[RFC] Advance Entity Field Set to Stage 1#2461
Merged
tinnytintin10 merged 10 commits intomainfrom Apr 23, 2025
Merged
Conversation
Contributor
Author
|
@mjwolf, to what level of detail are we supposed to document usage and source data sections in a stage 1 RFC? Does the current level of detail I provide suffice? Also, for the concerns section, are we supposed to update that during the PR review process or upfront (I guess a mix of both but wanted to clarify)? Thanks! |
tinnytintin10
requested review from
JordanSh,
eyalkraft,
kubasobon,
maxcold,
opauloh,
oren-zohar,
orouz and
romulets
maxcold
reviewed
Apr 1, 2025
maxcold
reviewed
Apr 1, 2025
maxcold
reviewed
Apr 1, 2025
mjwolf
reviewed
Apr 1, 2025
romulets
reviewed
Apr 8, 2025
orouz
reviewed
Apr 9, 2025
romulets
added a commit
to romulets/kibana
that referenced
this pull request
Apr 11, 2025
eyalkraft
approved these changes
Apr 22, 2025
| description: > | ||
| A standardized high-level classification of the entity. This provides a normalized way | ||
| to group similar entities across different providers or systems. | ||
| example: bucket, database, container, function, queue, host, user, loadbalancer |
There was a problem hiding this comment.
nit: I think bucket would be a sub_type of type: object-storage.
edit: I see aws_s3_bucket is listed on sub_type already.
I guess this is just a small example for why the entity.type extensive list/ governance process suggested in the PR is a good idea :)
romulets
approved these changes
Apr 22, 2025
maxcold
approved these changes
Apr 22, 2025
orouz
approved these changes
Apr 22, 2025
opauloh
approved these changes
Apr 23, 2025
5 tasks
mjwolf
approved these changes
Apr 23, 2025
4 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR advances the Entity Field Set RFC (0049) from Stage 0 (strawperson) to Stage 1 (draft).
Changes Since Stage 0
Since the initial Stage 0 proposal (PR #2434), the following additions have been made:
Added a "Usage" section highlighting how the entity field set enables normalized entity data querying and its role in the upcoming security solution inventory experience
Added "Source data" section explaining how the field set's taxonomy allows entity modeling from any data source
Added "Concerns" section addressing potential challenges (To Do)
Added subject matter experts to the "People" section
Created YAML schema definition in the
rfcs/text/0049/directoryNext Steps
After advancing to Stage 1, we plan to: