[Security Solution] Users can Customize Prebuilt Detection Rules: Milestone 3 bugs

[banderror]

Epic: https://github.com/elastic/security-team/issues/1974 (internal)
Milestones: << • >>
Milestone 3: #174168

Status: In development.

Summary

This is a part of Milestone 3 epic and was extracted from it because there were too many issues that started to cause glitches.

Please find the rest of Milestone 3 issues in #174168.

Bugs

Bugs: rule editing and customization

Beta Give feedback

1. [Security Solution] Rule's EQL query validation fails unexpectedly when fields missing #178611
   8.16 candidate Feature:Rule Creation Feature:Rule Edit Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug fixed impact:medium v8.16.0 +10
   
2. [Security Solution] Rules mistakenly marked as customized #199629
   8.17 candidate Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:high v8.16.1 v8.17.0 v9.0.0 +10
   
3. [Security Solution] Required fields are getting erased on rule PATCH #199665
   8.17 candidate Feature:Rule Management Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:medium v8.16.1 v8.17.0 v9.0.0 +10
   
4. [Security Solution] “Author” and “License” Fields Are Editable in UI but Result in Errors When Updated #200251
   8.18 candidate Feature:Prebuilt Detection Rules Feature:Rule Edit Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:medium v8.17.0 v8.18.0 +10
   
5. [Security Solution] Validation for Invalid Field Inputs in Advanced Settings Is Bypassed #200830
   8.18 candidate Feature:Prebuilt Detection Rules Feature:Rule Edit Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:medium v8.18.0 +9
   
6. [Security Solution] Custom Query field overflows the viewport and cannot be completely visualized or edited when the query is too long #178615
   8.18 candidate Feature:Rule Creation Feature:Rule Edit Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:medium v8.17.0 v8.18.0 +10
   
7. https://github.com/elastic/security-team/issues/10215
8. [Security Solution] Add validation error description on prebuilt rule editing #191832
   8.18 candidate Feature:Rule Edit Team: SecuritySolution Team:Detection Engine Team:Detection Rule Management Team:Detections and Resp needs design needs product v8.18.0 +9
   
9. [Security Solution] Editing rules independently of source data #180407
   2 of 5
   8.18 candidate Feature:Prebuilt Detection Rules Feature:Rule Creation Feature:Rule Edit Team: SecuritySolution Team:Detection Engine Team:Detection Rule Management Team:Detections and Resp +8

Bugs: rule details and upgrade flyout

Beta Give feedback

1. [Security Solution] Warnings in rule filters on the Rule Details page: "Field does not exist in current view" #178908
   8.17 candidate Feature:Rule Details Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:medium v8.16.2 v8.17.0 +9
   
2. [Security Solution] Show count field on Rule details page for threshold rules #161576
   8.17 candidate Feature:Rule Details Feature:Threshold Rule Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug enhancement sdh-linked v8.16.2 v8.17.0 +11
   
3. [Security Solution] Wrapping of default data view index not done on Rule Details page (Firefox) #140156
   8.17 candidate Feature:Rule Details Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:low v8.16.2 v8.17.0 +9
   

Bugs: rule installation and upgrade

Beta Give feedback

1. [Security Solution] Infinite loading state on the rule install page when user doesn't have write privileges #161543
   8.14 candidate Feature:Detection Alerts/Rules RBAC Feature:Prebuilt Detection Rules QA:Validated Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug fixed impact:medium v8.12.2 v8.13.0 v8.14.0 +13
   
2. [Security Solution] Error Unable to load page is shown for Rules Page after updating Rules. #180120
   8.14 candidate Feature:Prebuilt Detection Rules QA:Validated Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:high +8
3. [Security Solution] Prebuilt rule flyout: Fix the delay that occurs when a user tries to open a flyout #166166
   Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:low performance +7
   
4. [Security Solution] Replace PATCH logic with PUT when upgrading rules #180195
   8.16 candidate Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:medium v8.16.0 +8
   
5. [Security Solution] 'Update rule' button is disabled when there are prebuilt rules updates available #198155
   8.16 candidate Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug fixed impact:high v8.16.0 +9
   
6. [Security Solution] upgrade/_review blocks main thread #199290
   8.17 candidate Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:critical performance v8.16.1 v8.17.0 v9.0.0 +11
   
7. [Security Solution] Install All button on Add Elastic Rules page gets re-enabled when user revisit the page while rules are loading. #180660
   8.17 candidate Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:high v8.16.2 v8.17.0 +9
   
8. [Security Solution] Fix load rules callout copy #200521
   8.17 candidate Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp UX Debt bug impact:low ui-copy v8.17.0 +10
   
9. [Security Solution] Unable to upgrade rules with missing base version #200904
   8.17 candidate Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:high v8.17.0 v8.18.0 +9
   
10. [Security Solution] Prebuilt rule customization is lost on upgrade when Base version is missing #201500
    8.18 candidate Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:high v8.18.0 +8
    
11. [Security Solution] Inconsistent conflict state messaging in Rule Upgrade flyout #200811
    8.18 candidate Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:high v8.18.0 +8
    
12. [Security Solution] Incorrect field count in Rule Upgrade flyout #200286
    8.18 candidate Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:low v8.18.0 +8
    
13. [Security Solution] Implement rule upgrade concurrency control #200134
    8.18 candidate Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:high v8.18.0 +8
    

Bugs: rule import and export

Beta Give feedback

1. https://github.com/elastic/infosec/issues/15731
2. [Security Solution] Users can import custom rules with rule_id equal to that of a not-installed prebuilt rule #180198
   8.18 candidate Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:medium +7

Bugs: misc

Beta Give feedback

1. [Security Solution] When duplicating a prebuilt rule, 'Related Integrations' and 'Required Fields' values are not inherited from the original rule #190628
   8.16 candidate Feature:Prebuilt Detection Rules Feature:Rule Management Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug fixed impact:medium v8.15.1 v8.16.0 +11
   

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

[elasticmachine]

Pinging @elastic/security-detections-response (Team:Detections and Resp)