-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add possibility to update threat_indicator_path for prebuilt rule #116583
Conversation
@elasticmachine merge upstream |
d9a7634
to
0ecc745
Compare
Pinging @elastic/security-solution (Team: SecuritySolution) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great catch, I missed these paths in #91260.
In order to ensure we don't introduce a regression here, it would be great to add some test coverage in update_prepacked_rules.test.ts
, verifying that modification of some representative fields (including threat_indicator_path
) are persisted by that function.
@elasticmachine merge upstream |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM - making a note of the update_prepackaged_rules.test.ts
in the testing doc here for 8.0
@elasticmachine merge upstream |
@elasticmachine merge upstream |
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
💚 Build Succeeded
Metrics [docs]
History
To update your PR or re-run it, just comment with: cc @nkhristinin |
The following labels were identified as gaps in your version labels and will be added automatically:
If any of these should not be on your pull request, please manually remove them. |
…astic#116583) * Add possibility to update threat_indicator_path for prebuiltt rule * Fix types * adds update_prepacked_rules test Co-authored-by: Kibana Machine <[email protected]> Co-authored-by: Ece Ozalp <[email protected]>
💚 Backport successful
This backport PR will be merged automatically after passing CI. |
…16583) (#119898) * Add possibility to update threat_indicator_path for prebuiltt rule * Fix types * adds update_prepacked_rules test Co-authored-by: Kibana Machine <[email protected]> Co-authored-by: Ece Ozalp <[email protected]> Co-authored-by: Khristinin Nikita <[email protected]> Co-authored-by: Ece Ozalp <[email protected]>
…astic#116583) * Add possibility to update threat_indicator_path for prebuiltt rule * Fix types * adds update_prepacked_rules test Co-authored-by: Kibana Machine <[email protected]> Co-authored-by: Ece Ozalp <[email protected]>
Add the possibility to update threat_indicator_path for the prebuilt rule.
How to reproduce the bug:
We will update this file -
x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/threat_intel_module_match.json
threat_indicator_path
equals ""threat_indicator_path
to any valuethreat_indicator_path
should be the empty string - ""Check out branch
x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/threat_intel_module_match.json
threat_indicator_path
to any valuethreat_indicator_path
should has a value which you enter beforeFor maintainers