Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[EDR Workflows] Remove automated actions old feature flags #189954

Merged
merged 4 commits into from
Aug 9, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 0 additions & 10 deletions x-pack/plugins/security_solution/common/experimental_features.ts
Original file line number Diff line number Diff line change
Expand Up @@ -42,16 +42,6 @@ export const allowedExperimentalValues = Object.freeze({
*/
socTrendsEnabled: false,

/**
* Enables the automated response actions in rule + alerts
*/
responseActionsEnabled: true,

/**
* Enables the automated endpoint response action in rule + alerts
*/
endpointResponseActionsEnabled: true,

/**
* Enables the `upload` endpoint response action (v8.9)
*/
Expand Down

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,6 @@ import { useGetAutomatedActionList } from '../../../management/hooks/response_ac
import { EventsViewType } from './event_details';
import * as i18n from './translations';

import { useIsExperimentalFeatureEnabled } from '../../hooks/use_experimental_features';

const TabContentWrapper = styled.div`
height: 100%;
position: relative;
Expand Down Expand Up @@ -75,14 +73,13 @@ export const useResponseActionsView = <T extends object = JSX.Element>({
}),
[]
);
const responseActionsEnabled = useIsExperimentalFeatureEnabled('endpointResponseActionsEnabled');
const expandedEventFieldsObject = rawEventData
? (expandDottedObject((rawEventData as RawEventData).fields) as ExpandedEventFieldsObject)
: undefined;

const responseActions =
expandedEventFieldsObject?.kibana?.alert?.rule?.parameters?.[0].response_actions;
const shouldEarlyReturn = !rawEventData || !responseActionsEnabled;
const shouldEarlyReturn = !rawEventData;

const alertId = rawEventData?._id ?? '';
const [isLive, setIsLive] = useState(false);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ import { UseArray } from '@kbn/es-ui-shared-plugin/static/forms/hook_form_lib';
import type { Type } from '@kbn/securitysolution-io-ts-alerting-types';
import type { RuleObjectId } from '../../../../../common/api/detection_engine/model/rule_schema';
import { isQueryRule } from '../../../../../common/detection_engine/utils';
import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
import { ResponseActionsForm } from '../../../rule_response_actions/response_actions_form';
import type {
RuleStepProps,
Expand Down Expand Up @@ -85,8 +84,6 @@ const StepRuleActionsComponent: FC<StepRuleActionsProps> = ({
const {
services: { application },
} = useKibana();
const responseActionsEnabled = useIsExperimentalFeatureEnabled('responseActionsEnabled');

const displayActionsOptions = useMemo(
() => (
<>
Expand Down Expand Up @@ -120,7 +117,7 @@ const StepRuleActionsComponent: FC<StepRuleActionsProps> = ({
<DisplayActionsHeader />
{ruleId && <RuleSnoozeSection ruleId={ruleId} />}
{displayActionsOptions}
{responseActionsEnabled && displayResponseActionsOptions}
{displayResponseActionsOptions}
<UseField path="kibanaSiemAppUrl" component={GhostFormField} />
<UseField path="enabled" component={GhostFormField} />
</>
Expand All @@ -134,7 +131,6 @@ const StepRuleActionsComponent: FC<StepRuleActionsProps> = ({
application.capabilities.actions.show,
displayActionsOptions,
displayResponseActionsOptions,
responseActionsEnabled,
]);

return (
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,10 @@ interface EnabledFeatures {

export const getSupportedResponseActions = (
actionTypes: ResponseActionType[],
enabledFeatures: EnabledFeatures,
userPermissions: EnabledFeatures
): ResponseActionType[] =>
actionTypes.reduce((acc: ResponseActionType[], actionType) => {
const isEndpointAction = actionType.id === ResponseActionTypesEnum['.endpoint'];
if (!enabledFeatures.endpoint && isEndpointAction) return acc;
if (ResponseActionTypes.options.includes(actionType.id))
return [
...acc,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@

import { useEffect, useMemo, useState } from 'react';
import { useUserPrivileges } from '../../common/components/user_privileges';
import { useIsExperimentalFeatureEnabled } from '../../common/hooks/use_experimental_features';
import type { ResponseActionType } from './get_supported_response_actions';
import { getSupportedResponseActions, responseActionTypes } from './get_supported_response_actions';

Expand All @@ -16,15 +15,8 @@ export const useSupportedResponseActionTypes = () => {
ResponseActionType[] | undefined
>();

const isEndpointEnabled = useIsExperimentalFeatureEnabled('endpointResponseActionsEnabled');
const { canIsolateHost, canKillProcess, canSuspendProcess } =
useUserPrivileges().endpointPrivileges;
const enabledFeatures = useMemo(
() => ({
endpoint: isEndpointEnabled,
}),
[isEndpointEnabled]
);

const userHasPermissionsToExecute = useMemo(
() => ({
Expand All @@ -36,11 +28,10 @@ export const useSupportedResponseActionTypes = () => {
useEffect(() => {
const supportedTypes = getSupportedResponseActions(
responseActionTypes,
enabledFeatures,
userHasPermissionsToExecute
);
setSupportedResponseActionTypes(supportedTypes);
}, [isEndpointEnabled, enabledFeatures, userHasPermissionsToExecute]);
}, [userHasPermissionsToExecute]);

return supportedResponseActionTypes;
};
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ import { DocumentDetailsContext } from '../../shared/context';
import { rawEventData, TestProviders } from '../../../../common/mock';
import { RESPONSE_DETAILS_TEST_ID } from './test_ids';
import { ResponseDetails } from './response_details';
import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';

jest.mock('../../../../common/hooks/use_experimental_features');
jest.mock('../../../../common/lib/kibana', () => {
Expand Down Expand Up @@ -98,19 +97,6 @@ const renderResponseDetails = (contextValue: DocumentDetailsContext) =>
);

describe('<ResponseDetails />', () => {
let featureFlags: { endpointResponseActionsEnabled: boolean; responseActionsEnabled: boolean };

beforeEach(() => {
featureFlags = { endpointResponseActionsEnabled: true, responseActionsEnabled: true };

const useIsExperimentalFeatureEnabledMock = (feature: keyof typeof featureFlags) =>
featureFlags[feature];

(useIsExperimentalFeatureEnabled as jest.Mock).mockImplementation(
useIsExperimentalFeatureEnabledMock
);
});

it('should render the view with response actions', () => {
const wrapper = renderResponseDetails(contextWithResponseActions);

Expand All @@ -120,17 +106,6 @@ describe('<ResponseDetails />', () => {
// TODO mock osquery results
});

it('should render the view with osquery only', () => {
featureFlags.responseActionsEnabled = true;
featureFlags.endpointResponseActionsEnabled = false;

const wrapper = renderResponseDetails(contextWithResponseActions);

expect(wrapper.getByTestId(RESPONSE_DETAILS_TEST_ID)).toBeInTheDocument();
expect(wrapper.queryByTestId('responseActionsViewWrapper')).not.toBeInTheDocument();
expect(wrapper.getByTestId('osqueryViewWrapper')).toBeInTheDocument();
});

it('should render the empty information', () => {
const wrapper = renderResponseDetails(defaultContextValue);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,6 @@ import styled from 'styled-components';
import { FormattedMessage } from '@kbn/i18n-react';
import { RESPONSE_DETAILS_TEST_ID } from './test_ids';
import { useDocumentDetailsContext } from '../../shared/context';
import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
import { useOsqueryTab } from '../../../../common/components/event_details/osquery_tab';
import { useResponseActionsView } from '../../../../common/components/event_details/response_actions_view';

const ExtendedFlyoutWrapper = styled.div`
Expand All @@ -25,18 +23,11 @@ const ExtendedFlyoutWrapper = styled.div`
*/
export const ResponseDetails: React.FC = () => {
const { searchHit, dataAsNestedObject, isPreview } = useDocumentDetailsContext();
const endpointResponseActionsEnabled = useIsExperimentalFeatureEnabled(
'endpointResponseActionsEnabled'
);

const responseActionsView = useResponseActionsView({
rawEventData: searchHit,
ecsData: dataAsNestedObject,
});
const osqueryView = useOsqueryTab({
rawEventData: searchHit,
ecsData: dataAsNestedObject,
});

return (
<div data-test-subj={RESPONSE_DETAILS_TEST_ID}>
Expand All @@ -57,9 +48,7 @@ export const ResponseDetails: React.FC = () => {
</EuiTitle>
<EuiSpacer size="s" />

<ExtendedFlyoutWrapper>
{endpointResponseActionsEnabled ? responseActionsView?.content : osqueryView?.content}
</ExtendedFlyoutWrapper>
<ExtendedFlyoutWrapper>{responseActionsView?.content}</ExtendedFlyoutWrapper>
</>
)}
</div>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,9 +55,6 @@ export const ActionsLogFilters = memo(
'data-test-subj'?: string;
}) => {
const getTestId = useTestIdGenerator(dataTestSubj);
const responseActionsEnabled = useIsExperimentalFeatureEnabled(
'endpointResponseActionsEnabled'
);

const isSentinelOneV1Enabled = useIsExperimentalFeatureEnabled(
'responseActionsSentinelOneV1Enabled'
Expand Down Expand Up @@ -86,26 +83,24 @@ export const ActionsLogFilters = memo(
onChangeFilterOptions={onChangeStatusesFilter}
data-test-subj={dataTestSubj}
/>
{isSentinelOneV1Enabled
? responseActionsEnabled && (
<ActionsLogFilter
filterName={'types'}
typesFilters={{
agentTypes: { onChangeFilterOptions: onChangeAgentTypesFilter },
actionTypes: { onChangeFilterOptions: onChangeTypeFilter },
}}
isFlyout={isFlyout}
data-test-subj={dataTestSubj}
/>
)
: responseActionsEnabled && (
<ActionsLogFilter
filterName={'types'}
onChangeFilterOptions={onChangeTypeFilter}
isFlyout={isFlyout}
data-test-subj={dataTestSubj}
/>
)}
{isSentinelOneV1Enabled ? (
<ActionsLogFilter
filterName={'types'}
typesFilters={{
agentTypes: { onChangeFilterOptions: onChangeAgentTypesFilter },
actionTypes: { onChangeFilterOptions: onChangeTypeFilter },
}}
isFlyout={isFlyout}
data-test-subj={dataTestSubj}
/>
) : (
<ActionsLogFilter
filterName={'types'}
onChangeFilterOptions={onChangeTypeFilter}
isFlyout={isFlyout}
data-test-subj={dataTestSubj}
/>
)}
</>
);
}, [
Expand All @@ -116,7 +111,6 @@ export const ActionsLogFilters = memo(
dataTestSubj,
onChangeCommandsFilter,
onChangeStatusesFilter,
responseActionsEnabled,
onChangeAgentTypesFilter,
onChangeTypeFilter,
]);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -172,10 +172,6 @@ describe('Create rule route', () => {
});
});
describe('rule containing response actions', () => {
beforeEach(() => {
// @ts-expect-error We're writting to a read only property just for the purpose of the test
clients.config.experimentalFeatures.endpointResponseActionsEnabled = true;
});
const getResponseAction = (command: string = 'isolate', config?: object) => ({
action_type_id: '.endpoint',
params: {
Expand Down
Loading