Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[8.15] [Security Solution] Fix showing integration status for single …
…integration per package (#187200) (#188336) # Backport This will backport the following commits from `main` to `8.15`: - [[Security Solution] Fix showing integration status for single integration per package (#187200)](#187200) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Maxim Palenov","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-07-15T17:13:14Z","message":"[Security Solution] Fix showing integration status for single integration per package (#187200)\n\n**Resolves:** https://github.com/elastic/kibana/issues/187199\r\n\r\n## Summary\r\n\r\nThis PR fixes displaying related integration status for rules referring packages with a single integration. A good example is `Web Application Suspicious Activity: Unauthorized Method` rule which refers `APM` integration. Package and integration names don't match but the prebuilt rule only refers a package name omitting the integration name.\r\n\r\n## Details\r\n\r\nThis fix changes response from `GET /internal/detection_engine/fleet/integrations/all` internal API endpoint by adding an additional integration for packages having a single integration which name doesn't match the package name.\r\n\r\nFor packages with a single integration and matching package and integration names there is only one integration returned with integration name and title omitted.\r\n\r\nThere are different packages with integrations\r\n\r\n- a package with multiple integrations\r\n- a package without integrations\r\n- a package with only one integration which name matches with the package name\r\n- a package with only one integration which name doesn't match with the package name\r\n\r\nThe latter case is `apm` package which has `apmServer` integration. For example `Web Application Suspicious Activity: Unauthorized Method` prebuilt rule specifies only `apm` package name which integration name is empty.\r\n\r\n### Screenshots before\r\n\r\nInstallation rule preview popover:\r\n<img width=\"1715\" alt=\"image\" src=\"https://github.com/elastic/kibana/assets/3775283/80f3d01f-5276-425b-835a-c78b69eab033\">\r\n\r\nRule details page:\r\n<img width=\"1722\" alt=\"image\" src=\"https://github.com/elastic/kibana/assets/3775283/85c833f9-b841-4016-8db9-43d4c68f1248\">\r\n\r\n### Screenshots after\r\n\r\nInstallation rule preview popover:\r\n<img width=\"1718\" alt=\"image\" src=\"https://github.com/elastic/kibana/assets/3775283/a0ca1b4b-ebab-4de5-a169-1f6e55c74f35\">\r\n\r\nRule details page:\r\n<img width=\"1723\" alt=\"image\" src=\"https://github.com/elastic/kibana/assets/3775283/f647e536-2bc6-4ab8-8f4e-b4e923afb9ae\">\r\n\r\nRule details page (Elastic APM integration is installed and enabled):\r\n<img width=\"1718\" alt=\"image\" src=\"https://github.com/elastic/kibana/assets/3775283/33d12f7d-d9b9-43c3-9162-9bf7c6e015fc\">","sha":"875d6e99f0304b3febb675faafadd60a1f9e2253","branchLabelMapping":{"^v8.16.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","v8.15.0","v8.16.0"],"title":"[Security Solution] Fix showing integration status for single integration per package","number":187200,"url":"https://github.com/elastic/kibana/pull/187200","mergeCommit":{"message":"[Security Solution] Fix showing integration status for single integration per package (#187200)\n\n**Resolves:** https://github.com/elastic/kibana/issues/187199\r\n\r\n## Summary\r\n\r\nThis PR fixes displaying related integration status for rules referring packages with a single integration. A good example is `Web Application Suspicious Activity: Unauthorized Method` rule which refers `APM` integration. Package and integration names don't match but the prebuilt rule only refers a package name omitting the integration name.\r\n\r\n## Details\r\n\r\nThis fix changes response from `GET /internal/detection_engine/fleet/integrations/all` internal API endpoint by adding an additional integration for packages having a single integration which name doesn't match the package name.\r\n\r\nFor packages with a single integration and matching package and integration names there is only one integration returned with integration name and title omitted.