[Security Solution] Implement data source fields diff algorithm #187659
Assignees
Labels
8.16 candidate
enhancement
New value added to drive a business result
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
v8.16.0
Comments
banderror
added
triage_needed
Team:Detections and Resp
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
banderror
changed the title
2 tasks
1 task
dplumlee
added a commit
that referenced
this issue
Aug 1, 2024
…ce` field (#188874) ## Summary Related ticket: #187659 Adds the diff algorithm and unit test coverage for the `data_source` field we use in the prebuilt rules customization workflow. This field is a custom grouped field that combines the `data_view_id` field and `index_pattern` field that are used interchangeably of one another on the rule type for a rule's data source. ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
3 tasks
dplumlee
added a commit
that referenced
this issue
Aug 9, 2024
…9669) ## Summary Related ticket: #187659 Adds test plan for diff algorithm for arrays of scalar values implemented here: #188874 ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
dplumlee
added a commit
that referenced
this issue
Aug 9, 2024
…gorithm (#189744) ## Summary Completes #187659 Switches `data_source` fields to use the implemented diff algorithm assigned to them in #188874 Adds integration tests in accordance to #189669 for the `upgrade/_review` API endpoint for the `data_source` field diff algorithm. ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Epics: https://github.com/elastic/security-team/issues/1974 (internal), #174168
Summary
Implement an algorithm for diffing and merging changes in
RuleDataSource. It should be applied to:kibana/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts
Line 122 in 1040bae
kibana/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts
Line 134 in 1040bae
kibana/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts
Line 146 in 1040bae
kibana/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts
Line 174 in 1040bae
kibana/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts
Line 189 in 1040bae
kibana/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts
Line 212 in 1040bae
Context from the Rule Customization RFC:
To do
data_sourcefield #188874upgrade/_reviewendpoint.data_sourcefield diff algorithm test plan #189669data_sourcefield diff algorithm #189744The text was updated successfully, but these errors were encountered: