updates field name render dictionary

elastic · dplumlee · Feb 12, 2024 · Jan 10, 2024 · Jan 10, 2024 · Jan 10, 2024
commit 0e3446014b843cba507e87b1cf5a2ea155dbf27d
diff --git a/...ity_solution/common/api/detection_engine/prebuilt_rules/model/diff/rule_diff/rule_diff.ts b/...ity_solution/common/api/detection_engine/prebuilt_rules/model/diff/rule_diff/rule_diff.ts
@@ -90,3 +90,5 @@ export type RuleFieldsDiffWithKqlQuery =
   | NewTermsFieldsDiff;
 
 export type RuleFieldsDiffWithEqlQuery = EqlFieldsDiff;
+
+export type RuleFieldsDiffWithThreshold = ThresholdFieldsDiff;
diff --git a/.../detection_engine/rule_management/components/rule_details/diff_components/translations.ts b/.../detection_engine/rule_management/components/rule_details/diff_components/translations.ts
@@ -6,11 +6,23 @@
  */
 
 import { i18n } from '@kbn/i18n';
+import {
+  REFERENCES_FIELD_LABEL,
+  RISK_SCORE_MAPPING_FIELD_LABEL,
+  SEVERITY_MAPPING_FIELD_LABEL,
+  THREAT_INDICATOR_PATH_LABEL,
+  INDEX_FIELD_LABEL,
+  DATA_VIEW_ID_FIELD_LABEL,
+  THREAT_FIELD_LABEL,
+  ANOMALY_THRESHOLD_FIELD_LABEL,
+  MACHINE_LEARNING_JOB_ID_FIELD_LABEL,
+  THREAT_INDEX_FIELD_LABEL,
+  THREAT_MAPPING_FIELD_LABEL,
+  HISTORY_WINDOW_SIZE_FIELD_LABEL,
+} from '../translations';
 
+// Used when fields have different display names or formats than their corresponding rule object fields
 export const fieldToDisplayNameMap: Record<string, string> = {
-  name: i18n.translate('xpack.securitySolution.detectionEngine.rules.upgradeRuleFields.nameLabel', {
-    defaultMessage: 'Name',
-  }),
   data_source: i18n.translate(
     'xpack.securitySolution.detectionEngine.rules.upgradeRuleFields.dataSourceLabel',
     {
@@ -20,5 +32,40 @@ export const fieldToDisplayNameMap: Record<string, string> = {
   note: i18n.translate('xpack.securitySolution.detectionEngine.rules.upgradeRuleFields.noteLabel', {
     defaultMessage: 'Investigation guide',
   }),
-  // TODO: fill the rest of this out
+  severity_mapping: SEVERITY_MAPPING_FIELD_LABEL,
+  risk_score_mapping: RISK_SCORE_MAPPING_FIELD_LABEL,
+  references: REFERENCES_FIELD_LABEL,
+  threat_indicator_path: THREAT_INDICATOR_PATH_LABEL,
+  index_patterns: INDEX_FIELD_LABEL,
+  data_view_id: DATA_VIEW_ID_FIELD_LABEL,
+  threat: THREAT_FIELD_LABEL,
+  eql_query: i18n.translate(
+    'xpack.securitySolution.detectionEngine.rules.upgradeRuleFields.eqlQueryLabel',
+    {
+      defaultMessage: 'EQL query',
+    }
+  ),
+  kql_query: i18n.translate(
+    'xpack.securitySolution.detectionEngine.rules.upgradeRuleFields.kqlQueryLabel',
+    {
+      defaultMessage: 'KQL query',
+    }
+  ),
+  threat_query: i18n.translate(
+    'xpack.securitySolution.detectionEngine.rules.upgradeRuleFields.threatQueryLabel',
+    {
+      defaultMessage: 'Indicator index query',
+    }
+  ),
+  esql_query: i18n.translate(
+    'xpack.securitySolution.detectionEngine.rules.upgradeRuleFields.esqlQueryLabel',
+    {
+      defaultMessage: 'ESQL query',
+    }
+  ),
+  anomaly_threshold: ANOMALY_THRESHOLD_FIELD_LABEL,
+  machine_learning_job_id: MACHINE_LEARNING_JOB_ID_FIELD_LABEL,
+  threat_index: THREAT_INDEX_FIELD_LABEL,
+  threat_mapping: THREAT_MAPPING_FIELD_LABEL,
+  history_window_start: HISTORY_WINDOW_SIZE_FIELD_LABEL,
 };
diff --git a/...e_management/components/rule_details/per_field_diff/get_field_diffs_for_grouped_fields.ts b/...e_management/components/rule_details/per_field_diff/get_field_diffs_for_grouped_fields.ts
@@ -345,3 +345,46 @@ export const getFieldDiffsForBuildingBlock = (
       : []),
   ];
 };
+
+export const getFieldDiffsForThreshold = (
+  thresholdThreeWayDiff: AllFieldsDiff['threshold']
+): FieldDiff[] => {
+  const currentField = sortAndStringifyJson(thresholdThreeWayDiff.current_version?.field);
+  const targetField = sortAndStringifyJson(thresholdThreeWayDiff.target_version?.field);
+  const currentValue = sortAndStringifyJson(thresholdThreeWayDiff.current_version?.value);
+  const targetValue = sortAndStringifyJson(thresholdThreeWayDiff.target_version?.value);
+  const currentCardinality = sortAndStringifyJson(
+    thresholdThreeWayDiff.current_version?.cardinality
+  );
+  const targetCardinality = sortAndStringifyJson(thresholdThreeWayDiff.target_version?.cardinality);
+
+  return [
+    ...(currentField !== targetField
+      ? [
+          {
+            fieldName: 'field',
+            currentVersion: currentField,
+            targetVersion: targetField,
+          },
+        ]
+      : []),
+    ...(currentValue !== targetValue
+      ? [
+          {
+            fieldName: 'value',
+            currentVersion: currentValue,
+            targetVersion: targetValue,
+          },
+        ]
+      : []),
+    ...(currentCardinality !== targetCardinality
+      ? [
+          {
+            fieldName: 'cardiinality',
+            currentVersion: currentCardinality,
+            targetVersion: targetCardinality,
+          },
+        ]
+      : []),
+  ];
+};
diff --git a/...engine/rule_management/components/rule_details/per_field_diff/get_formatted_field_diff.ts b/...engine/rule_management/components/rule_details/per_field_diff/get_formatted_field_diff.ts
@@ -11,6 +11,7 @@ import type {
   RuleFieldsDiffWithDataSource,
   RuleFieldsDiffWithKqlQuery,
   RuleFieldsDiffWithEqlQuery,
+  RuleFieldsDiffWithThreshold,
 } from '../../../../../../common/api/detection_engine';
 import type { FormattedFieldDiff } from '../../../model/rule_details/rule_field_diff';
 import {
@@ -23,6 +24,7 @@ import {
   getFieldDiffsForTimelineTemplate,
   getFieldDiffsForBuildingBlock,
   sortAndStringifyJson,
+  getFieldDiffsForThreshold,
 } from './get_field_diffs_for_grouped_fields';
 