\r\n\r\nThere are different packages with integrations\r\n\r\n- a package with multiple integrations\r\n- a package without integrations\r\n- a package with only one integration which name matches with the package name\r\n- a package with only one integration which name doesn't match with the package name\r\n\r\nThe latter case is `apm` package which has `apmServer` integration. For example `Web Application Suspicious Activity: Unauthorized Method` prebuilt rule specifies only `apm` package name which integration name is empty.\r\n\r\n### Screenshots before\r\n\r\nInstallation rule preview popover:\r\n<img width=\"1715\" alt=\"image\" src=\"https://github.com/elastic/kibana/assets/3775283/80f3d01f-5276-425b-835a-c78b69eab033\">\r\n\r\nRule details page:\r\n<img width=\"1722\" alt=\"image\" src=\"https://github.com/elastic/kibana/assets/3775283/85c833f9-b841-4016-8db9-43d4c68f1248\">\r\n\r\n### Screenshots after\r\n\r\nInstallation rule preview popover:\r\n<img width=\"1718\" alt=\"image\" src=\"https://github.com/elastic/kibana/assets/3775283/a0ca1b4b-ebab-4de5-a169-1f6e55c74f35\">\r\n\r\nRule details page:\r\n<img width=\"1723\" alt=\"image\" src=\"https://github.com/elastic/kibana/assets/3775283/f647e536-2bc6-4ab8-8f4e-b4e923afb9ae\">\r\n\r\nRule details page (Elastic APM integration is installed and enabled):\r\n<img width=\"1718\" alt=\"image\" src=\"https://github.com/elastic/kibana/assets/3775283/33d12f7d-d9b9-43c3-9162-9bf7c6e015fc\">","sha":"875d6e99f0304b3febb675faafadd60a1f9e2253"}},"sourceBranch":"main","suggestedTargetBranches":["8.15"],"targetPullRequestStates":[{"branch":"8.15","label":"v8.15.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/187200","number":187200,"mergeCommit":{"message":"[Security Solution] Fix showing integration status for single integration per package (#187200)\n\n**Resolves:** https://github.com/elastic/kibana/issues/187199\r\n\r\n## Summary\r\n\r\nThis PR fixes displaying related integration status for rules referring packages with a single integration. A good example is `Web Application Suspicious Activity: Unauthorized Method` rule which refers `APM` integration. Package and integration names don't match but the prebuilt rule only refers a package name omitting the integration name.\r\n\r\n## Details\r\n\r\nThis fix changes response from `GET /internal/detection_engine/fleet/integrations/all` internal API endpoint by adding an additional integration for packages having a single integration which name doesn't match the package name.\r\n\r\nFor packages with a single integration and matching package and integration names there is only one integration returned with integration name and title omitted.\r\n\r\nThere are different packages with integrations\r\n\r\n- a package with multiple integrations\r\n- a package without integrations\r\n- a package with only one integration which name matches with the package name\r\n- a package with only one integration which name doesn't match with the package name\r\n\r\nThe latter case is `apm` package which has `apmServer` integration. For example `Web Application Suspicious Activity: Unauthorized Method` prebuilt rule specifies only `apm` package name which integration name is empty.\r\n\r\n### Screenshots before\r\n\r\nInstallation rule preview popover:\r\n<img width=\"1715\" alt=\"image\" src=\"https://github.com/elastic/kibana/assets/3775283/80f3d01f-5276-425b-835a-c78b69eab033\">\r\n\r\nRule details page:\r\n<img width=\"1722\" alt=\"image\" src=\"https://github.com/elastic/kibana/assets/3775283/85c833f9-b841-4016-8db9-43d4c68f1248\">\r\n\r\n### Screenshots after\r\n\r\nInstallation rule preview popover:\r\n<img width=\"1718\" alt=\"image\" src=\"https://github.com/elastic/kibana/assets/3775283/a0ca1b4b-ebab-4de5-a169-1f6e55c74f35\">\r\n\r\nRule details page:\r\n<img width=\"1723\" alt=\"image\" src=\"https://github.com/elastic/kibana/assets/3775283/f647e536-2bc6-4ab8-8f4e-b4e923afb9ae\">\r\n\r\nRule details page (Elastic APM integration is installed and enabled):\r\n<img width=\"1718\" alt=\"image\" src=\"https://github.com/elastic/kibana/assets/3775283/33d12f7d-d9b9-43c3-9162-9bf7c6e015fc\">","sha":"875d6e99f0304b3febb675faafadd60a1f9e2253"}}]}] BACKPORT--> Co-authored-by: Maxim Palenov <[email protected]>
- Loading branch information