Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] Implement data source fields diff algorithm #187659

Closed
8 tasks done
Tracked by #174168
banderror opened this issue Jul 5, 2024 · 4 comments
Closed
8 tasks done
Tracked by #174168

[Security Solution] Implement data source fields diff algorithm #187659

banderror opened this issue Jul 5, 2024 · 4 comments
Assignees
Labels
8.16 candidate enhancement New value added to drive a business result Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.16.0

Comments

@banderror
Copy link
Contributor

banderror commented Jul 5, 2024

Epics: https://github.com/elastic/security-team/issues/1974 (internal), #174168

Summary

Implement an algorithm for diffing and merging changes in RuleDataSource. It should be applied to:

Context from the Rule Customization RFC:

To do

@banderror banderror added triage_needed Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Detection Rule Management Security Detection Rule Management Team Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area labels Jul 5, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@banderror banderror changed the title [Security Solution] Implement data source fields diff algorithm (DRAFT) [Security Solution] Implement data source fields diff algorithm Jul 5, 2024
@banderror banderror added the enhancement New value added to drive a business result label Jul 5, 2024
dplumlee added a commit that referenced this issue Aug 1, 2024
…ce` field (#188874)

## Summary

Related ticket: #187659

Adds the diff algorithm and unit test coverage for the `data_source`
field we use in the prebuilt rules customization workflow. This field is
a custom grouped field that combines the `data_view_id` field and
`index_pattern` field that are used interchangeably of one another on
the rule type for a rule's data source.


### Checklist

Delete any items that are not applicable to this PR.

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios


### For maintainers

- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
dplumlee added a commit that referenced this issue Aug 9, 2024
…9669)

## Summary

Related ticket: #187659

Adds test plan for diff algorithm for arrays of scalar values
implemented here: #188874



### For maintainers

- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
dplumlee added a commit that referenced this issue Aug 9, 2024
…gorithm (#189744)

## Summary

Completes #187659


Switches `data_source` fields to use the implemented diff algorithm
assigned to them in #188874


Adds integration tests in accordance to
#189669 for the `upgrade/_review`
API endpoint for the `data_source` field diff algorithm.

### Checklist

Delete any items that are not applicable to this PR.

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed


### For maintainers

- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
@dplumlee dplumlee closed this as completed Aug 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
8.16 candidate enhancement New value added to drive a business result Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.16.0
Projects
None yet
Development

No branches or pull requests

3 participants