 export const getFormattedFieldDiffGroups = (
@@ -80,6 +82,14 @@ export const getFormattedFieldDiffGroups = (
         shouldShowSubtitles: true,
         fieldDiffs: getFieldDiffsForBuildingBlock(buildingBlockThreeWayDiff),
       };
+    case 'threshold':
+      const thresholdThreeWayDiff = (fields as RuleFieldsDiffWithThreshold)[
+        fieldName
+      ] as AllFieldsDiff['threshold'];
+      return {
+        shouldShowSubtitles: true,
+        fieldDiffs: getFieldDiffsForThreshold(thresholdThreeWayDiff),
+      };
     default:
       const fieldThreeWayDiff = (fields as AllFieldsDiff)[fieldName];
       const currentVersionField = sortAndStringifyJson(fieldThreeWayDiff.current_version);

diff --git a/...ponents/rules_table/upgrade_prebuilt_rules_table/upgrade_prebuilt_rules_table_context.tsx b/...ponents/rules_table/upgrade_prebuilt_rules_table/upgrade_prebuilt_rules_table_context.tsx
@@ -274,7 +274,7 @@ export const UpgradePrebuiltRulesTableContextProvider = ({
 
   const extraTabs = useMemo<EuiTabbedContentTab[]>(() => {
     const activeRule =
-      isJsonPrebuiltRulesDiffingEnabled &&
+      (isJsonPrebuiltRulesDiffingEnabled || isPerFieldPrebuiltRulesDiffingEnabled) &&
       previewedRule &&
       filteredRules.find(({ id }) => id === previewedRule.id);
Original file line number	Diff line number	Diff line change
Expand Up		@@ -90,3 +90,5 @@ export type RuleFieldsDiffWithKqlQuery =
		\| NewTermsFieldsDiff;

		export type RuleFieldsDiffWithEqlQuery = EqlFieldsDiff;

		export type RuleFieldsDiffWithThreshold = ThresholdFieldsDiff;