[Security Solution][Alerts] Show invocation count explicitly in rule preview · elastic/kibana#146933

(1 comment) (0 reactions) (0 assignees)TypeScript (19,065 stars) (8,021 forks)batch import

Feature:Detection Rule PreviewTeam: SecuritySolutionTeam:Detection Engineeffort:lowenhancementgood first issuevalue:low

Description

With the default rule preview timeframe (last hour) and rule interval (5 minutes), the rule preview will run 12 simulated rule executions in order to cover the last hour. This can be confusing if a user runs the preview with these default settings, then creates the rule and enables it but sees no results because a single rule execution only covers the last rule interval. It could be easy to miss or forget as a user that the preview functionality is covering the larger timeframe by simulating multiple rule executions.

We should consider adding a UX element to call out the number of simulated rule executions that will be executed when the user initiates the preview, e.g. text like "The current preview settings will simulate running the rule X times to cover the selected timeframe", where X is the invocationCount passed to the preview API.

Contributor guide

Tech stack: typescriptreact
Domain: frontenddeveloper experience
Issue type: feature
Difficulty: 3
Estimated time: 1-3 hours
Activity status: fresh
Clarity: clear
Prerequisites: ReactKibana UI components
Newbie friendliness: 70
Research direction: Locate the rule preview UI component, likely in the Security Solution app. Search for 'invocationCount' in the codebase to find where the preview API is called. The component should display text like 'The current preview settings will simulate running the rule X times'. Check for any existing translation strings or UI patterns in the same area.