Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add versioned schemas with a downgrade path #84

Merged
merged 8 commits into from
Jul 23, 2020
Merged

Add versioned schemas with a downgrade path #84

merged 8 commits into from
Jul 23, 2020

Conversation

rw-access
Copy link
Contributor

@rw-access rw-access commented Jul 21, 2020
edited
Loading

Issues

Closes #70

Summary

Updated the schemas so we can track with stack version. This way, with kibana-upload, we'll be able to upload to old versions of the stack, not just the latest version. Otherwise, we'll run into schema errors when we use fields that an old stack didn't know about like author or license. Now, you can just downgrade a rule from 7.9 to 7.8, and as long as it was supported you can post it. New rule types like threshold will raise an exception.

More @spong spamming: I added you to check that I correctly captured the changes between 7.8 and 7.9.

@rw-access rw-access added the enhancement New feature or request label Jul 21, 2020
@rw-access rw-access requested review from spong and brokensound77 July 21, 2020 21:37
spong
spong approved these changes Jul 22, 2020
View reviewed changes
Copy link
Member

@spong spong left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Schema diff between 7.8 and 7.9 LGTM!

Added fields in 7.9 are as follows, and those are indeed absent from what you have for 7.8 👍

New fields in 7.9:

  • severity_mapping
  • author
  • risk_score_mapping
  • license
  • rule_name_override
  • timestamp_override
  • building_block_type

New rule type in 7.9

  • threshold

brokensound77
brokensound77 reviewed Jul 23, 2020
View reviewed changes
detection_rules/schemas/base.py Outdated Show resolved Hide resolved
detection_rules/schemas/base.py Outdated Show resolved Hide resolved
detection_rules/schemas/v78.py Outdated Show resolved Hide resolved
detection_rules/schemas/base.py Show resolved Hide resolved
rw-access and others added 2 commits July 23, 2020 10:51
@rw-access @brokensound77
Skip NotField for output_index
900c913 
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
@rw-access
Add strip_additional_properties for kibana import
3bc9ccb
brokensound77
brokensound77 approved these changes Jul 23, 2020
View reviewed changes
Copy link
Contributor

@brokensound77 brokensound77 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

rw-access and others added 2 commits July 23, 2020 13:37
@rw-access @brokensound77
Remove stray comment
9f20f10 
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
@rw-access @brokensound77
Apply suggestions from code review
23521f6 
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
@rw-access rw-access merged commit d15da0a into elastic:main Jul 23, 2020
@rw-access rw-access deleted the feature/versioned-schemas branch July 23, 2020 17:39
@rw-access rw-access mentioned this pull request Jul 27, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brokensound77 brokensound77 brokensound77 approved these changes

@spong spong spong approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[FR] Track schemas.py across stack versions
3 participants
@rw-access @spong @brokensound77