Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Implement MITRE ATT&CK® field diff algorithm #187660

Open
6 tasks
Tracked by #179907
banderror opened this issue Jul 5, 2024 · 3 comments
Open
6 tasks
Tracked by #179907

[Security Solution] Implement MITRE ATT&CK® field diff algorithm #187660

banderror opened this issue Jul 5, 2024 · 3 comments
Assignees
@dplumlee
Labels
enhancement New value added to drive a business result Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.

Comments

@banderror
Copy link
Contributor

banderror commented Jul 5, 2024
edited
Loading

Epics: https://github.com/elastic/security-team/issues/1974 (internal), #174168

Summary

Implement an algorithm for diffing and merging changes in ThreatArray. It should be applied to:

kibana/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts

Line 92 in 1040bae

threat: ThreatArray,

Context from the Rule Customization RFC:

To do

  • Step 1 (separate PR)
    • Implement the algorithm and cover it with unit tests.
  • Step 2 (separate PR)
    • Apply the algorithm to the corresponding rule field. It will become used in the upgrade/_review endpoint.
    • Write a test plan covering rule upgrade scenarios for the field.
    • Add test coverage according to the test plan (integration tests, primarily?).
@banderror banderror added triage_needed Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Detection Rule Management Security Detection Rule Management Team Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules labels Jul 5, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

@banderror banderror mentioned this issue Jul 5, 2024
Open
@banderror banderror changed the title [Security Solution] Implement MITRE ATT&CK® field diff algorithm (DRAFT) [Security Solution] Implement MITRE ATT&CK® field diff algorithm Jul 5, 2024
@banderror banderror added the enhancement New value added to drive a business result label Jul 5, 2024
@banderror banderror mentioned this issue Oct 9, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dplumlee dplumlee

Labels
enhancement New value added to drive a business result Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@banderror @elasticmachine @dplumlee