Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] Add ability to import exception lists #92613

Closed
peluja1012 opened this issue Feb 24, 2021 · 4 comments
Closed

[Security Solution] Add ability to import exception lists #92613

peluja1012 opened this issue Feb 24, 2021 · 4 comments
Labels
enhancement New value added to drive a business result Feature:Rule Exceptions Security Solution Detection Rule Exceptions area Team:Detections and Resp Security Detection Response Team Team:Security Solution Platform Security Solution Platform Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Theme: simp_prot_mgmt Security Solution Simplified Protection Management Theme

Comments

@peluja1012
Copy link
Contributor

In 7.11 we introduced the Exceptions Lists view to management exception lists. This view currently allows users to export exception lists. However, the ability to import these lists is missing. This issue is to add this functionality in the Security App's UI.

@peluja1012 peluja1012 added enhancement New value added to drive a business result Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Feature:Rule Exceptions Security Solution Detection Rule Exceptions area labels Feb 24, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@spong
Copy link
Member

spong commented May 28, 2021

Referencing conversation around importing/exporting rules via the SO Management UI in #50266.

If we have success with #99741 / #87992, we might just be able to leverage the SO Management UI for Security Rules/Exceptions/Actions (though value lists will still need to be managed via the dedicated Security Solution UI though).

@peluja1012 peluja1012 added the Team:Security Solution Platform Security Solution Platform Team label Sep 14, 2021
@peluja1012 peluja1012 added the Theme: simp_prot_mgmt Security Solution Simplified Protection Management Theme label Oct 26, 2021
yctercero added a commit that referenced this issue Dec 8, 2021
## Summary

Addresses #92613 and #117399

Goal is to allow users to import their exception lists and items alongside their rules. This PR does not complete all the UI updates needed, but does tackle the majority of use cases. The bulk of the changes occur in `import_rules_route` and the new `import_exceptions_route`.

- Adds exceptions import endpoint in `lists` plugin
- Adds exceptions import logic in import rules route in `security_solution` plugin
- Adds integration tests for exception import endpoint
- Adds integration tests for rules import endpoint to account for new functionality
- Purposely not yet adding an import modal in the exceptions table UI until further list management features added (checked with product on this front)
kibanamachine pushed a commit to kibanamachine/kibana that referenced this issue Dec 8, 2021
## Summary

Addresses elastic#92613 and elastic#117399

Goal is to allow users to import their exception lists and items alongside their rules. This PR does not complete all the UI updates needed, but does tackle the majority of use cases. The bulk of the changes occur in `import_rules_route` and the new `import_exceptions_route`.

- Adds exceptions import endpoint in `lists` plugin
- Adds exceptions import logic in import rules route in `security_solution` plugin
- Adds integration tests for exception import endpoint
- Adds integration tests for rules import endpoint to account for new functionality
- Purposely not yet adding an import modal in the exceptions table UI until further list management features added (checked with product on this front)
yctercero pushed a commit that referenced this issue Dec 13, 2021
…120824)

* [Security Solution][Platform] - Exceptions imports (#118816)

## Summary

Addresses #92613 and #117399

Goal is to allow users to import their exception lists and items alongside their rules. This PR does not complete all the UI updates needed, but does tackle the majority of use cases. The bulk of the changes occur in `import_rules_route` and the new `import_exceptions_route`.

- Adds exceptions import endpoint in `lists` plugin
- Adds exceptions import logic in import rules route in `security_solution` plugin
- Adds integration tests for exception import endpoint
- Adds integration tests for rules import endpoint to account for new functionality
- Purposely not yet adding an import modal in the exceptions table UI until further list management features added (checked with product on this front)
TinLe pushed a commit to TinLe/kibana that referenced this issue Dec 22, 2021
## Summary

Addresses elastic#92613 and elastic#117399

Goal is to allow users to import their exception lists and items alongside their rules. This PR does not complete all the UI updates needed, but does tackle the majority of use cases. The bulk of the changes occur in `import_rules_route` and the new `import_exceptions_route`.

- Adds exceptions import endpoint in `lists` plugin
- Adds exceptions import logic in import rules route in `security_solution` plugin
- Adds integration tests for exception import endpoint
- Adds integration tests for rules import endpoint to account for new functionality
- Purposely not yet adding an import modal in the exceptions table UI until further list management features added (checked with product on this front)
@peluja1012
Copy link
Contributor Author

Implemented by #118816

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New value added to drive a business result Feature:Rule Exceptions Security Solution Detection Rule Exceptions area Team:Detections and Resp Security Detection Response Team Team:Security Solution Platform Security Solution Platform Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Theme: simp_prot_mgmt Security Solution Simplified Protection Management Theme
Projects
None yet
Development

No branches or pull requests

3 participants