Skip to content

[Security Solution] Prebuilt rule deprecation test plan#259855

Open
dplumlee wants to merge 2 commits intoelastic:mainfrom
dplumlee:prebuilt-rule-deprecation-test-plan
Open

[Security Solution] Prebuilt rule deprecation test plan#259855
dplumlee wants to merge 2 commits intoelastic:mainfrom
dplumlee:prebuilt-rule-deprecation-test-plan

Conversation

@dplumlee
Copy link
Copy Markdown
Contributor

@dplumlee dplumlee commented Mar 26, 2026
edited
Loading

Summary

Epic: internal link
Implementation PR: #259673

Adds test plan for the prebuilt rule deprecation feature in /prebuilt_rule_deprecation.md using the existing template.

New scenarios:

  • [Default exclusion from existing flows]
    • [Scenario: Deprecated rules are excluded from install review]
    • [Scenario: Deprecated rules are excluded from upgrade review]
    • [Scenario: Deprecated rules are excluded from bootstrap]
    • [Scenario: Deprecated rules are excluded from fetchAssetsByVersion]
    • [Scenario: Deprecated rules are excluded from fetchLatestAssets]
  • [Status API: deprecated count]
    • [Scenario: Status API returns correct count of installed deprecated rules]
    • [Scenario: Status API returns zero when no installed rules are deprecated]
  • [Deprecation review API: no filter]
    • [Scenario: Review API returns all installed deprecated rules when no ids provided]
    • [Scenario: Review API returns installed rule name, not package name]
  • [Deprecation review API: with ids filter]
    • [Scenario: Review API filters by installed rule SO ids]
    • [Scenario: Review API returns empty when filtered rule is not deprecated]
    • [Scenario: Review API returns empty when filtered id does not exist]
  • [Deprecation review API: edge cases]
    • [Scenario: Review API respects MAX_DEPRECATED_RULES_TO_RETURN limit]
    • [Scenario: Review API handles package with no deprecated rules]
  • [Rule Management page: deprecation callout]
    • [Scenario: Callout appears when user has installed deprecated rules]
    • [Scenario: Callout does not appear when no deprecated rules are installed]
  • [Rule Management page: deprecated rules modal]
    • [Scenario: Modal lists all deprecated installed rules with links]
    • [Scenario: User can delete all deprecated rules from the modal]
    • [Scenario: Delete all button is disabled for read-only users]
  • [Rule Details page: deprecation callout]
    • [Scenario: Callout appears on deprecated prebuilt rule details page]
    • [Scenario: Callout does not appear on non-deprecated rule details page]
    • [Scenario: Callout does not appear on custom rule details page]
    • [Scenario: Action buttons are disabled for read-only users]
  • [Rule Details page: delete deprecated rule]
    • [Scenario: User can delete a deprecated rule from its details page]
  • [Rule Details page: duplicate and delete deprecated rule]
    • [Scenario: User can duplicate and delete a deprecated rule]
    • [Scenario: Original rule is not deleted if duplication fails]

@dplumlee dplumlee self-assigned this Mar 26, 2026
@dplumlee dplumlee added the release_note:skip Skip the PR/issue when compiling release notes label Mar 26, 2026
@dplumlee dplumlee requested a review from a team as a code owner March 26, 2026 18:38
@dplumlee dplumlee added the Team:Detections and Resp Security Detection Response Team label Mar 26, 2026
@dplumlee dplumlee requested a review from maximpn March 26, 2026 18:38
@dplumlee dplumlee added Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Detection Rule Management Security Detection Rule Management Team Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area backport:version Backport to applied version labels v9.4.0 labels Mar 26, 2026
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Mar 26, 2026

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Mar 26, 2026

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Mar 26, 2026

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

@dplumlee dplumlee requested a review from pborgonovi March 26, 2026 18:42
@nikitaindik nikitaindik requested review from nikitaindik and removed request for maximpn March 27, 2026 10:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pborgonovi pborgonovi Awaiting requested review from pborgonovi

@nikitaindik nikitaindik Awaiting requested review from nikitaindik

At least 1 approving review is required to merge this pull request.

Assignees

@dplumlee dplumlee

Labels

backport:version Backport to applied version labels Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area release_note:skip Skip the PR/issue when compiling release notes Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v9.4.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dplumlee @elasticmachine