Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] Add source_updated_at field to RuleResponse via ResponseFields #174740

Open
Tracked by #179907
jpdjere opened this issue Jan 12, 2024 · 3 comments
Open
Tracked by #179907
Labels
Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.

Comments

@jpdjere
Copy link
Contributor

jpdjere commented Jan 12, 2024

Epic: #174168
Related to: elastic/detection-rules#2826
Depends on: #176286, #175680

Summary

We're going to add a new optional field source_updated_at to prebuilt rule assets (saved objects of type security-rule) we ship via the package with prebuilt rules. The TRADE team is working on it as part of elastic/detection-rules#2826. We are adding this field to the assets' schema in #176286.

Besides adding this field to the schema of PrebuiltRuleAsset, we need to make it part of our rule schema and available for use as part of the response of the POST /prebuilt_rules/installation/_review and POST /prebuilt_rules/upgrade/_review responses.

The location of this field within our schema is still TBD, based on the RFC for Prebuilt Rule Customization.. See section Necessary rule schema changes for details.

But TL;DR: we'll be adding a new prebuilt object at the root level, where this new field should live (as it only applies to prebuilt rules):

{  
  prebuilt?: {
    isPrebuilt: boolean;
    sourceUpdatedAt?: ISO Date
  }  
}
@botelastic botelastic bot added the needs-team Issues missing a team label label Jan 12, 2024
@dej611 dej611 added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Jan 12, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@botelastic botelastic bot removed the needs-team Issues missing a team label label Jan 12, 2024
@jpdjere jpdjere added 8.13 candidate Team:Detection Rule Management Security Detection Rule Management Team Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area and removed 8.13 candidate labels Jan 12, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

@jpdjere jpdjere changed the title [Security Solution] [Prebuilt Rules Customization] Add elastic_last_updated field to Prebuilt Rule schema [Security Solution] [Prebuilt Rules Customization] Add elastic_update_date field to Prebuilt Rule schema Jan 29, 2024
@banderror banderror changed the title [Security Solution] [Prebuilt Rules Customization] Add elastic_update_date field to Prebuilt Rule schema [Security Solution] Add source_updated_at field to RuleResponse via ResponseFields Feb 6, 2024
@banderror banderror added the Team:Detections and Resp Security Detection Response Team label Feb 6, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Projects
None yet
Development

No branches or pull requests

4 participants