(05) — Case study

Bulk Edit for Rules — from one-by-one to fleet-wide.

Helping detection engineers apply bulk edits across all rules — or a tagged subset — so they can streamline workflows without losing the safety net of dry-run previews and rollback.

Client

Elastic · Security

Role

Lead Designer

Year

2022

Tools

Figma · Whimsical · Figjam

Showcase

Hi-fi designs & in-progress deliverables.

A look at the polished hi-fi mockups for the bulk edit drawer alongside the in-progress artifacts — flows, vision doc snippets, and journey maps — that shaped them.

Fig. 01 — Hi-fi design mockups

In-progress deliverables for Bulk Edit for Rules

Fig. 02 — In-progress deliverables

Process

Seven steps, short-term wins paired with a long-term vision.

The team needed something shippable for the next release and a north star that would survive the next two years. The process below splits each phase across those two horizons so neither one starves the other.

Design process · Elastic Security

Bulk Edit for Rules

Short-term release + long-term vision · Lead Designer: Yiyang Liu

01DiscoveryKickoff

Project kickoff — understand the problem

Sync with PM, eng, and detection engineers to frame the pain: rule-by-rule editing across thousands of detections doesn't scale. Align on north-star outcome and success signals.

FigmaGoogle DocPM + Eng kickoff

Problem statement

Detection engineers manage 1000+ rules and edit them one at a time

No safe way to roll out a change across a tagged subset

Existing bulk actions are limited to enable/disable

02DefinitionShort-term

Break down user problems & ACs → user workflow

Decompose epics into shippable ACs. Map the detection engineer's workflow end-to-end: filter, select, preview, edit, validate, commit.

Whimsical flowsAcceptance criteriaEdge case audit

03DesignShort-term

Wireframe based on user workflows

Translate flows into low-fi wireframes for the bulk edit drawer, selection patterns, conflict resolution, and dry-run preview before commit.

Figma wireframesSelection patternsDry-run preview

04VisionLong-term

E2E user journey map exercise

Workshop with PM, research, and partner detection engineers to map the journey from rule authoring to fleet-wide change — surfacing gaps the short-term release won't cover.

Figjam workshopJourney mapPartner engineers

Surfaced opportunities

Versioning + rollback as a first-class concept

Saved selections shared across the team

AI-assisted edits for common rule transformations

05VisionLong-term

Vision doc + delivery phases

Author a vision doc capturing the long-term north star, phased delivery (V1 bulk edit → V2 saved selections → V3 assisted edits), and the tradeoffs in each phase.

Google DocPhased roadmapTradeoff matrix

06ReviewWrap-up

Stakeholder review + internal testing

Walk PM, eng, design leadership, and security stakeholders through the short-term designs. Run internal dogfood sessions and capture blockers before sign-off.

Figma reviewInternal dogfoodSign-off log

07HandoffWrap-up

Documentation & team handoff

Publish specs to Github, link the vision doc, and run a short readout with eng + PM so the rollout team has everything they need to ship and instrument.

Github specsVision doc linkTeam readout

Fig. 03 — Design process, Bulk Edit for Rules

Reflection

Balancing Delivery and Vision

I learned that short-term releases and long-term strategy should be designed together. Solving today's problem while creating a foundation for future capabilities helped the team move quickly without sacrificing direction.

Designing for Scale

This project showed me how scale changes the nature of a problem. What starts as an editing task becomes a trust and risk-management challenge, making safeguards just as important as efficiency.

← Previous

Service Agreement Materials

Case study

Year End Form MVP & V1

Case study