[Security Solution] Implement overall rule diff algorithm #148189
Labels
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
v8.9.0
Comments
banderror
added
triage_needed
Team:Detections and Resp
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
12 tasks
banderror
added a commit
that referenced
this issue
Mar 8, 2023
… initial implementation (#148392) **Addresses:** #148181, #148182, #148185 **Partially addresses:** #148183, #148189 ## Summary Based on the [POC](#144060), this PR adds 4 endpoints for the new upgrade and installation workflows for prebuilt rules: - `GET /internal/detection_engine/prebuilt_rules/status` - `POST /internal/detection_engine/prebuilt_rules/upgrade/_review` - `POST /internal/detection_engine/prebuilt_rules/installation/_review` - `POST /internal/detection_engine/prebuilt_rules/_generate_assets` (temporary helper endpoint for development and testing) The new endpoints are hidden behind a feature flag and can be enabled by the following config setting: ```yaml xpack.securitySolution.enableExperimental: ['prebuiltRulesNewUpgradeAndInstallationWorkflowsEnabled'] ``` ## In the next episodes Will be done later in follow-up PRs: - Implementation of some additional response properties for the `upgrade/_review` endpoint: - #148183 - Making base versions optional for diff calculation (we need to support this in order to be able to still show diffs for rule assets coming from packages without historical versions): - #148189 - Further development of the diff algorithm: - #148191 - Test coverage: - #148192
bmorelli25
pushed a commit
to bmorelli25/kibana
that referenced
this issue
Mar 10, 2023
… initial implementation (elastic#148392) **Addresses:** elastic#148181, elastic#148182, elastic#148185 **Partially addresses:** elastic#148183, elastic#148189 ## Summary Based on the [POC](elastic#144060), this PR adds 4 endpoints for the new upgrade and installation workflows for prebuilt rules: - `GET /internal/detection_engine/prebuilt_rules/status` - `POST /internal/detection_engine/prebuilt_rules/upgrade/_review` - `POST /internal/detection_engine/prebuilt_rules/installation/_review` - `POST /internal/detection_engine/prebuilt_rules/_generate_assets` (temporary helper endpoint for development and testing) The new endpoints are hidden behind a feature flag and can be enabled by the following config setting: ```yaml xpack.securitySolution.enableExperimental: ['prebuiltRulesNewUpgradeAndInstallationWorkflowsEnabled'] ``` ## In the next episodes Will be done later in follow-up PRs: - Implementation of some additional response properties for the `upgrade/_review` endpoint: - elastic#148183 - Making base versions optional for diff calculation (we need to support this in order to be able to still show diffs for rule assets coming from packages without historical versions): - elastic#148189 - Further development of the diff algorithm: - elastic#148191 - Test coverage: - elastic#148192
xcrzx
added a commit
that referenced
this issue
Apr 19, 2023
2 tasks
|
Moved leftovers to #166388 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Epic: https://github.com/elastic/security-team/issues/1974 (internal)
Related to: #144060
Summary
Implement the overall structure of the rule diff algorithm. Finalize the draft implementation made in #144060.
Todo
The text was updated successfully, but these errors were encountered: