Prep for Creation of 8.3 Branch (#1906)

* updating with changes for 8.3 prep * adding updates * adjusted version in packages.yml
elastic · Apr 1, 2022 · 648daf1 · 648daf1
1 parent 93edc44
commit 648daf1
Show file tree

Hide file tree

Showing 11 changed files with 2,234 additions and 5 deletions.
diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml
@@ -56,7 +56,7 @@ jobs:
       max-parallel: 1
       matrix:
         # 7.17 was intentionally skipped because it was added late and was bug fix only
-        target_branch: [7.13, 7.14, 7.15, 7.16, '8.0', 8.1]
+        target_branch: [7.13, 7.14, 7.15, 7.16, '8.0', 8.1, 8.2]
 
     steps:
       - name: Checkout repo

diff --git a/.github/workflows/lock-versions.yml b/.github/workflows/lock-versions.yml
@@ -6,7 +6,7 @@ on:
           description: 'List of branches to lock versions (ordered, comma separated)'
           required: true
           # 7.17 was intentionally skipped because it was added late and was bug fix only
-          default: '7.13,7.14,7.15,7.16,8.0,8.1'
+          default: '7.13,7.14,7.15,7.16,8.0,8.1,8.2'
 
 jobs:
   pr:

diff --git a/detection_rules/schemas/__init__.py b/detection_rules/schemas/__init__.py
@@ -190,6 +190,12 @@ def migrate_to_8_1(version: Version, api_contents: dict) -> dict:
     return strip_additional_properties(version, api_contents)
 
 
+@migrate("8.2")
+def migrate_to_8_2(version: Version, api_contents: dict) -> dict:
+    """Default migration for 8.2."""
+    return strip_additional_properties(version, api_contents)
+
+
 def downgrade(api_contents: dict, target_version: str, current_version: Optional[str] = None) -> dict:
     """Downgrade a rule to a target stack version."""
     from ..packaging import current_stack_version

diff --git a/etc/api_schemas/8.2/8.2.base.json b/etc/api_schemas/8.2/8.2.base.json
@@ -0,0 +1,336 @@
+{
+  "$schema": "http://json-schema.org/draft-04/schema#",
+  "additionalProperties": false,
+  "properties": {
+    "actions": {
+      "items": {
+        "type": [
+          "string",
+          "number",
+          "object",
+          "array",
+          "boolean"
+        ]
+      },
+      "type": "array"
+    },
+    "author": {
+      "items": {
+        "type": "string"
+      },
+      "type": "array"
+    },
+    "building_block_type": {
+      "type": "string"
+    },
+    "description": {
+      "type": "string"
+    },
+    "enabled": {
+      "type": "boolean"
+    },
+    "exceptions_list": {
+      "items": {
+        "type": [
+          "string",
+          "number",
+          "object",
+          "array",
+          "boolean"
+        ]
+      },
+      "type": "array"
+    },
+    "false_positives": {
+      "items": {
+        "type": "string"
+      },
+      "type": "array"
+    },
+    "filters": {
+      "items": {
+        "additionalProperties": {
+          "type": [
+            "string",
+            "number",
+            "object",
+            "array",
+            "boolean"
+          ]
+        },
+        "type": "object"
+      },
+      "type": "array"
+    },
+    "from": {
+      "type": "string"
+    },
+    "interval": {
+      "description": "Interval",
+      "pattern": "^\\d+[mshd]$",
+      "type": "string"
+    },
+    "license": {
+      "type": "string"
+    },
+    "max_signals": {
+      "description": "MaxSignals",
+      "format": "integer",
+      "minimum": 1,
+      "type": "number"
+    },
+    "meta": {
+      "additionalProperties": {
+        "type": [
+          "string",
+          "number",
+          "object",
+          "array",
+          "boolean"
+        ]
+      },
+      "type": "object"
+    },
+    "name": {
+      "description": "RuleName",
+      "pattern": "^[a-zA-Z0-9].+?[a-zA-Z0-9()]$",
+      "type": "string"
+    },
+    "note": {
+      "description": "MarkdownField",
+      "type": "string"
+    },
+    "references": {
+      "items": {
+        "type": "string"
+      },
+      "type": "array"
+    },
+    "risk_score": {
+      "description": "MaxSignals",
+      "format": "integer",
+      "maximum": 100,
+      "minimum": 1,
+      "type": "number"
+    },
+    "risk_score_mapping": {
+      "items": {
+        "additionalProperties": false,
+        "properties": {
+          "field": {
+            "type": "string"
+          },
+          "operator": {
+            "enum": [
+              "equals"
+            ],
+            "type": "string"
+          },
+          "value": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "field"
+        ],
+        "type": "object"
+      },
+      "type": "array"
+    },
+    "rule_id": {
+      "description": "UUIDString",
+      "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$",
+      "type": "string"
+    },
+    "rule_name_override": {
+      "type": "string"
+    },
+    "severity": {
+      "enum": [
+        "low",
+        "medium",
+        "high",
+        "critical"
+      ],
+      "enumNames": [],
+      "type": "string"
+    },
+    "severity_mapping": {
+      "items": {
+        "additionalProperties": false,
+        "properties": {
+          "field": {
+            "type": "string"
+          },
+          "operator": {
+            "enum": [
+              "equals"
+            ],
+            "type": "string"
+          },
+          "severity": {
+            "type": "string"
+          },
+          "value": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "field"
+        ],
+        "type": "object"
+      },
+      "type": "array"
+    },
+    "tags": {
+      "items": {
+        "type": "string"
+      },
+      "type": "array"
+    },
+    "threat": {
+      "items": {
+        "additionalProperties": false,
+        "properties": {
+          "framework": {
+            "enum": [
+              "MITRE ATT&CK"
+            ],
+            "type": "string"
+          },
+          "tactic": {
+            "additionalProperties": false,
+            "properties": {
+              "id": {
+                "type": "string"
+              },
+              "name": {
+                "type": "string"
+              },
+              "reference": {
+                "description": "TacticURL",
+                "pattern": "^https://attack.mitre.org/tactics/TA[0-9]+/$",
+                "type": "string"
+              }
+            },
+            "required": [
+              "id",
+              "name",
+              "reference"
+            ],
+            "type": "object"
+          },
+          "technique": {
+            "items": {
+              "additionalProperties": false,
+              "properties": {
+                "id": {
+                  "type": "string"
+                },
+                "name": {
+                  "type": "string"
+                },
+                "reference": {
+                  "description": "TechniqueURL",
+                  "pattern": "^https://attack.mitre.org/techniques/T[0-9]+/$",
+                  "type": "string"
+                },
+                "subtechnique": {
+                  "items": {
+                    "additionalProperties": false,
+                    "properties": {
+                      "id": {
+                        "type": "string"
+                      },
+                      "name": {
+                        "type": "string"
+                      },
+                      "reference": {
+                        "description": "SubTechniqueURL",
+                        "pattern": "^https://attack.mitre.org/techniques/T[0-9]+/[0-9]+/$",
+                        "type": "string"
+                      }
+                    },
+                    "required": [
+                      "id",
+                      "name",
+                      "reference"
+                    ],
+                    "type": "object"
+                  },
+                  "type": "array"
+                }
+              },
+              "required": [
+                "id",
+                "name",
+                "reference"
+              ],
+              "type": "object"
+            },
+            "type": "array"
+          }
+        },
+        "required": [
+          "framework",
+          "tactic"
+        ],
+        "type": "object"
+      },
+      "type": "array"
+    },
+    "throttle": {
+      "type": "string"
+    },
+    "timeline_id": {
+      "description": "TimelineTemplateId",
+      "enum": [
+        "db366523-f1c6-4c1f-8731-6ce5ed9e5717",
+        "91832785-286d-4ebe-b884-1a208d111a70",
+        "76e52245-7519-4251-91ab-262fb1a1728c",
+        "495ad7a7-316e-4544-8a0f-9c098daee76e"
+      ],
+      "enumNames": [],
+      "type": "string"
+    },
+    "timeline_title": {
+      "description": "TimelineTemplateTitle",
+      "enum": [
+        "Generic Endpoint Timeline",
+        "Generic Network Timeline",
+        "Generic Process Timeline",
+        "Generic Threat Match Timeline"
+      ],
+      "enumNames": [],
+      "type": "string"
+    },
+    "timestamp_override": {
+      "type": "string"
+    },
+    "to": {
+      "type": "string"
+    },
+    "type": {
+      "enum": [
+        "query",
+        "saved_query",
+        "machine_learning",
+        "eql",
+        "threshold",
+        "threat_match"
+      ],
+      "enumNames": [],
+      "type": "string"
+    }
+  },
+  "required": [
+    "author",
+    "description",
+    "name",
+    "risk_score",
+    "rule_id",
+    "severity",
+    "type"
+  ],
+  "type": "object"
+}