Description

We are adding the ability to fetch prebuilt rule's base versions and revert customized prebuilt rules to those base versions. This has been done via adding multiple API endpoints and UI to the rule details page to both view and revert prebuilt rules.

Following endpoints added:

• GET /internal/detection_engine/prebuilt_rules/base_version
• POST /internal/detection_engine/prebuilt_rules/revert

Screenshots for the feature and edge cases can be found in the implementation PR.

Resources

Initial implementation PR: elastic/kibana#223301

Overall tickets:

• [Security Solution] Rule Details page: allow to revert a customized prebuilt rule back to its base version kibana#215506
• [Security Solution] Rule Details page: show what fields are customized and what are these customizations exactly kibana#207172

Which documentation set does this change impact?

Elastic On-Prem and Cloud (all)

Feature differences

This feature is identical on all deployment methods

What release is this request related to?

9.1

Serverless release

The week of June 30th

Collaboration model

The documentation team

Point of contact.

Main contact: @dplumlee

Stakeholders: @elastic/security-detection-rule-management @approksiu