\n- Fix MKI flaky cypress tests introduced in\r\nhttps://github.com//pull/191487\r\n([1](https://buildkite.com/organizations/elastic/analytics/suites/serverless-mki-cypress-detection-engine/tests/b1f442af-db44-8029-a9fb-7e3d988303b3?branch=main),\r\n[2](https://buildkite.com/organizations/elastic/analytics/suites/serverless-mki-cypress-detection-engine/tests/995655b6-ae70-86fd-b483-c65846cd8d66?branch=main),\r\n[3](https://buildkite.com/organizations/elastic/analytics/suites/serverless-mki-cypress-detection-engine/tests/02318f5c-6ca1-8779-a5a4-60f52a55b344?branch=main)).\r\nAll three tests are failing due to missing\r\n`[data-test-subj=\"eqlRuleType\"]` element. After checking and comparing\r\nmy tests to other similar tests in the file, the only difference that\r\nI've found was extra `login();` call. Thus removing those.\r\n\r\nHere is the screen recording showing the new behaviour for prebuilt\r\nrules. The has missing data source query validation error, though we do\r\nnot show it and allow user just to save the rule. Only Actions tab is\r\nvalidated on rule save action.\r\n\r\n\r\nhttps://github.com/user-attachments/assets/ce968f51-1a53-41b2-ad06-1b31dec085a6\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n* [Detection Engine -\r\nCypress](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6925)\r\n(100 ESS & 100 Serverless)\r\n* [Rule Management -\r\nCypress](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6926)\r\n(100 ESS & 100 Serverless)\r\n* [Prebuilt Rules -\r\nCypress](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/6927)\r\n(100 ESS & 100 Serverless)","sha":"c937e95e3137821b510fa480ee28f0cf3afb85ad"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Ievgen Sorokopud <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
While working on #180407 and adding this PR #191487, @vitaliidm brought up the confusion with rule validation errors while editing prebuilt rules:
Right now, we show only a short message at the top of the page about the existing error on some tabs without any clarification about the source of the error. In the example below we show
You have an invalid input in this tab: Definition:Since users still cannot edit prebuilt rules, they cannot navigate to the mentioned tabs and see the reason of the error. We believe this may confuse our users and not the best UX.
Possible solutions:
cc @approksiu @banderror @yctercero
The text was updated successfully, but these errors were encountered: