[Security Solution] Adds customized_fields and has_base_version fields to internal rule schema#235394
Merged
dplumlee merged 4 commits intoelastic:mainfrom Sep 20, 2025
Conversation
dplumlee
added
release_note:enhancement
Team:Detections and Resp
Contributor
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
Contributor
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Contributor
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
4 tasks
jkelas
approved these changes
Sep 17, 2025
Contributor
jkelas
left a comment
jkelas
left a comment
There was a problem hiding this comment.
LGTM.
Done some basic exploratory testing to make sure that our features work correctly.
Approving.
…-field-internal-schema
…-field-internal-schema
vitaliidm
reviewed
Sep 19, 2025
| z.object({ | ||
| type: z.literal('external'), | ||
| isCustomized: IsExternalRuleCustomized, | ||
| customizedFields: z |
Contributor
There was a problem hiding this comment.
do we need to add new parameter to external schemas too?
Contributor
Author
There was a problem hiding this comment.
That's what this PR is doing. We need to add it to the internal rule schemas first due to our intermediate release practice with rule schema modifications
Contributor
|
Starting backport for target branches: 9.1 https://github.com/elastic/kibana/actions/runs/17883771345 |
Contributor
💛 Build succeeded, but was flaky
Failed CI StepsMetrics [docs]Saved Objects .kibana field count
History
cc @dplumlee |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Sep 20, 2025
…ields to internal rule schema (elastic#235394) ## Summary Precursor to elastic#234793 **Must go into serverless before that PR is merged in** Adds new fields related to [customized rule alert telemetry](elastic#230856) to the internal rule schema, an addition that must be done before adding them to the security rule schemas (e.g. `RuleResponse`, etc.) (cherry picked from commit a15e334)
Contributor
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Sep 22, 2025
…astic#235922) Adds the missing props added by elastic#235394 to the registered rule types schema snapshot. (cherry picked from commit fa205bc)
kibanamachine
added a commit
that referenced
this pull request
Sep 23, 2025
…ion` fields to internal rule schema (#235394) (#235897) # Backport This will backport the following commits from `main` to `9.1`: - [[Security Solution] Adds `customized_fields` and `has_base_version` fields to internal rule schema (#235394)](#235394) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Davis Plumlee","email":"56367316+dplumlee@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-09-20T19:09:45Z","message":"[Security Solution] Adds `customized_fields` and `has_base_version` fields to internal rule schema (#235394)\n\n## Summary\n\nPrecursor to https://github.com/elastic/kibana/pull/234793\n\n**Must go into serverless before that PR is merged in**\n\nAdds new fields related to [customized rule alert\ntelemetry](#230856) to the\ninternal rule schema, an addition that must be done before adding them\nto the security rule schemas (e.g. `RuleResponse`, etc.)","sha":"a15e3345fe5c7cc7171112710d27b555f517acaa","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:enhancement","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v9.2.0","v9.1.5"],"title":"[Security Solution] Adds `customized_fields` and `has_base_version` fields to internal rule schema","number":235394,"url":"https://github.com/elastic/kibana/pull/235394","mergeCommit":{"message":"[Security Solution] Adds `customized_fields` and `has_base_version` fields to internal rule schema (#235394)\n\n## Summary\n\nPrecursor to https://github.com/elastic/kibana/pull/234793\n\n**Must go into serverless before that PR is merged in**\n\nAdds new fields related to [customized rule alert\ntelemetry](#230856) to the\ninternal rule schema, an addition that must be done before adding them\nto the security rule schemas (e.g. `RuleResponse`, etc.)","sha":"a15e3345fe5c7cc7171112710d27b555f517acaa"}},"sourceBranch":"main","suggestedTargetBranches":["9.1"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/235394","number":235394,"mergeCommit":{"message":"[Security Solution] Adds `customized_fields` and `has_base_version` fields to internal rule schema (#235394)\n\n## Summary\n\nPrecursor to https://github.com/elastic/kibana/pull/234793\n\n**Must go into serverless before that PR is merged in**\n\nAdds new fields related to [customized rule alert\ntelemetry](#230856) to the\ninternal rule schema, an addition that must be done before adding them\nto the security rule schemas (e.g. `RuleResponse`, etc.)","sha":"a15e3345fe5c7cc7171112710d27b555f517acaa"}},{"branch":"9.1","label":"v9.1.5","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> --------- Co-authored-by: Davis Plumlee <56367316+dplumlee@users.noreply.github.com> Co-authored-by: Davis Plumlee <davis.plumlee@elastic.co>
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this pull request
Sep 24, 2025
…ields to internal rule schema (elastic#235394) ## Summary Precursor to elastic#234793 **Must go into serverless before that PR is merged in** Adds new fields related to [customized rule alert telemetry](elastic#230856) to the internal rule schema, an addition that must be done before adding them to the security rule schemas (e.g. `RuleResponse`, etc.)
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this pull request
Sep 24, 2025
…astic#235922) Adds the missing props added by elastic#235394 to the registered rule types schema snapshot.
niros1
pushed a commit
that referenced
this pull request
Sep 30, 2025
…ields to internal rule schema (#235394) ## Summary Precursor to #234793 **Must go into serverless before that PR is merged in** Adds new fields related to [customized rule alert telemetry](#230856) to the internal rule schema, an addition that must be done before adding them to the security rule schemas (e.g. `RuleResponse`, etc.)
banderror
added
release_note:skip
rylnd
pushed a commit
to rylnd/kibana
that referenced
this pull request
Oct 17, 2025
…ields to internal rule schema (elastic#235394) ## Summary Precursor to elastic#234793 **Must go into serverless before that PR is merged in** Adds new fields related to [customized rule alert telemetry](elastic#230856) to the internal rule schema, an addition that must be done before adding them to the security rule schemas (e.g. `RuleResponse`, etc.)
rylnd
pushed a commit
to rylnd/kibana
that referenced
this pull request
Oct 17, 2025
…astic#235922) Adds the missing props added by elastic#235394 to the registered rule types schema snapshot.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Precursor to #234793
Must go into serverless before that PR is merged in
Adds new fields related to customized rule alert telemetry to the internal rule schema, an addition that must be done before adding them to the security rule schemas (e.g.
RuleResponse, etc.)