elastic · nikitaindik · Sep 11, 2023 · Sep 19, 2023 · Sep 22, 2023 · Sep 22, 2023
diff --git a/...esting/test_plans/detection_response/prebuilt_rules/installation_and_upgrade.md b/...esting/test_plans/detection_response/prebuilt_rules/installation_and_upgrade.md
@@ -529,6 +529,197 @@ When user opens the Rule Management page
 Then user should NOT see the Rule Updates tab until the package installation is completed and there are rules available for upgrade
 ```
 
+### Previewing a rule before installation or upgrade
+Assumptions: 
+  - if a section in the Overview tab doesn't contain any properties, it should not be displayed
+
+```Gherkin
+Shared properties examples:
+  | section    | shared_property           |
+  | About      | Author                    |
+  | About      | Building block            |
+  | About      | Severity                  |
+  | About      | Severity override         |
+  | About      | Risk score                |
+  | About      | Risk score override       |
+  | About      | Reference URLs            |
+  | About      | False positive examples   |
+  | About      | Custom highlighted fields |
+  | About      | License                   |
+  | About      | Rule name override        |
+  | About      | MITRE ATT&CK™             |
+  | About      | Timestamp override        |
+  | About      | Tags                      |
+  | Definition | Related integrations      |
+  | Definition | Required fields           |
+  | Definition | Timeline template         |
+  | Schedule   | Runs every                |
+  | Schedule   | Additional look-back time |
+
+Custom query properties examples:
+  | custom_query_property |
+  | Custom query          |
+  | Filters               |
+
+Saved query properties examples:
+  | saved_query_property |
+  | Saved query name     |
+  | Saved query filters  |
+  | Saved query          |
+```
+
+#### **Scenario: Custom Query rule - Overview tab**
+**Automation**: 1 e2e test
+```Gherkin
+Given a Custom Query rule
+When the user opens the rule preview
+Then the "Rule type" property under the Definition section should be "Custom query"
+And if the rule has index patterns then the "Index patterns" label should be displayed under the Definition section along with a list of index patters
+And if the rule has a data view then "Data view ID" and "Data view index pattern" labels should be displayed under the Definition section along with their values
+And if the rule has a custom query then for each <custom_query_property> defined in the rule a corresponding value should be displayed under the Definition section
+And if the rule has a saved query then for each <saved_query_property> defined in the rule a corresponding value should be displayed under the Definition section
+And if the rule has alert suppression settings then for each <alert_suppression_property> defined in the rule a corresponding value should be displayed under the Definition section
+And all the <shared_property> properties defined in the rule should be displayed along with their values under their respective <section>
+And if the rule has a setup guide then it should be displayed under the Setup Guide section
+
+Alert suppression examples:
+  | alert_suppression_property        |
+  | Suppress alerts by                |
+  | Suppress alerts for               |
+  | If a suppression field is missing |
+```
+
+#### **Scenario: Machine Learning rule - Overview tab**
+**Automation**: 1 e2e test
+```Gherkin
+Given a Machine Learning rule
+When the user opens the rule preview
+Then the "Rule type" property under the Definition section should be "Machine Learning"
+And all the <machine_learning_property> properties should be displayed along with their values under the Definition section
+And all the <shared_property> properties defined in the rule should be displayed along with their values under their respective <section>
+And if the rule has a setup guide then it should be displayed under the Setup Guide section
+
+Machine Learning properties examples:
+  | machine_learning_property |
+  | Anomaly score threshold   |
+  | Machine Learning job      |
+```
+
+#### **Scenario: Threshold rule - Overview tab**
+**Automation**: 1 e2e test
+```Gherkin
+Given a Threshold rule
+When the user opens the rule preview
+Then the "Rule type" property under the Definition section should be "Threshold"
+And the Threshold field should be displayed under the Definition section along with its value
+And if the rule has index patterns then the "Index patterns" label should be displayed under the Definition section along with a list of index patters
+And if the rule has a data view then "Data view ID" and "Data view index pattern" labels should be displayed under the Definition section along with their values
+And for each <custom_query_property> defined in the rule a corresponding value should be displayed under the Definition section
+And all the <shared_property> properties defined in the rule should be displayed along with their values under their respective <section>
+And if the rule has a setup guide then it should be displayed under the Setup Guide section
+```
+
+#### **Scenario: EQL rule - Overview tab**
+**Automation**: 1 e2e test
+```Gherkin
+Given a EQL rule
+When the user opens the rule preview
+Then the "Rule type" property under the Definition section should be "Event Correlation"
+And the "EQL query" field should be displayed under the Definition section along with its value
+And if EQL filters are defined in the rule then the "Filters" label should be displayed under the Definition section along with its value
