Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Make rule upgrade/_perform and installation/_perform endpoints install the latest versions of prebuilt timeline templates #152860

Closed
banderror opened this issue Mar 7, 2023 · 2 comments · Fixed by #159694
Closed

[Security Solution] Make rule upgrade/_perform and installation/_perform endpoints install the latest versions of prebuilt timeline templates #152860

banderror opened this issue Mar 7, 2023 · 2 comments · Fixed by #159694
Assignees
@xcrzx
Labels
8.9 candidate Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.

Comments

@banderror
Copy link
Contributor

Epic: https://github.com/elastic/security-team/issues/1974 (internal)
Related to: #148184, #148186

Summary

We need the two new endpoints to install the latest versions of prebuilt timeline templates because:

  1. That's what the legacy PUT /api/detection_engine/rules/prepackaged was doing.
  2. Some prebuilt rules reference prebuilt timeline templates. When users installs or upgrades prebuilt rules, we want to make sure they get the latest timeline templates that are consistent with the rules.

Let's keep it simple: this implementation should work the same way as in the PUT /api/detection_engine/rules/prepackaged endpoint -- no shipping timeline templates via the package with prebuilt rules is required.
@banderror banderror added Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Detection Rule Management Security Detection Rule Management Team Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules 8.8 candidate labels Mar 7, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@xcrzx xcrzx mentioned this issue Jun 14, 2023
Merged
xcrzx added a commit that referenced this issue Jun 15, 2023
@xcrzx
[Security Solution] Add timelines installation to the new rule upgrad…
16193c6 
…e/install endpoints (#159694)

**Resolves: #152860

To replicate the behavior of the legacy prebuilt rule endpoint, this PR
introduces a call to install prebuilt timeline templates each time any
of the following endpoints are invoked:
- `POST /internal/detection_engine/prebuilt_rules/installation/_perform`
- `POST /internal/detection_engine/prebuilt_rules/upgrade/_perform`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@xcrzx xcrzx

Labels
8.9 candidate Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Projects
None yet
Milestone
No milestone
3 participants
@xcrzx @banderror @elasticmachine