[Security Solution] Add UI incentivizers to upgrade prebuilt rules #211862

dplumlee · 2025-02-20T02:41:31Z

Summary

Partially addresses #210358

Adds all callouts and logic to incentivize users to upgrade their rules asap. These include:

Showing a callout on the Rule Management page
Showing a callout on the Rule Details page
- Letting users open the Rule Upgrade flyout from the Rule Details page
Showing a callout on the Rule Editing page
Showing a callout in the Rule Upgrade flyout if rule has missing base version

This PR also adds related updates to the rule diff algorithms in order to facilitate an easier upgrade experience when rules have missing base versions. These include:

When the rule has a missing base version and is NOT marked as customized:
- We should return all the target fields from the diff algorithm as NO_CONFLICT
When the rule has a missing base version and is marked as customized:
- We should attempt to merge all non-functional mergeable fields (any field that doesn't have consequences with how the rule runs e.g. tags) and return them as SOLVABLE_CONFLICT.
  - NOTE: When base versions are missing and the rule is customized, we attempt to merge all mergable, non-functional rule fields. These include all fields covered by the scalar diff array (tags, references, new_terms_fields, threat_index). We typically also consider multi-line string fields as mergeable but without three versions of the string, we are currently unable to merge the strings together, so we just return target version.
- We should pick the target version for all functional mergeable fields (e.g. index) and non-mergeable fields and return them as SOLVABLE_CONFLICT.

Screenshots

Callout on Rule details page w/ flyout button

Upgrade flyout now accessible from rule details page

Callout on rule editing page

Dismissible callout on rule management page

Callout in rule upgrade flyout when rule has missing base version

Checklist

Check the PR satisfies following conditions.

Reviewers should verify this PR satisfies this list as well.

Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
Unit or functional tests were updated or added to match the most common scenarios

…-version-handling

elasticmachine · 2025-03-03T21:10:34Z

Pinging @elastic/security-detections-response (Team:Detections and Resp)

elasticmachine · 2025-03-03T21:10:35Z

Pinging @elastic/security-solution (Team: SecuritySolution)

elasticmachine · 2025-03-03T21:10:36Z

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

maximpn · 2025-03-04T14:17:10Z

Files by Code Owner

elastic/security-detection-engine

x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_editing/index.tsx

elastic/security-detection-rule-management

x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/three_way_diff/three_way_diff.ts
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/prebuilt_rules/review_rule_upgrade/review_rule_upgrade_route.ts
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/index.tsx
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/api/hooks/prebuilt_rules/use_fetch_prebuilt_rules_install_review_query.ts
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/api/hooks/prebuilt_rules/use_fetch_prebuilt_rules_upgrade_review_query.ts
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/rule_upgrade/rule_upgrade.tsx
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/rule_upgrade/rule_upgrade_callout.tsx
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/rule_upgrade/translations.tsx
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/model/prebuilt_rule_upgrade/rule_upgrade_state.ts
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/mini_callout/translations.tsx
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rule_update_callouts/has_rule_update_callout.tsx
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rule_update_callouts/rule_update_callouts.tsx
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rule_update_callouts/translations.ts
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/add_prebuilt_rules_table/add_prebuilt_rules_table.tsx
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/feature_tour/rules_feature_tour.tsx
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/upgrade_prebuilt_rules_table/upgrade_prebuilt_rules_table.tsx
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/upgrade_prebuilt_rules_table/upgrade_prebuilt_rules_table_context.tsx
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/upgrade_prebuilt_rules_table/use_prebuilt_rules_upgrade.tsx
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/upgrade_prebuilt_rules_table/use_prebuilt_rules_upgrade_state.test.ts
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/upgrade_prebuilt_rules_table/use_prebuilt_rules_upgrade_state.ts
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/upgrade_prebuilt_rules_table/use_upgrade_prebuilt_rules_table_columns.tsx
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/pages/rule_management/index.tsx
x-pack/solutions/security/plugins/security_solution/public/detections/pages/detection_engine/rules/translations.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/create_upgradeable_rules_payload.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_upgrade/calculate_rule_upgrade_info.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculate_rule_diff.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/data_source_diff_algorithm.test.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/data_source_diff_algorithm.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/eql_query_diff_algorithm.test.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/eql_query_diff_algorithm.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/esql_query_diff_algorithm.test.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/esql_query_diff_algorithm.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/kql_query_diff_algorithm.test.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/kql_query_diff_algorithm.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/multi_line_string_diff_algorithm.test.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/multi_line_string_diff_algorithm.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/number_diff_algorithm.test.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/number_diff_algorithm.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/rule_type_diff_algorithm.test.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/rule_type_diff_algorithm.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/scalar_array_diff_algorithm.test.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/scalar_array_diff_algorithm.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/simple_diff_algorithm.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/single_line_string_diff_algorithm.test.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/single_line_string_diff_algorithm.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/calculate_rule_fields_diff.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/diff_calculation_helpers.ts
x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/references.ts
x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/tags.ts
x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/test_helpers.ts
x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/new_terms_fields.ts
x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_index.ts
x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/update_workflow_customized_rules.cy.ts

elastic/security-engineering-productivity

x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/update_workflow_customized_rules.cy.ts
x-pack/test/security_solution_cypress/cypress/screens/alerts_detection_rules.ts

elastic/security-solution

x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/three_way_diff/three_way_diff.ts
x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/prebuilt_rules/review_rule_upgrade/review_rule_upgrade_route.ts
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_editing/index.tsx
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/index.tsx
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/api/hooks/prebuilt_rules/use_fetch_prebuilt_rules_install_review_query.ts
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/api/hooks/prebuilt_rules/use_fetch_prebuilt_rules_upgrade_review_query.ts
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/rule_upgrade/rule_upgrade.tsx
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/rule_upgrade/rule_upgrade_callout.tsx
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/rule_upgrade/translations.tsx
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/model/prebuilt_rule_upgrade/rule_upgrade_state.ts
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/mini_callout/translations.tsx
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rule_update_callouts/has_rule_update_callout.tsx
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rule_update_callouts/rule_update_callouts.tsx
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rule_update_callouts/translations.ts
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/add_prebuilt_rules_table/add_prebuilt_rules_table.tsx
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/feature_tour/rules_feature_tour.tsx
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/upgrade_prebuilt_rules_table/upgrade_prebuilt_rules_table.tsx
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/upgrade_prebuilt_rules_table/upgrade_prebuilt_rules_table_context.tsx
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/upgrade_prebuilt_rules_table/use_prebuilt_rules_upgrade.tsx
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/upgrade_prebuilt_rules_table/use_prebuilt_rules_upgrade_state.test.ts
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/upgrade_prebuilt_rules_table/use_prebuilt_rules_upgrade_state.ts
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/upgrade_prebuilt_rules_table/use_upgrade_prebuilt_rules_table_columns.tsx
x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/pages/rule_management/index.tsx
x-pack/solutions/security/plugins/security_solution/public/detections/pages/detection_engine/rules/translations.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/create_upgradeable_rules_payload.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_upgrade/calculate_rule_upgrade_info.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculate_rule_diff.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/data_source_diff_algorithm.test.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/data_source_diff_algorithm.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/eql_query_diff_algorithm.test.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/eql_query_diff_algorithm.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/esql_query_diff_algorithm.test.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/esql_query_diff_algorithm.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/kql_query_diff_algorithm.test.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/kql_query_diff_algorithm.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/multi_line_string_diff_algorithm.test.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/multi_line_string_diff_algorithm.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/number_diff_algorithm.test.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/number_diff_algorithm.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/rule_type_diff_algorithm.test.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/rule_type_diff_algorithm.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/scalar_array_diff_algorithm.test.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/scalar_array_diff_algorithm.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/simple_diff_algorithm.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/single_line_string_diff_algorithm.test.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/single_line_string_diff_algorithm.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/calculate_rule_fields_diff.ts
x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/diff_calculation_helpers.ts
x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/references.ts
x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/tags.ts
x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/test_helpers.ts
x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/new_terms_fields.ts
x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_index.ts

maximpn

@dplumlee Thanks for improving UX for prebuilt rules with missing base version 🙏

I reviewed the changes and tested them locally. Testing didn't reveal issues.

I left a number of comments though critical are the following

Revert rate limiting retry logic
rename hasBaseVersion to has_base_version in the API contract
double check diff algorithms implementation changes are correct. The task ticket assumes we merge the changes for non-functional fields but the implementation does't do that for fields like description, note, setup.

On top of that I have some general comments not directly related to that PR.

Changes to diff algorithms might be much simpler if the functionality was implemented via Strategy pattern. We have a lot similar logic for each field with some specific details. Missing base version case isn't exception.

maximpn · 2025-03-04T14:04:51Z

...gins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_editing/index.tsx

@@ -172,7 +175,20 @@ const EditRulePageComponent: FC<{ rule: RuleResponse }> = ({ rule }) => {
    newTermsFields: defineStepData.newTermsFields,
  });

-  const loading = userInfoLoading || listsConfigLoading;
+  const { upgradeReviewResponse, isLoading: isRuleUpgradeReviewLoading } = usePrebuiltRulesUpgrade({


nit: It could be extracted to usePrebuiltRuleUpgradeById() hook accepting a rule id. Additionally isRuleUpgradeable calculation could be included in that hook.

maximpn · 2025-03-04T14:11:26Z

.../common/api/detection_engine/prebuilt_rules/review_rule_upgrade/review_rule_upgrade_route.ts

@@ -89,4 +89,5 @@ export interface RuleUpgradeInfoForReview {
  target_rule: RuleResponse;
  diff: PartialRuleDiff;
  revision: number;
+  hasBaseVersion: boolean;


We stick to snake case in API contracts

Suggested change

hasBaseVersion: boolean;

has_base_version: boolean;

The other comment we could address later regarding has_base_version at this level.

Fields Diff includes has_base_version in each field diff response. It looks like overkill since rule either has a base version or not and it's sufficient to have a single has_base_version at the rule level. It means fields diff level has_base_version should be removed.

...ection_engine/rule_management_ui/components/rule_update_callouts/has_rule_update_callout.tsx

...ne/rule_management/api/hooks/prebuilt_rules/use_fetch_prebuilt_rules_install_review_query.ts

maximpn · 2025-03-04T14:36:50Z

..._engine/rule_management/components/rule_details/three_way_diff/rule_upgrade/rule_upgrade.tsx

@@ -48,6 +48,7 @@ export const RuleUpgrade = memo(function RuleUpgrade({
      <RuleUpgradeCallout
        numOfSolvableConflicts={numOfSolvableConflicts}
        numOfNonSolvableConflicts={numOfNonSolvableConflicts}
+        hasBaseVersion={ruleUpgradeState.hasBaseVersion}


Why should missing base version callout logic is placed in RuleUpgradeCallout? It feels simple to place a component named like RuleHasMissingBaseVersionCallout component on top of RuleUpgradeCallout.

maximpn · 2025-03-04T14:58:11Z

...n_engine/prebuilt_rules/logic/diff/calculation/algorithms/data_source_diff_algorithm.test.ts

@@ -421,81 +421,162 @@ describe('dataSourceDiffAlgorithm', () => {
  });

  describe('if base_version is missing', () => {


Suggested change

describe('if base_version is missing', () => {

describe('when base_version is missing', () => {

maximpn · 2025-03-04T14:58:58Z

...n_engine/prebuilt_rules/logic/diff/calculation/algorithms/data_source_diff_algorithm.test.ts

-
-    describe('returns target_version as merged output if current_version and target_version are different - scenario -AB', () => {
-      it('if versions are different types', () => {
+    describe('if current_version and target_version are the same - scenario -AA', () => {


Suggested change

describe('if current_version and target_version are the same - scenario -AA', () => {

describe('and current and target rule versions are the same - scenario -AA', () => {

maximpn · 2025-03-04T14:59:24Z

...n_engine/prebuilt_rules/logic/diff/calculation/algorithms/data_source_diff_algorithm.test.ts

          })
        );
      });
    });
+
+    describe('if current_version and target_version are different - scenario -AB', () => {


Suggested change

describe('if current_version and target_version are different - scenario -AB', () => {

describe('and current and target rule versions are different - scenario -AB', () => {

maximpn · 2025-03-04T15:03:03Z

...n_engine/prebuilt_rules/logic/diff/calculation/algorithms/data_source_diff_algorithm.test.ts

+      describe('returns SOLVABLE conflict if rule is customized', () => {
+        it('if versions are different types', () => {
+          const mockVersions: ThreeVersionsOf<RuleDataSource | undefined> = {
+            base_version: MissingVersion,
+            current_version: { type: DataSourceType.data_view, data_view_id: '456' },
+            target_version: {
+              type: DataSourceType.index_patterns,
+              index_patterns: ['one', 'three', 'four'],
+            },
+          };
+
+          const result = dataSourceDiffAlgorithm(mockVersions, true);
+
+          expect(result).toEqual(
+            expect.objectContaining({
+              has_base_version: false,
+              base_version: undefined,
+              merged_version: mockVersions.target_version,
+              diff_outcome: ThreeWayDiffOutcome.MissingBaseCanUpdate,
+              merge_outcome: ThreeWayMergeOutcome.Target,
+              conflict: ThreeWayDiffConflict.SOLVABLE,
+            })
+          );
+        });
+
+        it('if current version is undefined', () => {
+          const mockVersions: ThreeVersionsOf<RuleDataSource | undefined> = {
+            base_version: MissingVersion,
+            current_version: undefined,
+            target_version: {
+              type: DataSourceType.index_patterns,
+              index_patterns: ['one', 'three', 'four'],
+            },
+          };
+
+          const result = dataSourceDiffAlgorithm(mockVersions, true);
+
+          expect(result).toEqual(
+            expect.objectContaining({
+              has_base_version: false,
+              base_version: undefined,
+              merged_version: mockVersions.target_version,
+              diff_outcome: ThreeWayDiffOutcome.MissingBaseCanUpdate,
+              merge_outcome: ThreeWayMergeOutcome.Target,
+              conflict: ThreeWayDiffConflict.SOLVABLE,
+            })
+          );
+        });
+      });
+    });
  });


nit: Context and test names are reversed here. A general rule of thumb describe defines a context like when rule is customized or with conflicts and it says what's expected like returns true or returns a SOLVABLE conflict.

...etection_engine/prebuilt_rules/logic/diff/calculation/algorithms/rule_type_diff_algorithm.ts

...gins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_editing/index.tsx

elasticmachine · 2025-03-05T00:21:05Z

💚 Build Succeeded

Buildkite Build
Commit: c47dedd

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
`securitySolution`	7106	7114	+8

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
`securitySolution`	8.9MB	8.9MB	+6.5KB

History

💚 Build #280868 succeeded 1e76dfc
💛 Build #280588 was flaky f00f062
💔 Build #280579 failed 4b7160c
💔 Build #280533 failed 30f99cc
💔 Build #280504 failed 0aed247

cc @dplumlee

dplumlee and others added 2 commits February 19, 2025 17:54

switches diff algorithm logic

8f3555b

Reduce the _review rule upgrade endpoint response size

7e1de38

dplumlee self-assigned this Feb 20, 2025

xcrzx and others added 12 commits February 20, 2025 11:29

Reduce the _review rule upgrade endpoint response size

e5ed827

fixes merge

07b4d66

Merge remote-tracking branch 'upstream/main' into update-missing-base…

8d815a0

…-version-handling

Merge remote-tracking branch 'upstream/main' into update-missing-base…

94d51a8

…-version-handling

Reduce the _review rule upgrade endpoint response size

a1d7e8c

refactors upgrade rules context

18e700c

adds callout messages

1e11d6b

language changes

1cec639

Merge remote-tracking branch 'upstream/main' into update-missing-base…

dd2fa00

…-version-handling

fixes merge

625290f

removes unrelated code

9befc79

updates unit tests

0aed247

dplumlee force-pushed the update-missing-base-version-handling branch from c33ab5b to 0aed247 Compare March 3, 2025 20:50

dplumlee marked this pull request as ready for review March 3, 2025 21:10

dplumlee requested review from a team as code owners March 3, 2025 21:10

dplumlee requested a review from vitaliidm March 3, 2025 21:10

dplumlee requested a review from nikitaindik March 3, 2025 21:10

dplumlee requested review from xcrzx and banderror and removed request for nikitaindik March 3, 2025 21:11

dplumlee changed the title ~~[Security Solution] Update missing base version handling~~ [Security Solution] Add UI incentives to upgrade prebuilt rules Mar 3, 2025

dplumlee changed the title ~~[Security Solution] Add UI incentives to upgrade prebuilt rules~~ [Security Solution] Add UI incentivizers to upgrade prebuilt rules Mar 3, 2025

fixes types

30f99cc

This was referenced Mar 4, 2025

[Security Solution] Modifies upgrade/_perform logic for missing base version cases #213027

Draft

[Security Solution] Relax the rules of handling missing base versions of prebuilt rules #210358

Open

dplumlee added 2 commits March 3, 2025 21:48

fixes tests

4b7160c

fixes tests

f00f062

banderror added bug Fixes for quality problems that affect the customer experience impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. labels Mar 4, 2025

banderror requested review from maximpn and removed request for xcrzx and banderror March 4, 2025 11:37

maximpn requested changes Mar 4, 2025

View reviewed changes

dplumlee added 2 commits March 4, 2025 12:49

addresses blocking comments

b58a1e2

adds back merge omition

1e76dfc

vitaliidm reviewed Mar 4, 2025

View reviewed changes

addresses comments

8133b1a

dplumlee requested review from vitaliidm and maximpn March 4, 2025 22:28

addresses comments

c47dedd

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Security Solution] Add UI incentivizers to upgrade prebuilt rules #211862

[Security Solution] Add UI incentivizers to upgrade prebuilt rules #211862

dplumlee commented Feb 20, 2025 •

edited

Loading

elasticmachine commented Mar 3, 2025

elasticmachine commented Mar 3, 2025

elasticmachine commented Mar 3, 2025

maximpn commented Mar 4, 2025

maximpn left a comment •

edited

Loading

maximpn Mar 4, 2025

maximpn Mar 4, 2025

maximpn Mar 4, 2025

maximpn Mar 4, 2025

maximpn Mar 4, 2025

maximpn Mar 4, 2025

maximpn Mar 4, 2025

elasticmachine commented Mar 5, 2025

		@@ -421,81 +421,162 @@ describe('dataSourceDiffAlgorithm', () => {
		});

		describe('if base_version is missing', () => {

	describe('if base_version is missing', () => {
	describe('when base_version is missing', () => {

	describe('if current_version and target_version are the same - scenario -AA', () => {
	describe('and current and target rule versions are the same - scenario -AA', () => {

[Security Solution] Add UI incentivizers to upgrade prebuilt rules #211862

Are you sure you want to change the base?

[Security Solution] Add UI incentivizers to upgrade prebuilt rules #211862

Conversation

dplumlee commented Feb 20, 2025 • edited Loading

Summary

Screenshots

Checklist

elasticmachine commented Mar 3, 2025

elasticmachine commented Mar 3, 2025

elasticmachine commented Mar 3, 2025

maximpn commented Mar 4, 2025

Files by Code Owner

elastic/security-detection-engine

elastic/security-detection-rule-management

elastic/security-engineering-productivity

elastic/security-solution

maximpn left a comment • edited Loading

Choose a reason for hiding this comment

maximpn Mar 4, 2025

Choose a reason for hiding this comment

maximpn Mar 4, 2025

Choose a reason for hiding this comment

maximpn Mar 4, 2025

Choose a reason for hiding this comment

maximpn Mar 4, 2025

Choose a reason for hiding this comment

maximpn Mar 4, 2025

Choose a reason for hiding this comment

maximpn Mar 4, 2025

Choose a reason for hiding this comment

maximpn Mar 4, 2025

Choose a reason for hiding this comment

elasticmachine commented Mar 5, 2025

💚 Build Succeeded

Metrics [docs]

Module Count

Async chunks

History

dplumlee commented Feb 20, 2025 •

edited

Loading

maximpn left a comment •

edited

Loading