Skip to content

[Security Solution] Add MVP UI for rule changes history#269617

Open
maximpn wants to merge 11 commits into
elastic:mainfrom
maximpn:changes-history/mvp-ui
Open

[Security Solution] Add MVP UI for rule changes history#269617
maximpn wants to merge 11 commits into
elastic:mainfrom
maximpn:changes-history/mvp-ui

Conversation

@maximpn
Copy link
Copy Markdown
Contributor

@maximpn maximpn commented May 17, 2026
edited
Loading

Resolves: #262697
Figma Design (internal)

Summary

Adds the MVP UI for the Rule Changes History feature. When the ruleChangesHistoryEnabled experimental feature flag is enabled, a new Changes history tab appears on the rule details page. The tab shows a timeline of recorded rule changes, and each entry can be expanded in a flyout with an Overview tab (summary of what changed) and a Change details tab (field-level diff).

Details

API / data layer

  • Adds fetchRuleChangesHistory call to rule_management/api/api.ts
  • Adds useChangeHistory React hook for paginated history fetching
  • Registers the /rules/id/:ruleId/history route in rules/routes.tsx
  • Adds RuleChangeHistoryItem type to logic/types.ts

UI components

  • ChangeHistoryTable — timeline list of rule changes with ChangeHistoryTimelineItem rows and ChangedFieldsBadges
  • ChangeHistoryFlyout — detail flyout with header, actions, Overview and Change details tabs; describeAction and extractChangedFieldNames utilities

Screenshots

  • Prebuilt rule changes history
image image image
  • Custom rule changes history
image image image

How to test

  1. Enable the ruleChangesHistoryEnabled feature flag in kibana.dev.yml: 
    xpack.securitySolution.enableExperimental: ['ruleChangesHistoryEnabled']
  2. Open a detection rule's details page. A Changes history tab should appear.
  3. Make one or more changes to the rule (e.g. edit the name or severity) and navigate back to the tab — each change should appear as a timeline entry.
  4. Click an entry to open the flyout. Verify the Overview and Change details tabs render correctly.
  5. Disable the flag and confirm the tab is no longer visible.

@maximpn maximpn added enhancement New value added to drive a business result release_note:skip Skip the PR/issue when compiling release notes backport:skip This PR does not require backporting Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Feature:Rule Management Security Solution Detection Rule Management area Team:Detection Rule Management Security Detection Rule Management Team v9.5.0 labels May 17, 2026
@maximpn maximpn self-assigned this May 17, 2026
@maximpn maximpn force-pushed the changes-history/mvp-ui branch from 6e05c19 to 5854035 Compare May 28, 2026 15:28
@maximpn maximpn added ci:cloud-deploy Create or update a Cloud deployment ci:cloud-persist-deployment Persist cloud deployment indefinitely labels May 28, 2026
@maximpn maximpn force-pushed the changes-history/mvp-ui branch from 07e26b0 to b6b21d0 Compare May 28, 2026 18:11
@maximpn maximpn requested a review from sdesalas May 28, 2026 19:34
@maximpn maximpn marked this pull request as ready for review May 28, 2026 19:35
@maximpn maximpn requested review from a team as code owners May 28, 2026 19:35
@infra-vault-gh-plugin-prod
Copy link
Copy Markdown

infra-vault-gh-plugin-prod Bot commented May 28, 2026

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@infra-vault-gh-plugin-prod
Copy link
Copy Markdown

infra-vault-gh-plugin-prod Bot commented May 28, 2026

Pinging @elastic/security-solution (Team: SecuritySolution)

@infra-vault-gh-plugin-prod
Copy link
Copy Markdown

infra-vault-gh-plugin-prod Bot commented May 28, 2026

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

@maximpn maximpn removed ci:cloud-deploy Create or update a Cloud deployment ci:cloud-persist-deployment Persist cloud deployment indefinitely labels May 28, 2026
@maximpn maximpn linked an issue May 28, 2026 that may be closed by this pull request
[Security Solution] Implement Rule Changes History UI #262697
Open
8 tasks
@maximpn maximpn requested a review from a team as a code owner May 29, 2026 11:57
@maximpn maximpn mentioned this pull request May 29, 2026
Merged
maximpn added a commit that referenced this pull request May 29, 2026
@maximpn
[Security Solution] Fix rule snooze/unsnooze change history logging (#…
cbdf086 
…271908)

**Epic:** elastic/security-team#12367 (internal)
**Follow-up to: #267350
**Related to: #269617

## Summary

Fixed rule change tracking instrumentation for RulesClient snooze and unsnooze methods.

## Details

`snoozeRule` and `unsnoozeRule` in `RulesClient` perform an OCC (optimistic concurrency control) update that only modifies snooze-related attributes. The saved object returned by that update contains only the updated partial attributes, not the complete rule document. Passing that partial object to `logRuleChanges` caused the change history record to be missing required rule fields, breaking change tracking for snooze and unsnooze actions.

The fix merges the original pre-update `attributes` with `updatedRuleRaw.attributes` so that `logRuleChanges` always receives a complete rule document.

Issues were discovered during e2e testing of the UI in #269617.

- `snooze_rule.ts`: Merge original `attributes` with `updatedRuleRaw.attributes` before passing the saved object to `logRuleChanges`.
- `unsnooze_rule.ts`: Same fix.
- `snooze_rule.test.ts`, `unsnooze_rule.test.ts`: Add test cases that verify `logRuleChanges` is called with the fully merged attributes.
@maximpn maximpn force-pushed the changes-history/mvp-ui branch from 1ae5329 to dc53c21 Compare May 29, 2026 15:35
@maximpn maximpn added release_note:feature Makes this part of the condensed release notes and removed release_note:skip Skip the PR/issue when compiling release notes labels May 31, 2026
@kibanamachine
Copy link
Copy Markdown
Contributor

kibanamachine commented May 31, 2026

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] Jest Tests #5 / AssetDocumentTab should select json tab when clicked
  • [job] [logs] FTR Configs #147 / Serverless Common UI - Home Page Sample data in serverless Sample data loads

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 9585 9606 +21

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 12.1MB 12.1MB +24.7KB

History

cc @maximpn

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sdesalas sdesalas Awaiting requested review from sdesalas

At least 1 approving review is required to merge this pull request.

Assignees

@maximpn maximpn

Labels

backport:skip This PR does not require backporting ci:build-cloud-image enhancement New value added to drive a business result Feature:Rule Management Security Solution Detection Rule Management area release_note:feature Makes this part of the condensed release notes Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v9.5.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Security Solution] Implement Rule Changes History UI

2 participants

@maximpn @kibanamachine