-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Implement data source fields diff algorithm #187659
Closed
8 tasks done
Tracked by
#174168
Labels
8.16 candidate
enhancement
New value added to drive a business result
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules area
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
v8.16.0
Comments
banderror
added
triage_needed
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Team:Detection Rule Management
Security Detection Rule Management Team
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules area
labels
Jul 5, 2024
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
Pinging @elastic/security-solution (Team: SecuritySolution) |
banderror
changed the title
[Security Solution] Implement data source fields diff algorithm (DRAFT)
[Security Solution] Implement data source fields diff algorithm
Jul 5, 2024
2 tasks
1 task
dplumlee
added a commit
that referenced
this issue
Aug 1, 2024
…ce` field (#188874) ## Summary Related ticket: #187659 Adds the diff algorithm and unit test coverage for the `data_source` field we use in the prebuilt rules customization workflow. This field is a custom grouped field that combines the `data_view_id` field and `index_pattern` field that are used interchangeably of one another on the rule type for a rule's data source. ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
3 tasks
dplumlee
added a commit
that referenced
this issue
Aug 9, 2024
…9669) ## Summary Related ticket: #187659 Adds test plan for diff algorithm for arrays of scalar values implemented here: #188874 ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
dplumlee
added a commit
that referenced
this issue
Aug 9, 2024
…gorithm (#189744) ## Summary Completes #187659 Switches `data_source` fields to use the implemented diff algorithm assigned to them in #188874 Adds integration tests in accordance to #189669 for the `upgrade/_review` API endpoint for the `data_source` field diff algorithm. ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
8.16 candidate
enhancement
New value added to drive a business result
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules area
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
v8.16.0
Epics: https://github.com/elastic/security-team/issues/1974 (internal), #174168
Summary
Implement an algorithm for diffing and merging changes in
RuleDataSource
. It should be applied to:kibana/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts
Line 122 in 1040bae
kibana/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts
Line 134 in 1040bae
kibana/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts
Line 146 in 1040bae
kibana/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts
Line 174 in 1040bae
kibana/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts
Line 189 in 1040bae
kibana/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts
Line 212 in 1040bae
Context from the Rule Customization RFC:
To do
data_source
field #188874upgrade/_review
endpoint.data_source
field diff algorithm test plan #189669data_source
field diff algorithm #189744The text was updated successfully, but these errors were encountered: