[Security Solution] Add source_updated_at
field to RuleResponse
via ResponseFields
#174740
Labels
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules area
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Epic: #174168
Related to: elastic/detection-rules#2826
Depends on: #176286, #175680
Summary
We're going to add a new optional field
source_updated_at
to prebuilt rule assets (saved objects of typesecurity-rule
) we ship via the package with prebuilt rules. The TRADE team is working on it as part of elastic/detection-rules#2826. We are adding this field to the assets' schema in #176286.Besides adding this field to the schema of
PrebuiltRuleAsset
, we need to make it part of our rule schema and available for use as part of the response of thePOST /prebuilt_rules/installation/_review
andPOST /prebuilt_rules/upgrade/_review
responses.The location of this field within our schema is still TBD, based on the RFC for Prebuilt Rule Customization.. See section
Necessary rule schema changes
for details.But TL;DR: we'll be adding a new
prebuilt
object at the root level, where this new field should live (as it only applies to prebuilt rules):The text was updated successfully, but these errors were encountered: