Skip to content

UX copy request for Detection rule workflows - Revert a customized prebuilt rule #1241

New issue
New issue
Open
Open
UX copy request for Detection rule workflows - Revert a customized prebuilt rule#1241
Assignees
nastasha-solomon
Labels
Team:SecurityIssues owned by the Security Docs Team
@ARWNightingale

Description

@ARWNightingale
ARWNightingale
opened on Apr 23, 2025

Background:

Currently once user customizes the prebuilt rule, they cannot easily revert the changes they made to the Elastic version. We should provide them with a way to go back to the stock version of the rule.
Consider providing the base version preview, so that user can see it before reverting their changes.
Consider situation when the base version is missing.

To help users understand what changes were made to the prebuilt Elastic rule, we want to indicate that field was customised, and allow to see the previous field version.

Target release(s)

8.19, 9.1, and Serverless TBD

Epics

elastic/kibana#215506
elastic/kibana#207172

Designs
Design File

The Requests

Image We need to tell the user in a tooltip what the icon means next to each modified field in the rules details page. Heres my attempt Image We need to explain in a tooltip when reverting is disabled and why: this is because we do not have the Elastic version it was modified from as we only keep the latest 4 versions on a rule. So it may not have been updated in a while. We should suggest updating the rule instead. Image This is my attempt at the flyout language. Can you check it all makes sense for example the header and the use of Elastic version? Image We need a success message to confirm the success of reverting the rule back to the elastic version.

Metadata

Metadata

Assignees

Labels

Team:SecurityIssues owned by the Security Docs Team

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions