Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Create types or tests to link Rule Schema and Diffable Rule schema #194484

Open
Tracked by #179907
jpdjere opened this issue Sep 30, 2024 · 3 comments
Open
Tracked by #179907

[Security Solution] Create types or tests to link Rule Schema and Diffable Rule schema #194484

jpdjere opened this issue Sep 30, 2024 · 3 comments
Assignees
@jpdjere
Labels
Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.

Comments

@jpdjere
Copy link
Contributor

jpdjere commented Sep 30, 2024
edited by banderror
Loading

Epics: https://github.com/elastic/security-team/issues/1974 (internal), #179907

Summary

Currently, our API Rule Schemas and our schema for DiffableRules are completely disconnected: our Rule Schemas are auto-generated via our OpenAPI specs, while the DiffableRule schema (used in our Prebuilt Rule upgrade workflow) is created manually by listing its diffable fields.

This means that whenever a new field is added (or modified or removed) to our Rule Schemas, that change can go completely unnoticed (and the change merged to main) without the engineer realising that the DiffableRule should be adapted in a similar way.

Task

  • Create either (or both):
    • types that statically check that the fields in our Rule Schema are included -or considered in some way or another- in our DiffableRule.
    • tests that break if a change is introduced in our Rule Schema that is not reflected in the DiffableRule.
  • The files with types or tests should be set to be owned by the Detection Rules Management team, in order to prompt the involvement of one engineer from the team during this change.
@jpdjere jpdjere added Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team triage_needed labels Sep 30, 2024
@jpdjere jpdjere self-assigned this Sep 30, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@jpdjere jpdjere added 8.16 candidate Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area and removed triage_needed labels Sep 30, 2024
@jpdjere jpdjere mentioned this issue Sep 30, 2024
Open
@banderror banderror mentioned this issue Nov 23, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jpdjere jpdjere

Labels
Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jpdjere @banderror @elasticmachine