Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Platform] - Make exceptions importable with rules #117399

Closed
2 tasks
yctercero opened this issue Nov 3, 2021 · 2 comments
Closed
2 tasks

[Security Solution][Platform] - Make exceptions importable with rules #117399

yctercero opened this issue Nov 3, 2021 · 2 comments
Assignees
@yctercero
Labels
Feature:Rule Exceptions Security Solution Detection Rule Exceptions area Team:Security Solution Platform Security Solution Platform Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.0.0

Comments

@yctercero
Copy link
Contributor

yctercero commented Nov 3, 2021
edited
Loading

Description

Right now rules export alongside exceptions, but do not yet import. They are ignored on import at the moment.

Test Criteria

  • User can import rules with exception lists
  • User can import rules with exception list items
@yctercero yctercero added v8.0.0 Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Feature:Rule Exceptions Security Solution Detection Rule Exceptions area Team:Security Solution Platform Security Solution Platform Team labels Nov 3, 2021
@yctercero yctercero self-assigned this Nov 3, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@yctercero yctercero mentioned this issue Nov 19, 2021
Merged
14 tasks
yctercero added a commit that referenced this issue Dec 8, 2021
@yctercero
[Security Solution][Platform] - Exceptions imports (#118816)
fccdcb6 
## Summary

Addresses #92613 and #117399

Goal is to allow users to import their exception lists and items alongside their rules. This PR does not complete all the UI updates needed, but does tackle the majority of use cases. The bulk of the changes occur in `import_rules_route` and the new `import_exceptions_route`.

- Adds exceptions import endpoint in `lists` plugin
- Adds exceptions import logic in import rules route in `security_solution` plugin
- Adds integration tests for exception import endpoint
- Adds integration tests for rules import endpoint to account for new functionality
- Purposely not yet adding an import modal in the exceptions table UI until further list management features added (checked with product on this front)
kibanamachine pushed a commit to kibanamachine/kibana that referenced this issue Dec 8, 2021
@yctercero @kibanamachine
[Security Solution][Platform] - Exceptions imports (elastic#118816)
6c812ba 
## Summary

Addresses elastic#92613 and elastic#117399

Goal is to allow users to import their exception lists and items alongside their rules. This PR does not complete all the UI updates needed, but does tackle the majority of use cases. The bulk of the changes occur in `import_rules_route` and the new `import_exceptions_route`.

- Adds exceptions import endpoint in `lists` plugin
- Adds exceptions import logic in import rules route in `security_solution` plugin
- Adds integration tests for exception import endpoint
- Adds integration tests for rules import endpoint to account for new functionality
- Purposely not yet adding an import modal in the exceptions table UI until further list management features added (checked with product on this front)
yctercero pushed a commit that referenced this issue Dec 13, 2021
@kibanamachine
[8.0] [Security Solution][Platform] - Exceptions imports (#118816) (#…
ec02f3d 
…120824)

* [Security Solution][Platform] - Exceptions imports (#118816)

## Summary

Addresses #92613 and #117399

Goal is to allow users to import their exception lists and items alongside their rules. This PR does not complete all the UI updates needed, but does tackle the majority of use cases. The bulk of the changes occur in `import_rules_route` and the new `import_exceptions_route`.

- Adds exceptions import endpoint in `lists` plugin
- Adds exceptions import logic in import rules route in `security_solution` plugin
- Adds integration tests for exception import endpoint
- Adds integration tests for rules import endpoint to account for new functionality
- Purposely not yet adding an import modal in the exceptions table UI until further list management features added (checked with product on this front)
TinLe pushed a commit to TinLe/kibana that referenced this issue Dec 22, 2021
@yctercero @TinLe
[Security Solution][Platform] - Exceptions imports (elastic#118816)
11c9150 
## Summary

Addresses elastic#92613 and elastic#117399

Goal is to allow users to import their exception lists and items alongside their rules. This PR does not complete all the UI updates needed, but does tackle the majority of use cases. The bulk of the changes occur in `import_rules_route` and the new `import_exceptions_route`.

- Adds exceptions import endpoint in `lists` plugin
- Adds exceptions import logic in import rules route in `security_solution` plugin
- Adds integration tests for exception import endpoint
- Adds integration tests for rules import endpoint to account for new functionality
- Purposely not yet adding an import modal in the exceptions table UI until further list management features added (checked with product on this front)
@yctercero
Copy link
Contributor Author

Functionality is in. Closing out, QA is testing this and creating relevant bug tickets.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yctercero yctercero

Labels
Feature:Rule Exceptions Security Solution Detection Rule Exceptions area Team:Security Solution Platform Security Solution Platform Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.0.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yctercero @elasticmachine