[Security Solution] Implement rule type diff algorithm #190482
Assignees
Labels
8.16 candidate
enhancement
New value added to drive a business result
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
v8.16.0
Comments
xcrzx
added
triage_needed
Team:Detections and Resp
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
banderror
changed the title
4 tasks
This was referenced Sep 18, 2024
dplumlee
added a commit
that referenced
this issue
Sep 30, 2024
…193372) ## Summary Related ticket: #190482 Adds test plan for diff algorithm for `type` field diff algorithm implemented here: #193369 ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Sep 30, 2024
…lastic#193372) ## Summary Related ticket: elastic#190482 Adds test plan for diff algorithm for `type` field diff algorithm implemented here: elastic#193369 ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) (cherry picked from commit fefa59f)
dplumlee
added a commit
that referenced
this issue
Sep 30, 2024
## Summary Addresses #190482 Adds the diff algorithm implementation for the prebuilt rule `type` field. Returns `target_version` and a `NON_SOLVABLE` conflict for every outcome that changes the field. ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Sep 30, 2024
## Summary Addresses elastic#190482 Adds the diff algorithm implementation for the prebuilt rule `type` field. Returns `target_version` and a `NON_SOLVABLE` conflict for every outcome that changes the field. ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) (cherry picked from commit 18465e7)
dplumlee
added a commit
that referenced
this issue
Oct 8, 2024
…rithms (#193375) ## Summary Completes #190482 Switches rule `type` field to use the implemented diff algorithms assigned to them in #193369 Adds integration tests in accordance to #193372 for the `upgrade/_review` API endpoint for the rule `type` field diff algorithm. Also fixes some nested bracket misalignment that occurred in earlier PRs with some test files ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Oct 8, 2024
…rithms (elastic#193375) ## Summary Completes elastic#190482 Switches rule `type` field to use the implemented diff algorithms assigned to them in elastic#193369 Adds integration tests in accordance to elastic#193372 for the `upgrade/_review` API endpoint for the rule `type` field diff algorithm. Also fixes some nested bracket misalignment that occurred in earlier PRs with some test files ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) (cherry picked from commit e119d83)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Epics: https://github.com/elastic/security-team/issues/1974 (internal), #174168
Related to: #180395
Summary
Implement an algorithm for diffing the
typefield of detection rules. Requirements:targetversion as themergedone.upgrade/_reviewAPI response such rules should be marked as having unsolvable conflicts.typeto any version other than thetarget. This should be implemented under the hood in theupgrade/_performendpoint in [Security Solution] Extend thePOST /upgrade/_performAPI endpoint's contract and functionality #166376. Thetypefield shouldn't be part of upgradeable fields that can be passed in the request body -- FYI @jpdjereContext from the Rule Customization RFC:
To do
typefield diff algorithm #193369)typefield. It will become used in theupgrade/_reviewendpoint.typefield diff algorithm #193372typefield diff algorithms #193375The text was updated successfully, but these errors were encountered: