[Security Solution] Declutter the ThreeWayDiff UI #208177
Assignees
Labels
enhancement
New value added to drive a business result
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules area
needs design
needs product
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Comments
banderror
added
enhancement
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
33 tasks
banderror
changed the title
20 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Epic: #179907
Summary
We should "declutter" the Updates tab of the Rule Upgrade flyout that shows fields updated by Elastic and customized by the user.
Currently, if the user has many rule fields customized, we will show all of them in the flyout, along with the fields that have updates from Elastic. This looks a bit messy and the user can loose focus on updates and resolving conflicts between the updates and their customizations.
Here in green you can see fields that have updates from Elastic, and in orange fields that only have customizations made by the user.
We should ensure that users get a clear focus on updates from Elastic and conflicts between these updates and user customizations. Fields that have only user customizations but don't have updates from Elastic should be available for review and modification, but should be the lowest priority/focus.
User stories
User can review field updates in the Upgrade flyout in the following order, in order to focus on the most important information first:
User can skip reviewing those fields that only contain user customizations; these fields should be hidden by default.
User can unhide the fields that only contain user customizations, to be able to review and edit them if needed.
Background
Something that might be not clear to people is why do we need to show the fields that only contain user customizations?
Let's look at this simple example:
We will always be able to auto-merge changes to index patterns, so in this case it's gonna always be a solvable conflict. However, the user's customization to the query field might not be compatible with the auto-merged value of index patterns. That's why we should allow the user to edit the query field as well, if it's needed in a particular upgrade case.
Related issues
The text was updated successfully, but these errors were encountered: