From 15ac1cfc2320d94a8bf9b7a04dd3325d4763632a Mon Sep 17 00:00:00 2001 From: eric-forte-elastic Date: Tue, 25 Mar 2025 19:56:55 -0400 Subject: [PATCH 1/3] Update to custom-rules markdown location --- CLI.md | 2 +- detection_rules/custom_rules.py | 2 +- docs-dev/detections-as-code.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CLI.md b/CLI.md index 81da5ea516e..f5d5242ed97 100644 --- a/CLI.md +++ b/CLI.md @@ -481,7 +481,7 @@ Options: ### Exporting rules -This command should be run with the `CUSTOM_RULES_DIR` envvar set, that way proper validation is applied to versioning when the rules are downloaded. See the [custom rules docs](docs-dev/custom-rules.md) for more information. +This command should be run with the `CUSTOM_RULES_DIR` envvar set, that way proper validation is applied to versioning when the rules are downloaded. See the [custom rules docs](docs-dev/custom-rules-management.md) for more information. ``` python -m detection_rules kibana export-rules -h diff --git a/detection_rules/custom_rules.py b/detection_rules/custom_rules.py index befac07eab8..dd99006750e 100644 --- a/detection_rules/custom_rules.py +++ b/detection_rules/custom_rules.py @@ -15,7 +15,7 @@ from .utils import ROOT_DIR, get_etc_path, load_etc_dump DEFAULT_CONFIG_PATH = Path(get_etc_path('_config.yaml')) -CUSTOM_RULES_DOC_PATH = Path(ROOT_DIR).joinpath(REPO_DOCS_DIR, 'custom-rules.md') +CUSTOM_RULES_DOC_PATH = Path(ROOT_DIR).joinpath(REPO_DOCS_DIR, 'custom-rules-management.md') @root.group('custom-rules') diff --git a/docs-dev/detections-as-code.md b/docs-dev/detections-as-code.md index 59611dcf573..9fc223977cb 100644 --- a/docs-dev/detections-as-code.md +++ b/docs-dev/detections-as-code.md @@ -39,7 +39,7 @@ Feature requests for the DaC components that interact with the Elastic Security ## Reference Implementation of DaC Components -DaC is not a single tool. Detection as Code (DaC) is a modern security approach that applies software development best practices to the creation, management, and deployment of security rules. Here is a short summary of several components that extend upon Elastic's rule management capabilities (e.g. query validation, schema validation, unit tests, etc.) provided to help fast track users ability to implement custom DaC implementations in their private environments. If you are new to these concepts, please refer to the [DaC Documentation](https://dac-reference.readthedocs.io/en/latest/), which also provides a quickstart guide and example end-to-end CI/CD workflows. These components are configurable by using the [custom-rules](docs-dev/custom-rules.md) setup. +DaC is not a single tool. Detection as Code (DaC) is a modern security approach that applies software development best practices to the creation, management, and deployment of security rules. Here is a short summary of several components that extend upon Elastic's rule management capabilities (e.g. query validation, schema validation, unit tests, etc.) provided to help fast track users ability to implement custom DaC implementations in their private environments. If you are new to these concepts, please refer to the [DaC Documentation](https://dac-reference.readthedocs.io/en/latest/), which also provides a quickstart guide and example end-to-end CI/CD workflows. These components are configurable by using the [custom-rules](docs-dev/custom-rules-management.md) setup. - Kibana's Rule Versioning Mechanism ([link](https://dac-reference.readthedocs.io/en/latest/internals_of_the_detection_rules_repo.html#option-2-defer-to-elastic-security)) - Local rule management (e.g. autoschema generation, actions and exceptions) ([link](https://dac-reference.readthedocs.io/en/latest/internals_of_the_detection_rules_repo.html#option-1-using-the-built-in-configuration)) From 98c6f5c970c35a5d1177d7404c6783ea14739bdc Mon Sep 17 00:00:00 2001 From: eric-forte-elastic Date: Tue, 25 Mar 2025 20:00:33 -0400 Subject: [PATCH 2/3] bump version --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 3a0a0bd5128..b77688f818e 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [project] name = "detection_rules" -version = "1.0.0" +version = "1.0.1" description = "Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Security’s Detection Engine." readme = "README.md" requires-python = ">=3.12" From 814b45b345c78f9b6e7ba3cf5934b3ba3047967f Mon Sep 17 00:00:00 2001 From: eric-forte-elastic Date: Tue, 25 Mar 2025 20:04:15 -0400 Subject: [PATCH 3/3] Update link reference --- docs-dev/detections-as-code.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs-dev/detections-as-code.md b/docs-dev/detections-as-code.md index 9fc223977cb..148eab538e5 100644 --- a/docs-dev/detections-as-code.md +++ b/docs-dev/detections-as-code.md @@ -39,7 +39,7 @@ Feature requests for the DaC components that interact with the Elastic Security ## Reference Implementation of DaC Components -DaC is not a single tool. Detection as Code (DaC) is a modern security approach that applies software development best practices to the creation, management, and deployment of security rules. Here is a short summary of several components that extend upon Elastic's rule management capabilities (e.g. query validation, schema validation, unit tests, etc.) provided to help fast track users ability to implement custom DaC implementations in their private environments. If you are new to these concepts, please refer to the [DaC Documentation](https://dac-reference.readthedocs.io/en/latest/), which also provides a quickstart guide and example end-to-end CI/CD workflows. These components are configurable by using the [custom-rules](docs-dev/custom-rules-management.md) setup. +DaC is not a single tool. Detection as Code (DaC) is a modern security approach that applies software development best practices to the creation, management, and deployment of security rules. Here is a short summary of several components that extend upon Elastic's rule management capabilities (e.g. query validation, schema validation, unit tests, etc.) provided to help fast track users ability to implement custom DaC implementations in their private environments. If you are new to these concepts, please refer to the [DaC Documentation](https://dac-reference.readthedocs.io/en/latest/), which also provides a quickstart guide and example end-to-end CI/CD workflows. These components are configurable by using the [custom-rules](custom-rules-management.md) setup. - Kibana's Rule Versioning Mechanism ([link](https://dac-reference.readthedocs.io/en/latest/internals_of_the_detection_rules_repo.html#option-2-defer-to-elastic-security)) - Local rule management (e.g. autoschema generation, actions and exceptions) ([link](https://dac-reference.readthedocs.io/en/latest/internals_of_the_detection_rules_repo.html#option-1-using-the-built-in-configuration))