[Security Solution] Test plan for prebuilt rule customization #204888
Conversation
dplumlee
added
test-plan
v9.0.0
Team:Detections and Resp
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
dplumlee
added
the
release_note:skip
|
@pborgonovi Please review this one |
There was a problem hiding this comment.
@dplumlee Thanks for adding Prebuilt Rules Customization test plan 🙏
I reviewed the test plan and left suggestions to make the test plan more robust and improve readability.
It looks like this test plan should include the following scenarios as well
- A test scenario (with examples) for each field affecting isCustomized
- Custom rules shouldn't have "Modified" badge on rule details page
- Custom rules shouldn't have "Modified" badge on rule management table
- Scenarios covering
ruleSource - Users can navigate to rule edit page from prebuilt rule details
Feel free to reach me to discuss it over Zoom in case of questions.
...ity_solution/docs/testing/test_plans/detection_response/prebuilt_rules/rule_customization.md
Outdated
Show resolved
Hide resolved
...ity_solution/docs/testing/test_plans/detection_response/prebuilt_rules/rule_customization.md
Outdated
Show resolved
Hide resolved
...ity_solution/docs/testing/test_plans/detection_response/prebuilt_rules/rule_customization.md
Outdated
Show resolved
Hide resolved
...ity_solution/docs/testing/test_plans/detection_response/prebuilt_rules/rule_customization.md
Outdated
Show resolved
Hide resolved
...ity_solution/docs/testing/test_plans/detection_response/prebuilt_rules/rule_customization.md
Outdated
Show resolved
Hide resolved
...ity_solution/docs/testing/test_plans/detection_response/prebuilt_rules/rule_customization.md
Outdated
Show resolved
Hide resolved
|
|
||
| ### Terminology | ||
|
|
||
| - **Base version**: The version of the rule we ship with the rule package, can be thought of as the "original" version of the rule. |
There was a problem hiding this comment.
| - **Base version**: The version of the rule we ship with the rule package, can be thought of as the "original" version of the rule. | |
| - **Base version**: Prebuilt rule asset we ship in the rule package corresponding to the currently installed prebuilt rules. It represents "original" version of the rule. During prebuilt rules installation prebuilt rule assets data is copied over and becomes an installed prebuilt rule. |
There was a problem hiding this comment.
Can we say that it's a prebuilt rule asset whose "version" field matches the "version" of an installed rule? WDYT?
...ity_solution/docs/testing/test_plans/detection_response/prebuilt_rules/rule_customization.md
Outdated
Show resolved
Hide resolved
...ity_solution/docs/testing/test_plans/detection_response/prebuilt_rules/rule_customization.md
Outdated
Show resolved
Hide resolved
...ity_solution/docs/testing/test_plans/detection_response/prebuilt_rules/rule_customization.md
Outdated
Show resolved
Hide resolved
...ity_solution/docs/testing/test_plans/detection_response/prebuilt_rules/rule_customization.md
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Thanks for the PR, @dplumlee! Overall, the test coverage looks solid. I’ve left a couple of comments for you to consider.
One potential improvement: should we add a scenario to ensure that the “Edit” buttons in the rule details page and rule management table are clickable when the feature flag is enabled?
Additionally, do we want to include a test to verify that non-modifiable fields, such as version and id are uneditable?”
Looking forward to your thoughts!
|
@maximpn @nikitaindik I believe I addressed most of your comments or left questions, take a look when you can.
@maximpn I think all the additional test cases you mentioned have now been covered but not sure what you meant by this one. I've left a few responses in regard to the |
There was a problem hiding this comment.
Thanks for addressing my feedback, @dplumlee! The test plan looks good to me now.
...ity_solution/docs/testing/test_plans/detection_response/prebuilt_rules/rule_customization.md
Outdated
Show resolved
Hide resolved
...ity_solution/docs/testing/test_plans/detection_response/prebuilt_rules/rule_customization.md
Outdated
Show resolved
Hide resolved
...ity_solution/docs/testing/test_plans/detection_response/prebuilt_rules/rule_customization.md
Outdated
Show resolved
Hide resolved
...ity_solution/docs/testing/test_plans/detection_response/prebuilt_rules/rule_customization.md
Outdated
Show resolved
Hide resolved
...ity_solution/docs/testing/test_plans/detection_response/prebuilt_rules/rule_customization.md
Outdated
Show resolved
Hide resolved
...ity_solution/docs/testing/test_plans/detection_response/prebuilt_rules/rule_customization.md
Outdated
Show resolved
Hide resolved
...ity_solution/docs/testing/test_plans/detection_response/prebuilt_rules/rule_customization.md
Outdated
Show resolved
Hide resolved
...ity_solution/docs/testing/test_plans/detection_response/prebuilt_rules/rule_customization.md
Outdated
Show resolved
Hide resolved
...ity_solution/docs/testing/test_plans/detection_response/prebuilt_rules/rule_customization.md
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
@dplumlee Thanks for addressing my comments 👍
I believe ruleSource and is_customized assertions should be removed from test scenarios. Instead of focusing on ruleSource and is_customized test scenarios should focus on Modified badge.
...ity_solution/docs/testing/test_plans/detection_response/prebuilt_rules/rule_customization.md
Outdated
Show resolved
Hide resolved
| And the rule is unmodified | ||
| When a user edits the rule from the rule edit page to something different than the original version | ||
| Then the rule is successfully updated | ||
| And the ruleSource should be "external" |
There was a problem hiding this comment.
You may add such ab assumption but it looks like an overkill since the test plan concerns prebuilt rules.
My comment is rather related to unnecessary test scenario explicitness. Users won't see ruleSource in UI. They rather see Modified badge when the rule is modified. The scenario says User can edit a non-customized prebuilt rule from the rule edit page. It literally means user may open rule editing form for a prebuilt rule, change some fields values and save the rule. After that they should see changed values on the rule details page and Modified badge. Checking ruleSource on the way is test implementation details and looks optional.
| And the action is successfully applied to selected rules | ||
| Then rules that have been changed from their base version should have a ruleSource of "external" | ||
| And isCustomized should be true | ||
| And the "Modified" badge should appear on the respective row in the rule management table |
There was a problem hiding this comment.
Modified badge is the only visual output here. I think it should stay.
My point is that the test may double check bulk actions affect rule details page as well. Though I gave it a second thought and it looks rather optional.
...ity_solution/docs/testing/test_plans/detection_response/prebuilt_rules/rule_customization.md
Outdated
Show resolved
Hide resolved
...ity_solution/docs/testing/test_plans/detection_response/prebuilt_rules/rule_customization.md
Show resolved
Hide resolved
...ity_solution/docs/testing/test_plans/detection_response/prebuilt_rules/rule_customization.md
Outdated
Show resolved
Hide resolved
| Then the rule is successfully updated | ||
| And the ruleSource should be "external" | ||
| And isCustomized should be true | ||
| And the "Modified" badge should appear on the rule's detail page |
There was a problem hiding this comment.
Could we have a separate test scenario to assert Modified badge appears on Rules Update table?
...ity_solution/docs/testing/test_plans/detection_response/prebuilt_rules/rule_customization.md
Outdated
Show resolved
Hide resolved
|
Starting backport for target branches: 8.x |
…c#204888) ## Summary Addresses elastic#202068 Adds test plan for rule customization features related to the milestone 3 prebuilt rule customization epic (cherry picked from commit ded92cf)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…204888) (#206970) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] Test plan for prebuilt rule customization (#204888)](#204888) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Davis Plumlee","email":"[email protected]"},"sourceCommit":{"committedDate":"2025-01-16T15:57:17Z","message":"[Security Solution] Test plan for prebuilt rule customization (#204888)\n\n## Summary\r\n\r\nAddresses https://github.com/elastic/kibana/issues/202068\r\n\r\nAdds test plan for rule customization features related to the milestone\r\n3 prebuilt rule customization epic","sha":"ded92cf9953742e569d6f84850f20de861cb5844","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","test-plan","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v8.18.0"],"title":"[Security Solution] Test plan for prebuilt rule customization","number":204888,"url":"https://github.com/elastic/kibana/pull/204888","mergeCommit":{"message":"[Security Solution] Test plan for prebuilt rule customization (#204888)\n\n## Summary\r\n\r\nAddresses https://github.com/elastic/kibana/issues/202068\r\n\r\nAdds test plan for rule customization features related to the milestone\r\n3 prebuilt rule customization epic","sha":"ded92cf9953742e569d6f84850f20de861cb5844"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/204888","number":204888,"mergeCommit":{"message":"[Security Solution] Test plan for prebuilt rule customization (#204888)\n\n## Summary\r\n\r\nAddresses https://github.com/elastic/kibana/issues/202068\r\n\r\nAdds test plan for rule customization features related to the milestone\r\n3 prebuilt rule customization epic","sha":"ded92cf9953742e569d6f84850f20de861cb5844"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Davis Plumlee <[email protected]>
…c#204888) ## Summary Addresses elastic#202068 Adds test plan for rule customization features related to the milestone 3 prebuilt rule customization epic
Summary
Addresses #202068
Adds test plan for rule customization features related to the milestone 3 prebuilt rule customization epic