You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The version and revision field are explicitly forbidden (left out of the schema) within the repo, because of how we lock versions abstractly (preventing us from accidentally explicitly adding a version). The revision field is newer.
We should add limited use of those fields in the schema for users who are managing rules (DAC) that may be versioning directly. The fields should be limited in that the default for the repo would be to make them not valid schema fields, only working for non built in rules. We could potentially achieve this by looking at the CUSTOM_RULE_DIR envvar (which may be too limited), or by parsing the path of a rule as being equal to the elastic default dirs.
Revision will also have to be a restricted field, only valid for the stack version it was released on and higher.
brokensound77
changed the title
[FR] Add *LIMITED* support for version and revision to BaseRuleData
[FR][DAC] Add *LIMITED* support for version and revision to BaseRuleDataApr 27, 2024
Note: this work will target the DAC-feature branch
related to #3407
The
version
andrevision
field are explicitly forbidden (left out of the schema) within the repo, because of how we lock versions abstractly (preventing us from accidentally explicitly adding a version). Therevision
field is newer.We should add limited use of those fields in the schema for users who are managing rules (DAC) that may be versioning directly. The fields should be limited in that the default for the repo would be to make them not valid schema fields, only working for non built in rules. We could potentially achieve this by looking at the
CUSTOM_RULE_DIR
envvar (which may be too limited), or by parsing the path of a rule as being equal to the elastic default dirs.Revision
will also have to be a restricted field, only valid for the stack version it was released on and higher.detection-rules/detection_rules/rule.py
Lines 318 to 375 in c567d37
The text was updated successfully, but these errors were encountered: