-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Remove exceptions_list
, author
and license
from Diffable Rule
#196213
Closed
Tracked by
#174168
Labels
8.16 candidate
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules area
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
v8.16.0
Comments
jpdjere
added
bug
Fixes for quality problems that affect the customer experience
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
triage_needed
labels
Oct 14, 2024
Pinging @elastic/security-solution (Team: SecuritySolution) |
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
jpdjere
added
8.16 candidate
and removed
bug
Fixes for quality problems that affect the customer experience
labels
Oct 14, 2024
jpdjere
changed the title
[Security Solution] Remove
[Security Solution] Remove Oct 15, 2024
exceptions_list
and alert_suppression
from Diffable Ruleexceptions_list
from Diffable Rule
jpdjere
changed the title
[Security Solution] Remove
[Security Solution] Remove Oct 15, 2024
exceptions_list
from Diffable Ruleexceptions_list
, author
and license
from Diffable Rule
This was referenced Oct 15, 2024
Open
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Oct 18, 2024
…from Diffable Rule (elastic#196561) Resolves: elastic#196213 ## Summary Excludes the fields `exceptions_list`, `author` and `license` from the `DiffableRule` definition. This will: - prevent them from appearing in the Three Way Diff component - prevent them from being able to be passed as a value in the `fields` object of the `/upgrade/_perform` endpoint to set a specific `pick_version` for it (NOTE: the current logic already forces `exceptions_list` to upgrade to the CURRENT version, but removing it from DiffableRule, will completely remove the from the payload schema, and the endpoint will then throw a validation error if included, rather than silently ignoring it) ## Screenshots ### Before ![image](https://github.com/user-attachments/assets/aacd0b43-bb29-46d0-990d-c669224c1451) ### After ![image](https://github.com/user-attachments/assets/e568ca7f-03fc-42d6-8879-d3f23558ae9d) ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) (cherry picked from commit 716fdb2)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Oct 18, 2024
…from Diffable Rule (elastic#196561) Resolves: elastic#196213 ## Summary Excludes the fields `exceptions_list`, `author` and `license` from the `DiffableRule` definition. This will: - prevent them from appearing in the Three Way Diff component - prevent them from being able to be passed as a value in the `fields` object of the `/upgrade/_perform` endpoint to set a specific `pick_version` for it (NOTE: the current logic already forces `exceptions_list` to upgrade to the CURRENT version, but removing it from DiffableRule, will completely remove the from the payload schema, and the endpoint will then throw a validation error if included, rather than silently ignoring it) ## Screenshots ### Before ![image](https://github.com/user-attachments/assets/aacd0b43-bb29-46d0-990d-c669224c1451) ### After ![image](https://github.com/user-attachments/assets/e568ca7f-03fc-42d6-8879-d3f23558ae9d) ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) (cherry picked from commit 716fdb2)
banderror
added
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules area
v8.16.0
and removed
triage_needed
labels
Oct 21, 2024
5 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
8.16 candidate
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules area
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
v8.16.0
Epics: https://github.com/elastic/security-team/issues/1974 (internal), #174168
Also see related Slack discussion: https://elastic.slack.com/archives/C02HA9E8221/p1728997234244849
Currently, the fields
exceptions_list
,author
andlicense
are part of the DiffableRule definition. This means that:However, since we decided in #186544, that these fields would need to be always updated to their CURRENT version, or TARGET version (
author
andlicense
) it makes no sense for them to be displayed in the Three Way Diff component during Rule Upgrade. Also, no Prebuilt Rules containexceptions_list
.Therefore, exclude them from the DiffableRule definition.
This will:
fields
object of the/upgrade/_perform
endpoint to set a specificpick_version
for it (NOTE: the current logic already forcesexceptions_list
to upgrade to the CURRENT version, but removing it from DiffableRule, will completely remove the from the payload schema, and the endpoint will then throw a validation error if included, rather than silently ignoring it)The text was updated successfully, but these errors were encountered: