Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Users can Customize Prebuilt Detection Rules: Milestone 4 (DRAFT) #179907

Open
1 of 45 tasks
banderror opened this issue Apr 3, 2024 · 3 comments
Open
1 of 45 tasks

[Security Solution] Users can Customize Prebuilt Detection Rules: Milestone 4 (DRAFT) #179907

banderror opened this issue Apr 3, 2024 · 3 comments
Labels
Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules Meta Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.

Comments

@banderror
Copy link
Contributor

banderror commented Apr 3, 2024
edited by xcrzx
Loading

Epic: https://github.com/elastic/security-team/issues/1974 (internal)
Milestones: << • >>

Status: Draft.

Summary

Milestone 4: Improve prebuilt rule customization, upgrade, and installation UX.

This meta ticket is created to simplify tracking of various tickets related to the epic, and to make this public information so our users can track the progress.

Useful info:

Product and UX improvements

Rule customization UX
Beta Give feedback
  4. [Security Solution] Include namespace of source indices in index patterns of prebuilt rules #183616
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp enhancement needs product

Rule installation and upgrade UX
Beta Give feedback
  1. [Security Solution] Show callouts when new prebuilt rules or rule updates are available #160270
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp
  2. [Security Solution] Implement filtering of Rule Installation and Rule Upgrade tables by Elastic Rules and Customized Elastic rules (DRAFT) #180396
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp triage_needed
  3. [Security Solution] Inform users about missing base versions during prebuilt rule upgrade #186880
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp enhancement
  5. [Security Solution] Indicate conflicting rules in the Rule Upgrade table (DRAFT) #190500
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp needs product
    approksiu

Rule upgrade, diff algorithms
Beta Give feedback
  1. [Security Solution] Implement array of objects diff algorithm #180161
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp enhancement
    dplumlee
  2. [Security Solution] Implement MITRE ATT&CK® field diff algorithm #187660
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp enhancement
    dplumlee
  3. [Security Solution] Implement query filters diff algorithm #190241
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp enhancement
    dplumlee
  4. [Security Solution] Assign proper diff algorithms to all rule fields #148191
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp
    dplumlee

"Last Updated" field in the UI
Beta Give feedback
  1. [FR] Add source_updated_at to Rule Schema as a Build Time Field detection-rules#2826
    backlog enhancement v8.10
  2. [Security Solution] Add source_updated_at field to PrebuiltRuleAsset #176286
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp
  3. [Security Solution] Add source_updated_at field to RuleResponse via ResponseFields #174740
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp
  4. [Security Solution] [Prebuilt Rules Customization] Add "Last Updated" column in the Add Elastic Rules and Rule Updates tables #174767
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management

Bugs

Bugs: rule installation and upgrade
Beta Give feedback
  1. [Security Solution] Installing prebuilt rules by 2 users at the same time causes rules to be duplicated (DRAFT) #180196
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug triage_needed
  2. [Security Solution] Rule Update failure on 8.13 from 7.17.18 #177852
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:medium
    jpdjere
  3. [Security Solution] Error when upgrading a rule that has an action referencing a deleted connector #198771
    Feature:Prebuilt Detection Rules Feature:Rule Actions Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:medium needs product sdh-linked
  4. [Security Solution] Rule is not updated and is followed by 'Rule failed to update' message when user attempts to upgrade a rule linked to a deleted shared exception list #198845
    Feature:Prebuilt Detection Rules Feature:Rule Exceptions Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:medium

Bugs: rule import and export
Beta Give feedback
  1. [Security Solution] Rule import creates extra rules while importing a large number of rules #176207
    Feature:Rule Import/Export Feature:Rule Management Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:high
    maximpn
  2. [Security Solution] Prevent creation of rules with the same rule_id when importing rules concurrently #177283
    Feature:Rule Import/Export Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:high
  3. [Security Solution] Error when exporting a rule that has an action referencing a deleted connector #178221
    Feature:Rule Actions Feature:Rule Import/Export Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:medium needs product

Bugs: misc
Beta Give feedback
  1. [Security Solution] Large number of related integrations can impact performance on rule creation/edit form #183607
    Feature:Rule Creation Feature:Rule Edit Team: SecuritySolution Team:Detection Engine Team:Detection Rule Management Team:Detections and Resp bug impact:medium performance
    maximpn
  2. [Security Solution] See what's new in Prebuilt Security Detection Rules link on Add Elastic Rules page works with clicking anywhere on the blank space available on the right side of the page. #194275
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp bug impact:low

Technical improvements and debt

Schema migration from immutable to rule_source
Beta Give feedback
  1. [Security Solution] Detection rule migration mechanism #187651
    Feature:Alerting/RulesFramework Feature:Rule Management Team: SecuritySolution Team:Detection Engine Team:Detection Rule Management Team:Detections and Resp Team:ResponseOps
  2. [Security Solution] Migrate security rules encrypted saved objects to new schema with ruleSource field (BLOCKED) #184113
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp blocked
  3. [Security Solution] Update rule searching to search by rule_source (BLOCKED) #180126
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp blocked
  4. [Security Solution] Mark immutable as optional in the internal rule schema and stop writing it to rules (BLOCKED) #182573
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp blocked
  5. [Security Solution] Deprecate the immutable field (DRAFT)(BLOCKED) #180269
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp triage_needed

Fleet package with prebuilt rules
Beta Give feedback
  1. [Security Solution] Splitting the package with prebuilt rules #187648
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp needs product
  2. [Security Solution] Alternative mechanism for distributing prebuilt rules #187649
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp needs product
  3. [Fleet] Stream-based programmatic API for installing packages #187646
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp Team:Fleet
    kpollich
  4. Support "content-only" integrations package-spec#351
    Team:Ecosystem discuss

Refactoring
Beta Give feedback
  1. [Security Solution] DetectionRulesClient refactoring. Part 3 #187656
    Feature:Rule Management Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp refactoring
  2. [Security Solution] Implement a Zod transformation from snake_case to camelCase and vice versa #180121
    Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp technical debt
  3. [Security Solution] Improve rule diff algorithm performance by splitting diff calculation into async chunks #180164
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp performance refactoring
    jpdjere

Tests
Beta Give feedback
  1. [Security Solution] Move existing test plans of Rules Management team from Google docs to Kibana repo #180451
    Feature:Rule Management Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp technical debt test-plan
    nikitaindik
  2. [Security Solution] Write tests for filtering, sorting, pagination in the Rule Installation and Upgrade tables #166215
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp technical debt test-coverage

Performance
Beta Give feedback
  1. [Security Solution] /upgrade/_perform performance improvements #199101
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp performance

Misc
Beta Give feedback
No tasks being tracked yet.
@banderror banderror added Meta Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Detection Rule Management Security Detection Rule Management Team Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules labels Apr 3, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

@banderror banderror mentioned this issue May 16, 2024
Open
@banderror banderror mentioned this issue Jun 25, 2024
Open
@banderror banderror mentioned this issue Jul 5, 2024
Open
@banderror banderror mentioned this issue Sep 27, 2024
Open
This was referenced Nov 4, 2024
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules Meta Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@banderror @elasticmachine