Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] Users can Customize Prebuilt Detection Rules: Milestone 4 (DRAFT) #179907

Open
1 of 45 tasks
banderror opened this issue Apr 3, 2024 · 3 comments
Open
1 of 45 tasks
Labels
Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules Meta Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.

Comments

@banderror
Copy link
Contributor

banderror commented Apr 3, 2024

Epic: https://github.com/elastic/security-team/issues/1974 (internal)
Milestones: << • >>

Status: Draft.

Summary

Milestone 4: Improve prebuilt rule customization, upgrade, and installation UX.

This meta ticket is created to simplify tracking of various tickets related to the epic, and to make this public information so our users can track the progress.

Useful info:

Product and UX improvements

Rule customization UX

  1. Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp enhancement needs product

Rule installation and upgrade UX

  1. Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp
  2. Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp triage_needed
  3. Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp enhancement
  4. Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp needs product
    approksiu

Rule upgrade, diff algorithms

  1. Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp enhancement
    dplumlee
  2. Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp enhancement
    dplumlee
  3. Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp enhancement
    dplumlee
  4. Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp
    dplumlee

"Last Updated" field in the UI

  1. backlog enhancement v8.10
  2. Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp
  3. Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp
  4. Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management

Bugs

Bugs: rule installation and upgrade

  1. Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug triage_needed
  2. Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:medium
    jpdjere
  3. Feature:Prebuilt Detection Rules Feature:Rule Actions Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:medium needs product sdh-linked
  4. Feature:Prebuilt Detection Rules Feature:Rule Exceptions Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:medium

Bugs: rule import and export

  1. Feature:Rule Import/Export Feature:Rule Management Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:high
    maximpn
  2. Feature:Rule Import/Export Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:high
  3. Feature:Rule Actions Feature:Rule Import/Export Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:medium needs product

Bugs: misc

  1. Feature:Rule Creation Feature:Rule Edit Team: SecuritySolution Team:Detection Engine Team:Detection Rule Management Team:Detections and Resp bug impact:medium performance
    maximpn
  2. Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:low

Technical improvements and debt

Schema migration from immutable to rule_source

  1. Feature:Alerting/RulesFramework Feature:Rule Management Team: SecuritySolution Team:Detection Engine Team:Detection Rule Management Team:Detections and Resp Team:ResponseOps
  2. Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp blocked
  3. Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp blocked
  4. Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp blocked
  5. Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp triage_needed

Fleet package with prebuilt rules

  1. Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp needs product
  2. Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp needs product
  3. Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp Team:Fleet
    kpollich
  4. Team:Ecosystem discuss

Refactoring

  1. Feature:Rule Management Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp refactoring
  2. Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp technical debt
  3. Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp performance refactoring
    jpdjere

Tests

  1. Feature:Rule Management Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp technical debt test-plan
    nikitaindik
  2. Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp technical debt test-coverage

Performance

  1. Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp performance

Misc

No tasks being tracked yet.
@banderror banderror added Meta Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Detection Rule Management Security Detection Rule Management Team Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules labels Apr 3, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules Meta Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Projects
None yet
Development

No branches or pull requests

2 participants