[8.x] [Rules migration] Add sorting functionality to rules migration …

…table (#11379) (#203396) (#203486)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[Rules migration] Add sorting functionality to rules migration table
(#11379) (#203396)](#203396)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Ievgen
Sorokopud","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-12-09T19:21:16Z","message":"[Rules
migration] Add sorting functionality to rules migration table (#11379)
(#203396)\n\n## Summary\r\n\r\n[Internal
link](https://github.com/elastic/security-team/issues/10820)\r\nto the
feature details\r\n\r\nThese changes add sorting functionality to the
migration rules table. It\r\nis possible to sort migration rules by next
columns: `Updated`, `Name`,\r\n`Status`, `Risk Score`, `Severity` and
`Author`.\r\n\r\n### Other changes\r\n\r\nNext fixes and adjustments
were also implemented as part of this PR:\r\n* `Installed` status in
migration rules table to indicate whether the\r\nrule was installed\r\n*
Rules selection and installation of selected rules\r\n* Disable
selection for not fully translated rules\r\n* `Author` column to show
whether the translated rule matched one of the\r\nexisting Elastic
prebuilt rules\r\n* `Install and enable` and `Install without enabling`
buttons within the\r\nmigration rule details
flyout","sha":"70a5bb33c438912b64259ea4c7a3c77c41f93f45","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Threat
Hunting","Team: SecuritySolution","backport:prev-minor"],"title":"[Rules
migration] Add sorting functionality to rules migration table
(#11379)","number":203396,"url":"https://github.com/elastic/kibana/pull/203396","mergeCommit":{"message":"[Rules
migration] Add sorting functionality to rules migration table (#11379)
(#203396)\n\n## Summary\r\n\r\n[Internal
link](https://github.com/elastic/security-team/issues/10820)\r\nto the
feature details\r\n\r\nThese changes add sorting functionality to the
migration rules table. It\r\nis possible to sort migration rules by next
columns: `Updated`, `Name`,\r\n`Status`, `Risk Score`, `Severity` and
`Author`.\r\n\r\n### Other changes\r\n\r\nNext fixes and adjustments
were also implemented as part of this PR:\r\n* `Installed` status in
migration rules table to indicate whether the\r\nrule was installed\r\n*
Rules selection and installation of selected rules\r\n* Disable
selection for not fully translated rules\r\n* `Author` column to show
whether the translated rule matched one of the\r\nexisting Elastic
prebuilt rules\r\n* `Install and enable` and `Install without enabling`
buttons within the\r\nmigration rule details
flyout","sha":"70a5bb33c438912b64259ea4c7a3c77c41f93f45"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/203396","number":203396,"mergeCommit":{"message":"[Rules
migration] Add sorting functionality to rules migration table (#11379)
(#203396)\n\n## Summary\r\n\r\n[Internal
link](https://github.com/elastic/security-team/issues/10820)\r\nto the
feature details\r\n\r\nThese changes add sorting functionality to the
migration rules table. It\r\nis possible to sort migration rules by next
columns: `Updated`, `Name`,\r\n`Status`, `Risk Score`, `Severity` and
`Author`.\r\n\r\n### Other changes\r\n\r\nNext fixes and adjustments
were also implemented as part of this PR:\r\n* `Installed` status in
migration rules table to indicate whether the\r\nrule was installed\r\n*
Rules selection and installation of selected rules\r\n* Disable
selection for not fully translated rules\r\n* `Author` column to show
whether the translated rule matched one of the\r\nexisting Elastic
prebuilt rules\r\n* `Install and enable` and `Install without enabling`
buttons within the\r\nmigration rule details
flyout","sha":"70a5bb33c438912b64259ea4c7a3c77c41f93f45"}}]}]
BACKPORT-->

---------

Co-authored-by: Ievgen Sorokopud <[email protected]>

oas_docs/bundle.json

@@ -5883,18 +5883,6 @@
         "description": "This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.",
         "operationId": "get-dashboards-dashboard",
         "parameters": [
-          {
-            "description": "The version of the API to use",
-            "in": "header",
-            "name": "elastic-api-version",
-            "schema": {
-              "default": "2023-10-31",
-              "enum": [
-                "2023-10-31"
-              ],
-              "type": "string"
-            }
-          },
           {
             "description": "The page number to return. Default is \"1\".",
             "in": "query",
@@ -5921,7 +5909,7 @@
         "responses": {
           "200": {
             "content": {
-              "application/json; Elastic-Api-Version=2023-10-31": {
+              "application/json": {
                 "schema": {
                   "additionalProperties": false,
                   "properties": {
@@ -6070,18 +6058,6 @@
         "description": "This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.",
         "operationId": "delete-dashboards-dashboard-id",
         "parameters": [
-          {
-            "description": "The version of the API to use",
-            "in": "header",
-            "name": "elastic-api-version",
-            "schema": {
-              "default": "2023-10-31",
-              "enum": [
-                "2023-10-31"
-              ],
-              "type": "string"
-            }
-          },
           {
             "description": "A required header to protect against CSRF attacks",
             "in": "header",
@@ -6113,18 +6089,6 @@
         "description": "This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.",
         "operationId": "get-dashboards-dashboard-id",
         "parameters": [
-          {
-            "description": "The version of the API to use",
-            "in": "header",
-            "name": "elastic-api-version",
-            "schema": {
-              "default": "2023-10-31",
-              "enum": [
-                "2023-10-31"
-              ],
-              "type": "string"
-            }
-          },
           {
             "description": "A unique identifier for the dashboard.",
             "in": "path",
@@ -6138,7 +6102,7 @@
         "responses": {
           "200": {
             "content": {
-              "application/json; Elastic-Api-Version=2023-10-31": {
+              "application/json": {
                 "schema": {
                   "additionalProperties": false,
                   "properties": {
@@ -6773,18 +6737,6 @@
         "description": "This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.",
         "operationId": "post-dashboards-dashboard-id",
         "parameters": [
-          {
-            "description": "The version of the API to use",
-            "in": "header",
-            "name": "elastic-api-version",
-            "schema": {
-              "default": "2023-10-31",
-              "enum": [
-                "2023-10-31"
-              ],
-              "type": "string"
-            }
-          },
           {
             "description": "A required header to protect against CSRF attacks",
             "in": "header",
@@ -6807,7 +6759,7 @@
         ],
         "requestBody": {
           "content": {
-            "application/json; Elastic-Api-Version=2023-10-31": {
+            "application/json": {
               "schema": {
                 "additionalProperties": false,
                 "properties": {
@@ -7342,7 +7294,7 @@
         "responses": {
           "200": {
             "content": {
-              "application/json; Elastic-Api-Version=2023-10-31": {
+              "application/json": {
                 "schema": {
                   "additionalProperties": false,
                   "properties": {
@@ -7949,18 +7901,6 @@
         "description": "This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.",
         "operationId": "put-dashboards-dashboard-id",
         "parameters": [
-          {
-            "description": "The version of the API to use",
-            "in": "header",
-            "name": "elastic-api-version",
-            "schema": {
-              "default": "2023-10-31",
-              "enum": [
-                "2023-10-31"
-              ],
-              "type": "string"
-            }
-          },
           {
             "description": "A required header to protect against CSRF attacks",
             "in": "header",
@@ -7983,7 +7923,7 @@
         ],
         "requestBody": {
           "content": {
-            "application/json; Elastic-Api-Version=2023-10-31": {
+            "application/json": {
               "schema": {
                 "additionalProperties": false,
                 "properties": {
@@ -8512,7 +8452,7 @@
         "responses": {
           "200": {
             "content": {
-              "application/json; Elastic-Api-Version=2023-10-31": {
+              "application/json": {
                 "schema": {
                   "additionalProperties": false,
                   "properties": {

oas_docs/output/kibana.yaml

@@ -7638,14 +7638,6 @@ paths:
       description: This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
       operationId: get-dashboards-dashboard
       parameters:
-        - description: The version of the API to use
-          in: header
-          name: elastic-api-version
-          schema:
-            default: '2023-10-31'
-            enum:
-              - '2023-10-31'
-            type: string
         - description: The page number to return. Default is "1".
           in: query
           name: page
@@ -7768,14 +7760,6 @@ paths:
       description: This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
       operationId: delete-dashboards-dashboard-id
       parameters:
-        - description: The version of the API to use
-          in: header
-          name: elastic-api-version
-          schema:
-            default: '2023-10-31'
-            enum:
-              - '2023-10-31'
-            type: string
         - description: A required header to protect against CSRF attacks
           in: header
           name: kbn-xsrf
@@ -7798,14 +7782,6 @@ paths:
       description: This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
       operationId: get-dashboards-dashboard-id
       parameters:
-        - description: The version of the API to use
-          in: header
-          name: elastic-api-version
-          schema:
-            default: '2023-10-31'
-            enum:
-              - '2023-10-31'
-            type: string
         - description: A unique identifier for the dashboard.
           in: path
           name: id
@@ -8269,14 +8245,6 @@ paths:
       description: This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
       operationId: post-dashboards-dashboard-id
       parameters:
-        - description: The version of the API to use
-          in: header
-          name: elastic-api-version
-          schema:
-            default: '2023-10-31'
-            enum:
-              - '2023-10-31'
-            type: string
         - description: A required header to protect against CSRF attacks
           in: header
           name: kbn-xsrf
@@ -9110,14 +9078,6 @@ paths:
       description: This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
       operationId: put-dashboards-dashboard-id
       parameters:
-        - description: The version of the API to use
-          in: header
-          name: elastic-api-version
-          schema:
-            default: '2023-10-31'
-            enum:
-              - '2023-10-31'
-            type: string
         - description: A required header to protect against CSRF attacks
           in: header
           name: kbn-xsrf

packages/kbn-index-adapter/src/field_maps/types.ts

@@ -46,6 +46,7 @@ export type FieldMap<T extends string = string> = Record<
     array?: boolean;
     doc_values?: boolean;
     enabled?: boolean;
+    fields?: Record<string, { type: string }>;
     format?: string;
     ignore_above?: number;
     multi_fields?: MultiField[];

x-pack/plugins/security_solution/common/siem_migrations/model/api/rules/rule_migration.gen.ts

@@ -59,6 +59,8 @@ export type GetRuleMigrationRequestQuery = z.infer<typeof GetRuleMigrationReques
 export const GetRuleMigrationRequestQuery = z.object({
   page: z.coerce.number().optional(),
   per_page: z.coerce.number().optional(),
+  sort_field: NonEmptyString.optional(),
+  sort_direction: z.enum(['asc', 'desc']).optional(),
   search_term: z.string().optional(),
 });
 export type GetRuleMigrationRequestQueryInput = z.input<typeof GetRuleMigrationRequestQuery>;
@@ -154,7 +156,13 @@ export type InstallMigrationRulesRequestParamsInput = z.input<
 >;
 
 export type InstallMigrationRulesRequestBody = z.infer<typeof InstallMigrationRulesRequestBody>;
-export const InstallMigrationRulesRequestBody = z.array(NonEmptyString);
+export const InstallMigrationRulesRequestBody = z.object({
+  ids: z.array(NonEmptyString),
+  /**
+   * Indicates whether installed rules should be enabled
+   */
+  enabled: z.boolean().optional(),
+});
 export type InstallMigrationRulesRequestBodyInput = z.input<
   typeof InstallMigrationRulesRequestBody
 >;

x-pack/plugins/security_solution/common/siem_migrations/model/api/rules/rule_migration.schema.yaml

@@ -133,6 +133,19 @@ paths:
           required: false
           schema:
             type: number
+        - name: sort_field
+          in: query
+          required: false
+          schema:
+            $ref: '../../../../../common/api/model/primitives.schema.yaml#/components/schemas/NonEmptyString'
+        - name: sort_direction
+          in: query
+          required: false
+          schema:
+            type: string
+            enum:
+              - asc
+              - desc
         - name: search_term
           in: query
           required: false
@@ -180,10 +193,18 @@ paths:
         content:
           application/json:
             schema:
-              type: array
-              items:
-                description: The rule migration id
-                $ref: '../../../../../common/api/model/primitives.schema.yaml#/components/schemas/NonEmptyString'
+              type: object
+              required:
+                - ids
+              properties:
+                ids:
+                  type: array
+                  items:
+                    description: The rule migration id
+                    $ref: '../../../../../common/api/model/primitives.schema.yaml#/components/schemas/NonEmptyString'
+                enabled:
+                  type: boolean
+                  description: Indicates whether installed rules should be enabled
       responses:
         200:
           description: Indicates rules migrations have been installed correctly.

x-pack/plugins/security_solution/common/siem_migrations/rules/utils.ts

@@ -22,13 +22,17 @@ export const isMigrationCustomRule = (rule?: ElasticRule): rule is MigrationCust
   !isMigrationPrebuiltRule(rule) &&
   !!(rule?.title && rule?.description && rule?.query && rule?.query_language);
 
-export const convertMigrationCustomRuleToSecurityRulePayload = (rule: MigrationCustomRule) => {
+export const convertMigrationCustomRuleToSecurityRulePayload = (
+  rule: MigrationCustomRule,
+  enabled: boolean
+) => {
   return {
     type: rule.query_language,
     language: rule.query_language,
     query: rule.query,
     name: rule.title,
     description: rule.description,
+    enabled,
 
     ...DEFAULT_TRANSLATION_FIELDS,
     severity: (rule.severity as Severity) ?? DEFAULT_TRANSLATION_SEVERITY,

x-pack/plugins/security_solution/public/siem_migrations/rules/api/index.ts

@@ -120,6 +120,10 @@ export interface GetRuleMigrationParams {
   page?: number;
   /** Optional number of documents per page to retrieve */
   perPage?: number;
+  /** Optional field of the rule migration object to sort results by */
+  sortField?: string;
+  /** Optional direction to sort results by */
+  sortDirection?: 'asc' | 'desc';
   /** Optional search term to filter documents */
   searchTerm?: string;
   /** Optional AbortSignal for cancelling request */
@@ -130,12 +134,24 @@ export const getRuleMigrations = async ({
   migrationId,
   page,
   perPage,
+  sortField,
+  sortDirection,
   searchTerm,
   signal,
 }: GetRuleMigrationParams): Promise<GetRuleMigrationResponse> => {
   return KibanaServices.get().http.get<GetRuleMigrationResponse>(
     replaceParams(SIEM_RULE_MIGRATION_PATH, { migration_id: migrationId }),
-    { version: '1', query: { page, per_page: perPage, search_term: searchTerm }, signal }
+    {
+      version: '1',
+      query: {
+        page,
+        per_page: perPage,
+        sort_field: sortField,
+        sort_direction: sortDirection,
+        search_term: searchTerm,
+      },
+      signal,
+    }
   );
 };
 
@@ -163,18 +179,21 @@ export interface InstallRulesParams {
   migrationId: string;
   /** The rule ids to install */
   ids: string[];
+  /** Optional indicator to enable the installed rule */
+  enabled?: boolean;
   /** Optional AbortSignal for cancelling request */
   signal?: AbortSignal;
 }
 /** Installs the provided rule ids for a specific migration. */
 export const installMigrationRules = async ({
   migrationId,
   ids,
+  enabled,
   signal,
 }: InstallRulesParams): Promise<InstallMigrationRulesResponse> => {
   return KibanaServices.get().http.post<InstallMigrationRulesResponse>(
     replaceParams(SIEM_RULE_MIGRATION_INSTALL_PATH, { migration_id: migrationId }),
-    { version: '1', body: JSON.stringify(ids), signal }
+    { version: '1', body: JSON.stringify({ ids, enabled }), signal }
   );
 };
 

x-pack/plugins/security_solution/public/siem_migrations/rules/components/rule_details_flyout/index.tsx

@@ -84,7 +84,8 @@ export const MigrationRuleDetailsFlyout: React.FC<MigrationRuleDetailsFlyoutProp
     const rule = useMemo(() => {
       if (isMigrationCustomRule(ruleMigration.elastic_rule)) {
         return convertMigrationCustomRuleToSecurityRulePayload(
-          ruleMigration.elastic_rule
+          ruleMigration.elastic_rule,
+          false
         ) as RuleResponse; // TODO: we need to adjust RuleOverviewTab to allow partial RuleResponse as a parameter;
       }
       return matchedPrebuiltRule;