diff --git a/x-pack/plugins/security_solution/common/detection_engine/utils.ts b/x-pack/plugins/security_solution/common/detection_engine/utils.ts
index fa1812235f897c..153130fc16d603 100644
--- a/x-pack/plugins/security_solution/common/detection_engine/utils.ts
+++ b/x-pack/plugins/security_solution/common/detection_engine/utils.ts
@@ -5,6 +5,7 @@
*/
import { EntriesArray } from '../shared_imports';
+import { RuleType } from './types';
export const hasLargeValueList = (entries: EntriesArray): boolean => {
const found = entries.filter(({ type }) => type === 'list');
@@ -15,3 +16,5 @@ export const hasNestedEntry = (entries: EntriesArray): boolean => {
const found = entries.filter(({ type }) => type === 'nested');
return found.length > 0;
};
+
+export const isThresholdRule = (ruleType: RuleType) => ruleType === 'threshold';
diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/select_rule_type/index.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/select_rule_type/index.tsx
index 6546c1ba59d84f..c6ea269e1a355a 100644
--- a/x-pack/plugins/security_solution/public/detections/components/rules/select_rule_type/index.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/rules/select_rule_type/index.tsx
@@ -8,14 +8,13 @@ import React, { useCallback, useMemo } from 'react';
import { EuiCard, EuiFlexGrid, EuiFlexItem, EuiFormRow, EuiIcon } from '@elastic/eui';
import { isMlRule } from '../../../../../common/machine_learning/helpers';
+import { isThresholdRule } from '../../../../../common/detection_engine/utils';
import { RuleType } from '../../../../../common/detection_engine/types';
import { FieldHook } from '../../../../shared_imports';
import { useKibana } from '../../../../common/lib/kibana';
import * as i18n from './translations';
import { MlCardDescription } from './ml_card_description';
-const isThresholdRule = (ruleType: RuleType) => ruleType === 'threshold';
-
interface SelectRuleTypeProps {
describedByIds?: string[];
field: FieldHook;
diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/index.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/index.tsx
index 4d91460bfd2c88..2ff3b1c50ec4d4 100644
--- a/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/index.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/index.tsx
@@ -4,11 +4,13 @@
* you may not use this file except in compliance with the Elastic License.
*/
-import { EuiAccordion, EuiFlexItem, EuiSpacer, EuiButtonEmpty, EuiFormRow } from '@elastic/eui';
+import { EuiAccordion, EuiFlexItem, EuiSpacer, EuiFormRow } from '@elastic/eui';
import React, { FC, memo, useCallback, useEffect, useState } from 'react';
import styled from 'styled-components';
import deepEqual from 'fast-deep-equal';
+import { isMlRule } from '../../../../../common/machine_learning/helpers';
+import { isThresholdRule } from '../../../../../common/detection_engine/utils';
import {
RuleStepProps,
RuleStep,
@@ -60,26 +62,6 @@ const TagContainer = styled.div`
TagContainer.displayName = 'TagContainer';
-const AdvancedSettingsAccordion = styled(EuiAccordion)`
- .euiAccordion__iconWrapper {
- display: none;
- }
-
- .euiAccordion__childWrapper {
- transition-duration: 1ms; /* hack to fire Step accordion to set proper content's height */
- }
-
- &.euiAccordion-isOpen .euiButtonEmpty__content > svg {
- transform: rotate(90deg);
- }
-`;
-
-const AdvancedSettingsAccordionButton = (
-
- {I18n.ADVANCED_SETTINGS}
-
-);
-
const StepAboutRuleComponent: FC = ({
addPadding = false,
defaultValues,