+And if the rule has index patterns then the "Index patterns" label should be displayed under the Definition section along with a list of index patters
+And if the rule has a data view then "Data view ID" and "Data view index pattern" labels should be displayed under the Definition section along with their values
+And all the <shared_property> properties defined in the rule should be displayed along with their values under their respective <section>
+And if the rule has a setup guide then it should be displayed under the Setup Guide section
+```
+
+#### **Scenario: Indicator Match rule - Overview tab**
+**Automation**: 1 e2e test
+```Gherkin
+Given an Indicator Match rule
+When the user opens the rule preview
+Then the "Rule type" property under the Definition section should be "Indicator Match"
+And for each <indicator_match_property> defined in the rule a corresponding value should be displayed under the Definition section
+And if the rule has index patterns then the "Index patterns" label should be displayed under the Definition section along with a list of index patters
+And if the rule has a data view then "Data view ID" and "Data view index pattern" labels should be displayed under the Definition section along with their values
+And for each <custom_query_property> defined in the rule a corresponding value should be displayed under the Definition section
+And all the <shared_property> properties defined in the rule should be displayed along with their values under their respective <section>
+And if the rule has a setup guide then it should be displayed under the Setup Guide section
+
+Examples:
+  | indicator_match_property |
+  | Indicator index patterns |
+  | Indicator mapping        |
+  | Indicator filters        |
+  | Indicator index query    |
+```
+
+#### **Scenario: New Terms rule - Overview tab**
+**Automation**: 1 e2e test
+```Gherkin
+Given a New Terms rule
+When the user opens the rule preview
+Then the "Rule type" property under the Definition section should be "New Terms"
+And for each <new_terms_property> defined in the rule a corresponding value should be displayed under the Definition section
+And if the rule has index patterns then the "Index patterns" label should be displayed under the Definition section along with a list of index patters
+And if the rule has a data view then "Data view ID" and "Data view index pattern" labels should be displayed under the Definition section along with their values
+And for each <custom_query_property> defined in the rule a corresponding value should be displayed under the Definition section
+And all the <shared_property> properties defined in the rule should be displayed along with their values under their respective <section>
+And if the rule has a setup guide then it should be displayed under the Setup Guide section
+
+Examples:
+  | new_terms_property  |
+  | Fields              |
+  | History Window Size |
+```
+
+#### **Scenario: ES|QL rule - Overview tab**
+**Automation**: 1 e2e test
+```Gherkin
+"Rule type" should be "ES|QL"
+Might have setup guide
+Includes all shared About section properties.
+Includes all shared Schedule section properties.
+
+Given an ES|QL rule
+When the user opens the rule preview
+Then the "Rule type" property under the Definition section should be "ES|QL"
+And "ES|QL query" field should be displayed under the Definition section along with its value
+And all the <shared_property> properties defined in the rule should be displayed along with their values under their respective <section>
+And if the rule has a setup guide then it should be displayed under the Setup Guide section
+```
+
+#### **Scenario: All rule types - Investigation guide**
+**Automation**: 1 e2e test
+```Gherkin
+  Given a rule of any type
+  When the user opens the rule preview
+  Then the "Investigation guide" tab should be displayed if the rule has an investigation guide
+  But the "Investigation guide" tab should not be displayed if the rule doesn't have an investigation guide
+```
+
+#### **Scenario: All rule types - Installing a rule**
+**Automation**: 1 e2e test
+```Gherkin
+  Given a not installed prebuilt rule
+  When the user opens the rule preview
+  Then the "Install" button should be displayed and enabled
+  And clicking the "Install" button should install the rule
+  And a newly installed rule should be displayed on the Rule Management page
+```
+
+#### **Scenario: All rule types - Upgrading a rule**
+**Automation**: 1 e2e test
+```Gherkin
+  Given an installed prebuilt rule that has a new version available
+  When the user opens the rule preview for this rule
+  Then the new version of the rule should be displayed
+  And the "Upgrade" button should be displayed and enabled
+  And clicking the "Upgrade" button should install the upgraded version of the rule
+```
+
+
+
 ### Error handling
 
 #### **Scenario: Error is handled when any operation on prebuilt rules fails**

diff --git a/.../public/detection_engine/rule_details_ui/pages/rule_details/cast_rule_as_rule_response.ts b/.../public/detection_engine/rule_details_ui/pages/rule_details/cast_rule_as_rule_response.ts
@@ -0,0 +1,24 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { Rule } from '../../../rule_management/logic';
+import type { RuleResponse } from '../../../../../common/api/detection_engine/model/rule_schema/rule_schemas';
+
+/*
+ * This is a temporary workaround to suppress TS errors when using
+ * rule section components on the rule details page.
+ *
+ * The rule details page passes a Rule object to the rule section components,
+ * but section components expect a RuleResponse object. Rule and RuleResponse
+ * are basically same object type with only a few minor differences.
+ * This function casts the Rule object to RuleResponse.
+ *
+ * In the near future we'll start using codegen to generate proper response
+ * types and the rule details page will start passing RuleResponse objects,
+ * so this workaround will no longer be needed.
+ */
+export const castRuleAsRuleResponse = (rule: Rule) => rule as Partial<RuleResponse>;
diff --git a/...ns/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/index.tsx b/...ns/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/index.tsx
@@ -63,8 +63,6 @@ import { SpyRoute } from '../../../../common/utils/route/spy_routes';
 import { StepAboutRuleToggleDetails } from '../../../../detections/components/rules/step_about_rule_details';
 import { AlertsHistogramPanel } from '../../../../detections/components/alerts_kpis/alerts_histogram_panel';
 import { useUserData } from '../../../../detections/components/user_info';
-import { StepDefineRuleReadOnly } from '../../../../detections/components/rules/step_define_rule';
-import { StepScheduleRuleReadOnly } from '../../../../detections/components/rules/step_schedule_rule';
 import { StepRuleActionsReadOnly } from '../../../../detections/components/rules/step_rule_actions';
 import {
   buildAlertsFilter,
@@ -119,7 +117,6 @@ import * as ruleI18n from '../../../../detections/pages/detection_engine/rules/t
 import { RuleDetailsContextProvider } from './rule_details_context';
 // eslint-disable-next-line no-restricted-imports
 import { LegacyUrlConflictCallOut } from './legacy_url_conflict_callout';
-import { useGetSavedQuery } from '../../../../detections/pages/detection_engine/rules/use_get_saved_query';
 import * as i18n from './translations';
 import { NeedAdminForUpdateRulesCallOut } from '../../../../detections/components/callouts/need_admin_for_update_callout';
 import { MissingPrivilegesCallOut } from '../../../../detections/components/callouts/missing_privileges_callout';
@@ -137,12 +134,13 @@ import { useBulkDuplicateExceptionsConfirmation } from '../../../rule_management
 import { BulkActionDuplicateExceptionsConfirmation } from '../../../rule_management_ui/components/rules_table/bulk_actions/bulk_duplicate_exceptions_confirmation';
 import { useAsyncConfirmation } from '../../../rule_management_ui/components/rules_table/rules_table/use_async_confirmation';
 import { RuleSnoozeBadge } from '../../../rule_management/components/rule_snooze_badge';
-import { useRuleIndexPattern } from '../../../rule_creation_ui/pages/form';
-import { DataSourceType } from '../../../../detections/pages/detection_engine/rules/types';
 import { useBoolState } from '../../../../common/hooks/use_bool_state';
+import { RuleDefinitionSection } from '../../../rule_management/components/rule_details/rule_definition_section';
+import { RuleScheduleSection } from '../../../rule_management/components/rule_details/rule_schedule_section';
 // eslint-disable-next-line no-restricted-imports
 import { useLegacyUrlRedirect } from './use_redirect_legacy_url';
 import { RuleDetailTabs, useRuleDetailsTabs } from './use_rule_details_tabs';
+import { castRuleAsRuleResponse } from './cast_rule_as_rule_response';
 
 const RULE_EXCEPTION_LIST_TYPES = [
   ExceptionListTypeEnum.DETECTION,
@@ -175,7 +173,6 @@ const RuleDetailsPageComponent: React.FC<DetectionEngineComponentProps> = ({
   clearSelected,
 }) => {
   const {
-    data,
     application: {
       navigateToApp,
       capabilities: { actions },
@@ -260,38 +257,14 @@ const RuleDetailsPageComponent: React.FC<DetectionEngineComponentProps> = ({
     onFinish: hideDeleteConfirmation,
   });
 
-  const {
-    aboutRuleData,
-    modifiedAboutRuleDetailsData,
-    defineRuleData,
-    scheduleRuleData,
-    ruleActionsData,
-  } =
+  const { aboutRuleData, modifiedAboutRuleDetailsData, ruleActionsData } =
     rule != null
       ? getStepsData({ rule, detailsView: true })
       : {
           aboutRuleData: null,
           modifiedAboutRuleDetailsData: null,
-          defineRuleData: null,
-          scheduleRuleData: null,
           ruleActionsData: null,
         };
-  const [dataViewTitle, setDataViewTitle] = useState<string>();
-  useEffect(() => {
-    const fetchDataViewTitle = async () => {
-      if (defineRuleData?.dataViewId != null && defineRuleData?.dataViewId !== '') {
-        const dataView = await data.dataViews.get(defineRuleData?.dataViewId);
-        setDataViewTitle(dataView.title);
-      }
-    };
-    fetchDataViewTitle();
-  }, [data.dataViews, defineRuleData?.dataViewId]);
-
-  const { indexPattern: ruleIndexPattern } = useRuleIndexPattern({
-    dataSourceType: defineRuleData?.dataSourceType ?? DataSourceType.IndexPatterns,
-    index: defineRuleData?.index ?? [],
-    dataViewId: defineRuleData?.dataViewId,
-  });
 
   const { showBuildingBlockAlerts, setShowBuildingBlockAlerts, showOnlyThreatIndicatorAlerts } =
     useDataTableFilters(TableId.alertsOnRuleDetailsPage);
@@ -300,11 +273,6 @@ const RuleDetailsPageComponent: React.FC<DetectionEngineComponentProps> = ({
   const { globalFullScreen } = useGlobalFullScreen();
   const [filterGroup, setFilterGroup] = useState<Status>(FILTER_OPEN);
 
-  const { isSavedQueryLoading, savedQueryBar } = useGetSavedQuery({
-    savedQueryId: rule?.saved_id,
-    ruleType: rule?.type,
-  });
-
   // TODO: Refactor license check + hasMlAdminPermissions to common check
   const hasMlPermissions = hasMlLicense(mlCapabilities) && hasMlAdminPermissions(mlCapabilities);
 
@@ -667,43 +635,34 @@ const RuleDetailsPageComponent: React.FC<DetectionEngineComponentProps> = ({
               <EuiSpacer />
               <EuiFlexGroup>
                 <EuiFlexItem data-test-subj="aboutRule" component="section" grow={1}>
-                  <StepAboutRuleToggleDetails
-                    loading={isLoading}
-                    stepData={aboutRuleData}
-                    stepDataDetails={modifiedAboutRuleDetailsData}
-                  />
+                  {rule !== null && (
+                    <StepAboutRuleToggleDetails
+                      loading={isLoading}
+                      stepData={aboutRuleData}
+                      stepDataDetails={modifiedAboutRuleDetailsData}
+                      rule={rule}
+                    />
+                  )}
                 </EuiFlexItem>
 
                 <EuiFlexItem grow={1}>
                   <EuiFlexGroup direction="column">
                     <EuiFlexItem component="section" grow={1} data-test-subj="defineRule">
-                      <StepPanel
-                        loading={isLoading || isSavedQueryLoading}
-                        title={ruleI18n.DEFINITION}
-                      >
-                        {defineRuleData != null && !isSavedQueryLoading && !isStartingJobs && (
-                          <StepDefineRuleReadOnly
-                            addPadding={false}
-                            descriptionColumns="singleSplit"
-                            defaultValues={{
-                              dataViewTitle,
-                              ...defineRuleData,
-                              queryBar: savedQueryBar ?? defineRuleData.queryBar,
-                            }}
-                            indexPattern={ruleIndexPattern}
+                      <StepPanel loading={isLoading} title={ruleI18n.DEFINITION}>
+                        {rule !== null && !isStartingJobs && (
+                          <RuleDefinitionSection
+                            rule={castRuleAsRuleResponse(rule)}
+                            isInteractive
+                            dataTestSubj="definitionRule"
                           />
                         )}
                       </StepPanel>
                     </EuiFlexItem>
                     <EuiSpacer />
                     <EuiFlexItem data-test-subj="schedule" component="section" grow={1}>
                       <StepPanel loading={isLoading} title={ruleI18n.SCHEDULE}>
-                        {scheduleRuleData != null && (
-                          <StepScheduleRuleReadOnly
-                            addPadding={false}
-                            descriptionColumns="singleSplit"
-                            defaultValues={scheduleRuleData}
-                          />
+                        {rule != null && (
+                          <RuleScheduleSection rule={castRuleAsRuleResponse(rule)} />
                         )}
                       </StepPanel>
                     </EuiFlexItem>