kibana icon indicating copy to clipboard operation
kibana copied to clipboard

Published 20 hours ago verified publisher icon elastic

[Security Solution] Editing rules independently of source data

Open banderror opened this issue 10 months ago • 13 comments

Epics: https://github.com/elastic/security-team/issues/1974 (internal), https://github.com/elastic/kibana/issues/174168 Source of discussion: https://github.com/elastic/kibana/issues/178611

Summary

As part of the ongoing Prebuilt Rule Customization epic, the requirement to change the behaviour of rule validation on editing has come up.

Instead of blocking the editing of a rule when the rule's data source has not enough data for the query to work, the expected UX would only warn the user but continue to proceed with saving the rule.

However, such a change will have consequences on a number of features that depends on a rule's data source. We need to list them here, detail the consequences of such changes and find alternative behaviours where needed.

Please add any feature that might be impacted by this change, describing:

  • Which feature is impacted?
  • How is it impacted?
  • Is the impact acceptable from a UX point of view?
  • If not, what alternative behaviour could be desired?
### Tasks
- [ ] https://github.com/elastic/security-team/issues/9282
- [ ] https://github.com/elastic/security-team/issues/10181
- [ ] https://github.com/elastic/security-team/issues/10215
- [ ] https://github.com/elastic/security-docs/issues/5758
- [ ] https://github.com/elastic/kibana/issues/191832

banderror avatar Apr 09 '24 17:04 banderror