@@ -95,6 +77,10 @@ const StepAboutRuleComponent: FC = ({
const [{ isLoading: indexPatternLoading, indexPatterns }] = useFetchIndexPatterns(
defineRuleData?.index ?? []
);
+ const canUseExceptions =
+ defineRuleData?.ruleType &&
+ !isMlRule(defineRuleData.ruleType) &&
+ !isThresholdRule(defineRuleData.ruleType);
const { form } = useForm({
defaultValue: myStepData,
@@ -208,10 +194,10 @@ const StepAboutRuleComponent: FC = ({
/>
-
= ({
idAria: 'detectionEngineStepAboutRuleAssociatedToEndpointList',
'data-test-subj': 'detectionEngineStepAboutRuleAssociatedToEndpointList',
euiFieldProps: {
- fullWidth: true,
- isDisabled: isLoading,
+ disabled: isLoading || !canUseExceptions,
},
}}
/>
@@ -302,8 +287,7 @@ const StepAboutRuleComponent: FC = ({
idAria: 'detectionEngineStepAboutRuleBuildingBlock',
'data-test-subj': 'detectionEngineStepAboutRuleBuildingBlock',
euiFieldProps: {
- fullWidth: true,
- isDisabled: isLoading,
+ disabled: isLoading,
},
}}
/>
@@ -334,7 +318,7 @@ const StepAboutRuleComponent: FC = ({
placeholder: '',
}}
/>
-
+
{({ severity }) => {
const newRiskScore = defaultRiskScoreBySeverity[severity as SeverityValue];
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx
index 7eb5c3a5353772..484c28b4b428cd 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx
@@ -37,7 +37,7 @@ import {
} from '../../../../../common/components/link_to/redirect_to_detection_engine';
import { SiemSearchBar } from '../../../../../common/components/search_bar';
import { WrapperPage } from '../../../../../common/components/wrapper_page';
-import { useRule } from '../../../../containers/detection_engine/rules';
+import { useRule, Rule } from '../../../../containers/detection_engine/rules';
import { useListsConfig } from '../../../../containers/detection_engine/lists/use_lists_config';
import { useWithSource } from '../../../../../common/containers/source';
@@ -90,6 +90,8 @@ import {
MIN_EVENTS_VIEWER_BODY_HEIGHT,
} from '../../../../../timelines/components/timeline/body/helpers';
import { footerHeight } from '../../../../../timelines/components/timeline/footer';
+import { isMlRule } from '../../../../../../common/machine_learning/helpers';
+import { isThresholdRule } from '../../../../../../common/detection_engine/utils';
enum RuleDetailTabs {
alerts = 'alerts',
@@ -97,23 +99,26 @@ enum RuleDetailTabs {
exceptions = 'exceptions',
}
-const ruleDetailTabs = [
- {
- id: RuleDetailTabs.alerts,
- name: detectionI18n.ALERT,
- disabled: false,
- },
- {
- id: RuleDetailTabs.exceptions,
- name: i18n.EXCEPTIONS_TAB,
- disabled: false,
- },
- {
- id: RuleDetailTabs.failures,
- name: i18n.FAILURE_HISTORY_TAB,
- disabled: false,
- },
-];
+const getRuleDetailsTabs = (rule: Rule | null) => {
+ const canUseExceptions = rule && !isMlRule(rule.type) && !isThresholdRule(rule.type);
+ return [
+ {
+ id: RuleDetailTabs.alerts,
+ name: detectionI18n.ALERT,
+ disabled: false,
+ },
+ {
+ id: RuleDetailTabs.exceptions,
+ name: i18n.EXCEPTIONS_TAB,
+ disabled: !canUseExceptions,
+ },
+ {
+ id: RuleDetailTabs.failures,
+ name: i18n.FAILURE_HISTORY_TAB,
+ disabled: false,
+ },
+ ];
+};
export const RuleDetailsPageComponent: FC = ({
filters,
@@ -160,6 +165,7 @@ export const RuleDetailsPageComponent: FC = ({
// TODO: Refactor license check + hasMlAdminPermissions to common check
const hasMlPermissions =
mlCapabilities.isPlatinumOrTrialLicense && hasMlAdminPermissions(mlCapabilities);
+ const ruleDetailTabs = getRuleDetailsTabs(rule);
const title = isLoading === true || rule === null ? : rule.name;
const subTitle = useMemo(