Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] Rule Diff Phase 2 components #174564

Merged
merged 27 commits into from
Feb 12, 2024
Merged
Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
95e1e59
working poc
dplumlee Jan 10, 2024
d6b55b3
adds feature flag
dplumlee Jan 10, 2024
78a7911
adds inline per field display
dplumlee Jan 10, 2024
3992626
adds field sort
dplumlee Jan 17, 2024
58803ca
updates ui
dplumlee Jan 18, 2024
e1ce9f3
updates ui
dplumlee Jan 23, 2024
3e01b6b
addresses comments and changes some types
dplumlee Jan 26, 2024
9405654
Merge remote-tracking branch 'upstream/main' into rule-upgrade-diff-p…
dplumlee Jan 26, 2024
c4fba65
fixes bugs and removes console logs
dplumlee Feb 1, 2024
35e99bd
changes header language
dplumlee Feb 5, 2024
57a92a6
Refactored getFormattedFieldDiff
jpdjere Feb 2, 2024
7bc88ff
Refactored per group util
jpdjere Feb 2, 2024
c0240f3
Renamed props
jpdjere Feb 2, 2024
da1375b
Fixed typing
jpdjere Feb 2, 2024
05070e6
Replace N/A with empty string for non existing fields
jpdjere Feb 2, 2024
1feb961
Merge remote-tracking branch 'upstream/main' into rule-upgrade-diff-p…
dplumlee Feb 5, 2024
0e34460
updates field name render dictionary
dplumlee Feb 5, 2024
2687192
fixes small bugs and adds code comments
dplumlee Feb 7, 2024
c92da27
turns off feature flag
dplumlee Feb 7, 2024
977eae3
typo
dplumlee Feb 7, 2024
18e0db2
turns off feature flag
dplumlee Feb 7, 2024
bc20d45
Merge remote-tracking branch 'upstream/main' into rule-upgrade-diff-p…
dplumlee Feb 7, 2024
95e5155
Merge remote-tracking branch 'upstream/main' into rule-upgrade-diff-p…
dplumlee Feb 8, 2024
4f7171e
adds remaining field groupings
dplumlee Feb 8, 2024
94b4cd8
addresses comments
dplumlee Feb 12, 2024
773501e
Merge remote-tracking branch 'upstream/main' into rule-upgrade-diff-p…
dplumlee Feb 12, 2024
faaec7f
addresses comments
dplumlee Feb 12, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -262,6 +262,7 @@ export type DiffableAllFields = DiffableCommonFields &
Omit<DiffableCustomQueryFields, 'type'> &
Omit<DiffableSavedQueryFields, 'type'> &
Omit<DiffableEqlFields, 'type'> &
Omit<DiffableEsqlFields, 'type'> &
Omit<DiffableThreatMatchFields, 'type'> &
Omit<DiffableThresholdFields, 'type'> &
Omit<DiffableMachineLearningFields, 'type'> &
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -169,6 +169,11 @@ export const allowedExperimentalValues = Object.freeze({
*
*/
timelineEsqlTabDisabled: false,

/**
* Enables per-field rule diffs tab in the prebuilt rule upgrade flyout
*/
perFieldPrebuiltRulesDiffingEnabled: true,
});

type ExperimentalConfigKeys = Array<keyof ExperimentalFeatures>;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,114 @@

export const DEFAULT_DESCRIPTION_LIST_COLUMN_WIDTHS: [string, string] = ['50%', '50%'];
export const LARGE_DESCRIPTION_LIST_COLUMN_WIDTHS: [string, string] = ['30%', '70%'];

/**
* This order is derived from a combination of the Rule Details Flyout display order
* and the `DiffableRule` type that is returned from the rule diff API endpoint
*/
export const UPGRADE_FIELD_ORDER: string[] = [
// Rule About fields
'name',
'description',
'author',
'building_block',
'severity',
'severity_mapping',
'risk_score',
'risk_score_mapping',
'references',
'false_positives',
'investigation_fields',
'license',
'rule_name_override',
'threat',
'threat_indicator_path',
'timestamp_override',
'tags',
// Rule Definition fields
'data_source',
'type',
'kql_query',
'eql_query',
'event_category_override',
'timestamp_field',
'tiebreaker_field',
'esql_query',
'anomaly_threshold',
'machine_learning_job_id',
'related_integrations',
'required_fields',
'timeline_template',
'threshold',
'threat_index',
'threat_mapping',
'threat_filters',
dplumlee marked this conversation as resolved.
Show resolved Hide resolved
'threat_query',
'threat_indicator_path',
'concurrent_searches',
'items_per_search',
'alert_suppression',
'new_terms_fields',
'history_window_start',
// Rule Schedule fields
'rule_schedule',
// Rule Setup fields
'setup',
'note',
// Other fields
'throttle',
'max_signals',
];

export const ABOUT_UPGRADE_FIELD_ORDER = [
dplumlee marked this conversation as resolved.
Show resolved Hide resolved
'name',
'description',
'author',
'building_block',
'severity',
'severity_mapping',
'risk_score',
'risk_score_mapping',
'references',
'false_positives',
'investigation_fields',
'license',
'rule_name_override',
'threat',
'threat_indicator_path',
'timestamp_override',
'tags',
];

export const DEFINITION_UPGRADE_FIELD_ORDER = [
'data_source',
'type',
'kql_query',
'eql_query',
'event_category_override',
'timestamp_field',
'tiebreaker_field',
'esql_query',
'anomaly_threshold',
'machine_learning_job_id',
'related_integrations',
'required_fields',
'timeline_template',
'threshold',
'threat_index',
'threat_mapping',
'threat_filters',
'threat_query',
'threat_indicator_path',
'concurrent_searches',
'items_per_search',
'alert_suppression',
'new_terms_fields',
'history_window_start',
];

export const SCHEDULE_UPGRADE_FIELD_ORDER = ['rule_schedule'];

export const SETUP_UPGRADE_FIELD_ORDER = ['setup', 'note'];

export const OTHER_UPGRADE_FIELD_ORDER = ['throttle', 'max_signals'];
dplumlee marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import stringify from 'json-stable-stringify';
import { EuiFlexGroup, EuiHorizontalRule, EuiTitle } from '@elastic/eui';
import { camelCase, startCase } from 'lodash';
import React from 'react';
import { DiffView } from '../json_diff/diff_view';
import { DiffMethod } from '../json_diff/mark_edits';
import { RuleDiffPanelWrapper } from './panel_wrapper';

export interface FieldDiffComponentProps {
ruleDiffs: Array<{ currentVersion: unknown; targetVersion: unknown; fieldName: string }>;
fieldName: string;
}

const sortAndStringifyJson = (jsObject: unknown): string => {
if (typeof jsObject === 'string') {
return jsObject;
}
return stringify(jsObject, { space: 2 });
};

export const FieldDiffComponent = ({ ruleDiffs, fieldName }: FieldDiffComponentProps) => {
console.log('here: ', ruleDiffs);
return (
<RuleDiffPanelWrapper fieldName={fieldName}>
{ruleDiffs.length === 1 ? (
<EuiFlexGroup justifyContent="spaceBetween">
<DiffView
oldSource={sortAndStringifyJson(ruleDiffs[0].currentVersion)}
newSource={sortAndStringifyJson(ruleDiffs[0].targetVersion)}
diffMethod={DiffMethod.WORDS}
/>
</EuiFlexGroup>
) : (
ruleDiffs.map(({ currentVersion, targetVersion, fieldName: specificFieldName }) => {
const formattedCurrentVersion = sortAndStringifyJson(currentVersion);
const formattedTargetVersion = sortAndStringifyJson(targetVersion);
return (
<EuiFlexGroup key={specificFieldName} justifyContent="spaceBetween">
{formattedCurrentVersion !== formattedTargetVersion ? (
<EuiFlexGroup direction="column">
<EuiTitle size="xxxs">
<h4>{startCase(camelCase(specificFieldName))}</h4>
</EuiTitle>
<DiffView
oldSource={formattedCurrentVersion}
newSource={formattedTargetVersion}
diffMethod={DiffMethod.WORDS}
/>
<EuiHorizontalRule margin="s" size="full" />
</EuiFlexGroup>
) : null}
</EuiFlexGroup>
);
})
)}
</RuleDiffPanelWrapper>
);
};
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import {
EuiFlexGroup,
EuiHorizontalRule,
EuiIconTip,
EuiSpacer,
EuiTitle,
useEuiTheme,
} from '@elastic/eui';
import React from 'react';
import { css } from '@emotion/css';
import * as i18n from '../json_diff/translations';

export const RuleDiffHeaderBar = () => {
const { euiTheme } = useEuiTheme();
return (
<div
css={css`
position: sticky;
top: 0;
background: ${euiTheme.colors.emptyShade};
`}
>
<EuiSpacer size="m" />
<EuiFlexGroup justifyContent="spaceBetween" alignItems="center">
<EuiFlexGroup alignItems="baseline" gutterSize="xs">
<EuiIconTip
color="subdued"
content={i18n.BASE_VERSION_DESCRIPTION}
type="iInCircle"
size="m"
display="block"
/>
<EuiTitle size="xxs">
<h6>{i18n.BASE_VERSION}</h6>
</EuiTitle>
</EuiFlexGroup>
<EuiFlexGroup alignItems="baseline" gutterSize="xs">
<EuiIconTip
color="subdued"
content={i18n.UPDATED_VERSION_DESCRIPTION}
type="iInCircle"
size="m"
/>
<EuiTitle size="xxs">
<h6>{i18n.UPDATED_VERSION}</h6>
</EuiTitle>
</EuiFlexGroup>
</EuiFlexGroup>
<EuiHorizontalRule margin="s" size="full" />
</div>
);
};
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

export * from './index_patterns';
export * from './field_diff';
dplumlee marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { EuiBadge, EuiFlexGroup, EuiFlexItem, useEuiTheme } from '@elastic/eui';
import { css } from '@emotion/css';
import React, { useMemo } from 'react';
import { RuleDiffPanelWrapper } from './panel_wrapper';

export interface IndexPatternDiffComponentProps {
oldIndexPatterns: string[];
newIndexPatterns: string[];
}

export const IndexPatternDiffComponent = ({
dplumlee marked this conversation as resolved.
Show resolved Hide resolved
oldIndexPatterns,
newIndexPatterns,
}: IndexPatternDiffComponentProps) => {
const { euiTheme } = useEuiTheme();
const OldIndexPatternBadges = useMemo(
() =>
oldIndexPatterns.map((indexPattern) => <EuiBadge color="hollow">{indexPattern}</EuiBadge>),
[oldIndexPatterns]
);

const NewIndexPatternBadges = useMemo(() => {
const deletedPatterns = new Set(oldIndexPatterns);
const addedPatterns = new Set<string>();
const newBadges = [];
for (const newIndexPattern of newIndexPatterns) {
if (deletedPatterns.has(newIndexPattern)) {
deletedPatterns.delete(newIndexPattern);
newBadges.push(<EuiBadge color="hollow">{newIndexPattern}</EuiBadge>);
} else {
addedPatterns.add(newIndexPattern);
}
}
deletedPatterns.forEach((pattern) =>
newBadges.push(
<EuiBadge
color="hollow"
css={css`
color: ${euiTheme.colors.danger};
border-color: ${euiTheme.colors.danger};
text-decoration: line-through;
`}
>
{pattern}
</EuiBadge>
)
);
addedPatterns.forEach((pattern) =>
newBadges.push(
<EuiBadge
color="hollow"
css={css`
color: ${euiTheme.colors.successText};
border-color: ${euiTheme.colors.success};
text-decoration: underline;
`}
>
{pattern}
</EuiBadge>
)
);
return newBadges;
}, [euiTheme.colors, newIndexPatterns, oldIndexPatterns]);

return (
<RuleDiffPanelWrapper fieldName="Index Patterns">
<EuiFlexGroup justifyContent="spaceBetween">
<EuiFlexItem grow={1}>
<EuiFlexGroup gutterSize="xs" alignItems="baseline">
{OldIndexPatternBadges}
</EuiFlexGroup>
</EuiFlexItem>
<EuiFlexItem
css={css`
border-left: 1px solid ${euiTheme.colors.mediumShade};
`}
grow={false}
/>
<EuiFlexItem grow={1}>
<EuiFlexGroup gutterSize="xs" alignItems="baseline">
{NewIndexPatternBadges}
</EuiFlexGroup>
</EuiFlexItem>
</EuiFlexGroup>
</RuleDiffPanelWrapper>
);
};
Loading