Skip to content

[9.0] [Security Solution] Improving documentations for bulk_actions (#216852) #217717

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
kibanamachine merged 1 commit into from
Apr 9, 2025
Merged

[9.0] [Security Solution] Improving documentations for bulk_actions (#216852) #217717

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
787 changes: 741 additions & 46 deletions oas_docs/output/kibana.serverless.yaml
View file
Open in desktop

Large diffs are not rendered by default.

787 changes: 741 additions & 46 deletions oas_docs/output/kibana.yaml
View file
Open in desktop

Large diffs are not rendered by default.

57 changes: 54 additions & 3 deletions ...lution/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.gen.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -240,6 +240,13 @@ export const NormalizedRuleAction = z
})
.strict();

/**
* Edits rule actions of rules.

- `add_rule_actions` adds rule actions to rules. This action is non-idempotent, meaning that even if the same rule action already exists for a rule, it will be added again with a new unique ID.
- `set_rule_actions` sets rule actions for rules. This action is non-idempotent, meaning that even if the same set of rule actions already exists for a rule, it will be set again and the actions will receive new unique IDs.

*/
export type BulkActionEditPayloadRuleActions = z.infer<typeof BulkActionEditPayloadRuleActions>;
export const BulkActionEditPayloadRuleActions = z.object({
type: z.enum(['add_rule_actions', 'set_rule_actions']),
Expand All @@ -249,6 +256,14 @@ export const BulkActionEditPayloadRuleActions = z.object({
}),
});

/**
* Overwrites schedule of rules.

- `set_schedule` sets a schedule for rules. If the same schedule already exists for a rule, no changes are made.

Both `interval` and `lookback` have a format of "{integer}{time_unit}", where accepted time units are `s` for seconds, `m` for minutes, and `h` for hours. The integer must be positive and larger than 0. Examples: "45s", "30m", "6h"

*/
export type BulkActionEditPayloadSchedule = z.infer<typeof BulkActionEditPayloadSchedule>;
export const BulkActionEditPayloadSchedule = z.object({
type: z.literal('set_schedule'),
Expand All @@ -257,26 +272,56 @@ export const BulkActionEditPayloadSchedule = z.object({
* Interval in which the rule runs. For example, `"1h"` means the rule runs every hour.
*/
interval: z.string().regex(/^[1-9]\d*[smh]$/),
/**
* Lookback time for the rule
*/
/**
* Lookback time for the rules.

Additional look-back time that the rule analyzes. For example, "10m" means the rule analyzes the last 10 minutes of data in addition to the frequency interval.

*/
lookback: z.string().regex(/^[1-9]\d*[smh]$/),
}),
});

/**
* Edits index patterns of rulesClient.

- `add_index_patterns` adds index patterns to rules. If an index pattern already exists for a rule, no changes are made.
- `delete_index_patterns` removes index patterns from rules. If an index pattern does not exist for a rule, no changes are made.
- `set_index_patterns` sets index patterns for rules, overwriting any existing index patterns. If the set of index patterns is the same as the existing index patterns, no changes are made.

*/
export type BulkActionEditPayloadIndexPatterns = z.infer<typeof BulkActionEditPayloadIndexPatterns>;
export const BulkActionEditPayloadIndexPatterns = z.object({
type: z.enum(['add_index_patterns', 'delete_index_patterns', 'set_index_patterns']),
value: IndexPatternArray,
/**
* Resets the data view for the rule.
*/
overwrite_data_views: z.boolean().optional(),
});

/**
* Edits tags of rules.

- `add_tags` adds tags to rules. If a tag already exists for a rule, no changes are made.
- `delete_tags` removes tags from rules. If a tag does not exist for a rule, no changes are made.
- `set_tags` sets tags for rules, overwriting any existing tags. If the set of tags is the same as the existing tags, no changes are made.

*/
export type BulkActionEditPayloadTags = z.infer<typeof BulkActionEditPayloadTags>;
export const BulkActionEditPayloadTags = z.object({
type: z.enum(['add_tags', 'delete_tags', 'set_tags']),
value: RuleTagArray,
});

/**
* Edits investigation fields of rules.

- `add_investigation_fields` adds investigation fields to rules. If an investigation field already exists for a rule, no changes are made.
- `delete_investigation_fields` removes investigation fields from rules. If an investigation field does not exist for a rule, no changes are made.
- `set_investigation_fields` sets investigation fields for rules. If the set of investigation fields is the same as the existing investigation fields, no changes are made.

*/
export type BulkActionEditPayloadInvestigationFields = z.infer<
typeof BulkActionEditPayloadInvestigationFields
>;
Expand All @@ -289,6 +334,12 @@ export const BulkActionEditPayloadInvestigationFields = z.object({
value: InvestigationFields,
});

/**
* Edits timeline of rules.

- `set_timeline` sets a timeline for rules. If the same timeline already exists for a rule, no changes are made.

*/
export type BulkActionEditPayloadTimeline = z.infer<typeof BulkActionEditPayloadTimeline>;
export const BulkActionEditPayloadTimeline = z.object({
type: z.literal('set_timeline'),
Expand Down
Loading