[Security Solution] Rule Details page: show what fields are customized and what are these customizations exactly #207172
Description
Epic: #179907
Summary
To help users understand what changes were made to the prebuilt Elastic rule, we want to indicate that field was customised, and allow to see the previous field version.
Telemetry:
- collect events for viewing previous field version
Acceptance criteria
- every modified field of the Elastic Prebuilt rule is clearly indicated in UI
- User can view the previous Elastic version of the field
- user cannot see any previous custom field modifications.
Design
Release progress
- UX design is done by @ARWNightingale.
- Test plan is written and approved by the team.
- Initial implementation is done.
- Automated tests are written based on the test plan.
- Acceptance testing is done by @approksiu and @ARWNightingale.
- Exploratory testing is done by
@pborgonovi@chetnarajput-qasource. - UI copies are suggested by @nastasha-solomon and ready to be implemented (link to the ticket)
- Feature is fully implemented and is ready to be released.
- Documentation is written for Serverless and ESS by @nastasha-solomon (ticket).
- Feature is released in Serverless.
Planned release in Serverless: DONE.
Planned release in ESS: v8.19.0, v9.1.0.
Metadata
Metadata
Assignees
Labels
Security Solution Prebuilt Detection Rules areaSecurity Solution Detection Rule Details pageSecurity Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.Security Detection Rule Management TeamSecurity Detection Response TeamRequires design mocks before development and UX lead approval on PR before merge.New value added to drive a business result