From 26a13ac84fecb2a238ae50ef707bcbd59b0b7b14 Mon Sep 17 00:00:00 2001 From: jpdjere Date: Thu, 25 Jul 2024 15:58:24 +0200 Subject: [PATCH 01/12] Created OpenAPI schema --- .../perform_rule_upgrade_route.gen.ts | 84 +++++++++++ .../perform_rule_upgrade_route.schema.yaml | 138 ++++++++++++++++++ ...ections_api_2023_10_31.bundled.schema.yaml | 127 ++++++++++++++++ .../services/security_solution_api.gen.ts | 15 ++ 4 files changed, 364 insertions(+) create mode 100644 x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts create mode 100644 x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts new file mode 100644 index 0000000000000..f7a9018bf6e4a --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts @@ -0,0 +1,84 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +/* + * NOTICE: Do not edit this file manually. + * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. + * + * info: + * title: Perform Rule Upgrade API endpoint + * version: 2023-10-31 + */ + +import { z } from 'zod'; + +import { RuleSignatureId, RuleVersion } from '../../model/rule_schema/common_attributes.gen'; +import { RuleResponse } from '../../model/rule_schema/rule_schemas.gen'; +import { ErrorSchema } from '../../model/error_schema.gen'; + +export type PickVersionValues = z.infer; +export const PickVersionValues = z.enum(['BASE', 'CURRENT', 'TARGET']); +export type PickVersionValuesEnum = typeof PickVersionValues.enum; +export const PickVersionValuesEnum = PickVersionValues.enum; + +export type RuleUpgradeSpecifier = z.infer; +export const RuleUpgradeSpecifier = z.object({ + rule_id: RuleSignatureId, + revision: z.number(), + version: RuleVersion, + pick_version: PickVersionValues.optional(), +}); + +export type UpgradeSpecificRulesRequest = z.infer; +export const UpgradeSpecificRulesRequest = z.object({ + mode: z.literal('SPECIFIC_RULES'), + rules: z.array(RuleUpgradeSpecifier), + pick_version: PickVersionValues.optional(), +}); + +export type UpgradeAllRulesRequest = z.infer; +export const UpgradeAllRulesRequest = z.object({ + mode: z.literal('ALL_RULES'), + pick_version: PickVersionValues.optional(), +}); + +export type PerformRuleUpgradeRequestBody = z.infer; +export const PerformRuleUpgradeRequestBody = z.union([ + UpgradeAllRulesRequest, + UpgradeSpecificRulesRequest, +]); + +export type SkipRuleUpgradeReason = z.infer; +export const SkipRuleUpgradeReason = z.literal('RULE_UP_TO_DATE'); + +export type SkippedRuleUpgrade = z.infer; +export const SkippedRuleUpgrade = z.object({ + rule_id: z.string(), + reason: SkipRuleUpgradeReason, +}); + +export type PerformRuleUpgradeResponseBody = z.infer; +export const PerformRuleUpgradeResponseBody = z.object({ + summary: z.object({ + total: z.number(), + succeeded: z.number(), + skipped: z.number(), + failed: z.number(), + }), + results: z.object({ + updated: z.array(RuleResponse), + skipped: z.array(SkippedRuleUpgrade), + }), + errors: z.array(ErrorSchema), +}); + +export type PerformRuleUpgradeRequestBody = z.infer; +export const PerformRuleUpgradeRequestBody = PerformRuleUpgradeRequestBody; +export type PerformRuleUpgradeRequestBodyInput = z.input; + +export type PerformRuleUpgradeResponse = z.infer; +export const PerformRuleUpgradeResponse = PerformRuleUpgradeResponseBody; diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml new file mode 100644 index 0000000000000..d987036f0ace6 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml @@ -0,0 +1,138 @@ +openapi: 3.0.0 +info: + title: Perform Rule Upgrade API endpoint + version: '2023-10-31' +paths: + /api/detection_engine/rules/prebuilt/_perform_upgrade: + post: + x-labels: [ess] + x-codegen-enabled: true + operationId: PerformRuleUpgrade + summary: Perform rule upgrade + description: Upgrade prebuilt detection rules. + tags: + - Rules API + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/PerformRuleUpgradeRequestBody' + responses: + 200: + description: Indicates a successful call. + content: + application/json: + schema: + $ref: '#/components/schemas/PerformRuleUpgradeResponseBody' + +components: + schemas: + PickVersionValues: + type: string + enum: [BASE, CURRENT, TARGET] + + RuleUpgradeSpecifier: + type: object + required: + - rule_id + - revision + - version + properties: + rule_id: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleSignatureId' + revision: + type: number + version: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleVersion' + pick_version: + $ref: '#/components/schemas/PickVersionValues' + + UpgradeSpecificRulesRequest: + type: object + required: + - mode + - rules + properties: + mode: + type: string + enum: [SPECIFIC_RULES] + rules: + type: array + items: + $ref: '#/components/schemas/RuleUpgradeSpecifier' + pick_version: + $ref: '#/components/schemas/PickVersionValues' + + UpgradeAllRulesRequest: + type: object + required: + - mode + properties: + mode: + type: string + enum: [ALL_RULES] + pick_version: + $ref: '#/components/schemas/PickVersionValues' + + PerformRuleUpgradeRequestBody: + oneOf: + - $ref: '#/components/schemas/UpgradeAllRulesRequest' + - $ref: '#/components/schemas/UpgradeSpecificRulesRequest' + + SkipRuleUpgradeReason: + type: string + enum: [RULE_UP_TO_DATE] + + SkippedRuleUpgrade: + type: object + required: + - rule_id + - reason + properties: + rule_id: + type: string + reason: + $ref: '#/components/schemas/SkipRuleUpgradeReason' + + PerformRuleUpgradeResponseBody: + type: object + required: + - summary + - results + - errors + properties: + summary: + type: object + required: + - total + - succeeded + - skipped + - failed + properties: + total: + type: number + succeeded: + type: number + skipped: + type: number + failed: + type: number + results: + type: object + required: + - updated + - skipped + properties: + updated: + type: array + items: + $ref: '../../model/rule_schema/rule_schemas.schema.yaml#/components/schemas/RuleResponse' + skipped: + type: array + items: + $ref: '#/components/schemas/SkippedRuleUpgrade' + errors: + type: array + items: + $ref: '../../model/error_schema.schema.yaml#/components/schemas/ErrorSchema' \ No newline at end of file diff --git a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml index 406cb3ac5c913..c6ca21c88ffea 100644 --- a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml @@ -772,6 +772,26 @@ paths: summary: Import detection rules tags: - Import/Export API + /api/detection_engine/rules/prebuilt/_perform_upgrade: + post: + description: Upgrade prebuilt detection rules. + operationId: PerformRuleUpgrade + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PerformRuleUpgradeRequestBody' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PerformRuleUpgradeResponseBody' + description: Indicates a successful call. + summary: Perform rule upgrade + tags: + - Rules API /api/detection_engine/rules/prepackaged: put: description: Install and update all Elastic prebuilt detection rules and Timelines. @@ -4175,6 +4195,57 @@ components: required: - action_type_id - params + PerformRuleUpgradeRequestBody: + oneOf: + - $ref: '#/components/schemas/UpgradeAllRulesRequest' + - $ref: '#/components/schemas/UpgradeSpecificRulesRequest' + PerformRuleUpgradeResponseBody: + type: object + properties: + errors: + items: + $ref: '#/components/schemas/ErrorSchema' + type: array + results: + type: object + properties: + skipped: + items: + $ref: '#/components/schemas/SkippedRuleUpgrade' + type: array + updated: + items: + $ref: '#/components/schemas/RuleResponse' + type: array + required: + - updated + - skipped + summary: + type: object + properties: + failed: + type: number + skipped: + type: number + succeeded: + type: number + total: + type: number + required: + - total + - succeeded + - skipped + - failed + required: + - summary + - results + - errors + PickVersionValues: + enum: + - BASE + - CURRENT + - TARGET + type: string PlatformErrorResponse: type: object properties: @@ -5225,6 +5296,21 @@ components: - $ref: '#/components/schemas/EsqlRuleUpdateProps' discriminator: propertyName: type + RuleUpgradeSpecifier: + type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + revision: + type: number + rule_id: + $ref: '#/components/schemas/RuleSignatureId' + version: + $ref: '#/components/schemas/RuleVersion' + required: + - rule_id + - revision + - version RuleVersion: description: The rule's version number. minimum: 1 @@ -5777,6 +5863,20 @@ components: type: string required: - index + SkippedRuleUpgrade: + type: object + properties: + reason: + $ref: '#/components/schemas/SkipRuleUpgradeReason' + rule_id: + type: string + required: + - rule_id + - reason + SkipRuleUpgradeReason: + enum: + - RULE_UP_TO_DATE + type: string SortOrder: enum: - asc @@ -6901,6 +7001,33 @@ components: TimestampOverrideFallbackDisabled: description: Disables the fallback to the event's @timestamp field type: boolean + UpgradeAllRulesRequest: + type: object + properties: + mode: + enum: + - ALL_RULES + type: string + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - mode + UpgradeSpecificRulesRequest: + type: object + properties: + mode: + enum: + - SPECIFIC_RULES + type: string + pick_version: + $ref: '#/components/schemas/PickVersionValues' + rules: + items: + $ref: '#/components/schemas/RuleUpgradeSpecifier' + type: array + required: + - mode + - rules UUID: description: A universally unique identifier format: uuid diff --git a/x-pack/test/api_integration/services/security_solution_api.gen.ts b/x-pack/test/api_integration/services/security_solution_api.gen.ts index bd66aa39f2f2a..db2c2cfd8b0ea 100644 --- a/x-pack/test/api_integration/services/security_solution_api.gen.ts +++ b/x-pack/test/api_integration/services/security_solution_api.gen.ts @@ -73,6 +73,7 @@ import { PerformBulkActionRequestQueryInput, PerformBulkActionRequestBodyInput, } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.gen'; +import { PerformRuleUpgradeRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen'; import { PreviewRiskScoreRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/risk_engine/preview_route.gen'; import { ReadRuleRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/read_rule/read_rule_route.gen'; import { RulePreviewRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_preview/rule_preview.gen'; @@ -560,6 +561,17 @@ detection engine rules. .send(props.body as object) .query(props.query); }, + /** + * Upgrade prebuilt detection rules. + */ + performRuleUpgrade(props: PerformRuleUpgradeProps) { + return supertest + .post('/api/detection_engine/rules/prebuilt/_perform_upgrade') + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, /** * Calculates and returns a list of Risk Scores, sorted by identifier_type and risk score. */ @@ -800,6 +812,9 @@ export interface PerformBulkActionProps { query: PerformBulkActionRequestQueryInput; body: PerformBulkActionRequestBodyInput; } +export interface PerformRuleUpgradeProps { + body: PerformRuleUpgradeRequestBodyInput; +} export interface PreviewRiskScoreProps { body: PreviewRiskScoreRequestBodyInput; } From d8a9978f50a218ba7abafbdcfa594b590b7faa1e Mon Sep 17 00:00:00 2001 From: jpdjere Date: Fri, 26 Jul 2024 10:36:51 +0200 Subject: [PATCH 02/12] Correct OAS --- .../perform_rule_upgrade_route.gen.ts | 11 ++++------- .../perform_rule_upgrade_route.schema.yaml | 9 +++------ 2 files changed, 7 insertions(+), 13 deletions(-) diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts index f7a9018bf6e4a..c22e95674c00d 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts +++ b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts @@ -46,12 +46,6 @@ export const UpgradeAllRulesRequest = z.object({ pick_version: PickVersionValues.optional(), }); -export type PerformRuleUpgradeRequestBody = z.infer; -export const PerformRuleUpgradeRequestBody = z.union([ - UpgradeAllRulesRequest, - UpgradeSpecificRulesRequest, -]); - export type SkipRuleUpgradeReason = z.infer; export const SkipRuleUpgradeReason = z.literal('RULE_UP_TO_DATE'); @@ -77,7 +71,10 @@ export const PerformRuleUpgradeResponseBody = z.object({ }); export type PerformRuleUpgradeRequestBody = z.infer; -export const PerformRuleUpgradeRequestBody = PerformRuleUpgradeRequestBody; +export const PerformRuleUpgradeRequestBody = z.union([ + UpgradeAllRulesRequest, + UpgradeSpecificRulesRequest, +]); export type PerformRuleUpgradeRequestBodyInput = z.input; export type PerformRuleUpgradeResponse = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml index d987036f0ace6..a81439f4a0014 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml +++ b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml @@ -17,7 +17,9 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/PerformRuleUpgradeRequestBody' + oneOf: + - $ref: '#/components/schemas/UpgradeAllRulesRequest' + - $ref: '#/components/schemas/UpgradeSpecificRulesRequest' responses: 200: description: Indicates a successful call. @@ -75,11 +77,6 @@ components: pick_version: $ref: '#/components/schemas/PickVersionValues' - PerformRuleUpgradeRequestBody: - oneOf: - - $ref: '#/components/schemas/UpgradeAllRulesRequest' - - $ref: '#/components/schemas/UpgradeSpecificRulesRequest' - SkipRuleUpgradeReason: type: string enum: [RULE_UP_TO_DATE] From 4edf88c5ff876025d7cad179820edc394490e5d5 Mon Sep 17 00:00:00 2001 From: jpdjere Date: Fri, 26 Jul 2024 13:04:54 +0200 Subject: [PATCH 03/12] Expand OAS --- .../perform_rule_upgrade_route.gen.ts | 165 +++++++++++++++++- .../perform_rule_upgrade_route.schema.yaml | 150 +++++++++++++++- 2 files changed, 302 insertions(+), 13 deletions(-) diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts index c22e95674c00d..168c9f0d07af7 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts +++ b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts @@ -16,34 +16,183 @@ import { z } from 'zod'; -import { RuleSignatureId, RuleVersion } from '../../model/rule_schema/common_attributes.gen'; +import { + RuleSignatureId, + RuleVersion, + RuleName, + RuleTagArray, + RuleDescription, + Severity, + SeverityMapping, + RiskScore, + RiskScoreMapping, + RuleReferenceArray, + RuleFalsePositiveArray, + ThreatArray, + InvestigationGuide, + SetupGuide, + RelatedIntegrationArray, + RequiredFieldArray, + MaxSignals, + BuildingBlockType, + RuleIntervalFrom, + RuleInterval, + RuleExceptionList, + RuleNameOverride, + TimestampOverride, + TimestampOverrideFallbackDisabled, + TimelineTemplateId, + TimelineTemplateTitle, + IndexPatternArray, + DataViewId, + RuleQuery, + QueryLanguage, + RuleFilterArray, + SavedQueryId, + KqlQueryLanguage, +} from '../../model/rule_schema/common_attributes.gen'; +import { + MachineLearningJobId, + AnomalyThreshold, +} from '../../model/rule_schema/specific_attributes/ml_attributes.gen'; +import { + ThreatQuery, + ThreatMapping, + ThreatIndex, + ThreatFilters, + ThreatIndicatorPath, +} from '../../model/rule_schema/specific_attributes/threat_match_attributes.gen'; +import { + NewTermsFields, + HistoryWindowStart, +} from '../../model/rule_schema/specific_attributes/new_terms_attributes.gen'; import { RuleResponse } from '../../model/rule_schema/rule_schemas.gen'; import { ErrorSchema } from '../../model/error_schema.gen'; -export type PickVersionValues = z.infer; -export const PickVersionValues = z.enum(['BASE', 'CURRENT', 'TARGET']); -export type PickVersionValuesEnum = typeof PickVersionValues.enum; -export const PickVersionValuesEnum = PickVersionValues.enum; +export type RulePickVersionValues = z.infer; +export const RulePickVersionValues = z.enum(['BASE', 'CURRENT', 'TARGET', 'MERGED']); +export type RulePickVersionValuesEnum = typeof RulePickVersionValues.enum; +export const RulePickVersionValuesEnum = RulePickVersionValues.enum; + +export type FieldPickVersionValues = z.infer; +export const FieldPickVersionValues = z.enum(['BASE', 'CURRENT', 'TARGET', 'MERGED', 'RESOLVED']); +export type FieldPickVersionValuesEnum = typeof FieldPickVersionValues.enum; +export const FieldPickVersionValuesEnum = FieldPickVersionValues.enum; + +export type FieldUpgradeRequest = z.infer; +export const FieldUpgradeRequest = z.object({ + pick_version: z.enum(['BASE', 'CURRENT', 'TARGET', 'MERGED', 'RESOLVED']), + resolved_value: z + .union([ + RuleName, + RuleTagArray, + RuleDescription, + Severity, + SeverityMapping, + RiskScore, + RiskScoreMapping, + RuleReferenceArray, + RuleFalsePositiveArray, + ThreatArray, + InvestigationGuide, + SetupGuide, + RelatedIntegrationArray, + RequiredFieldArray, + RequiredFieldArray, + MaxSignals, + BuildingBlockType, + RuleIntervalFrom, + RuleInterval, + RuleExceptionList, + RuleNameOverride, + TimestampOverride, + TimestampOverrideFallbackDisabled, + TimelineTemplateId, + TimelineTemplateTitle, + IndexPatternArray, + DataViewId, + RuleQuery, + QueryLanguage, + RuleFilterArray, + SavedQueryId, + MachineLearningJobId, + AnomalyThreshold, + AnomalyThreshold, + ThreatQuery, + ThreatMapping, + ThreatIndex, + ThreatFilters, + ThreatIndicatorPath, + KqlQueryLanguage, + NewTermsFields, + HistoryWindowStart, + ]) + .optional(), +}); export type RuleUpgradeSpecifier = z.infer; export const RuleUpgradeSpecifier = z.object({ rule_id: RuleSignatureId, revision: z.number(), version: RuleVersion, - pick_version: PickVersionValues.optional(), + pick_version: RulePickVersionValues.optional(), + fields: z + .object({ + name: FieldUpgradeRequest.optional(), + tags: FieldUpgradeRequest.optional(), + description: FieldUpgradeRequest.optional(), + severity: FieldUpgradeRequest.optional(), + severity_mapping: FieldUpgradeRequest.optional(), + risk_score: FieldUpgradeRequest.optional(), + risk_score_mapping: FieldUpgradeRequest.optional(), + references: FieldUpgradeRequest.optional(), + false_positives: FieldUpgradeRequest.optional(), + threat: FieldUpgradeRequest.optional(), + note: FieldUpgradeRequest.optional(), + setup: FieldUpgradeRequest.optional(), + related_integrations: FieldUpgradeRequest.optional(), + required_fields: FieldUpgradeRequest.optional(), + max_signals: FieldUpgradeRequest.optional(), + building_block_type: FieldUpgradeRequest.optional(), + from: FieldUpgradeRequest.optional(), + interval: FieldUpgradeRequest.optional(), + exceptions_list: FieldUpgradeRequest.optional(), + rule_name_override: FieldUpgradeRequest.optional(), + timestamp_override: FieldUpgradeRequest.optional(), + timestamp_override_fallback_disabled: FieldUpgradeRequest.optional(), + timeline_id: FieldUpgradeRequest.optional(), + timeline_title: FieldUpgradeRequest.optional(), + index: FieldUpgradeRequest.optional(), + data_view_id: FieldUpgradeRequest.optional(), + query: FieldUpgradeRequest.optional(), + language: FieldUpgradeRequest.optional(), + filters: FieldUpgradeRequest.optional(), + saved_id: FieldUpgradeRequest.optional(), + machine_learning_job_id: FieldUpgradeRequest.optional(), + anomaly_threshold: FieldUpgradeRequest.optional(), + threat_query: FieldUpgradeRequest.optional(), + threat_mapping: FieldUpgradeRequest.optional(), + threat_index: FieldUpgradeRequest.optional(), + threat_filters: FieldUpgradeRequest.optional(), + threat_indicator_path: FieldUpgradeRequest.optional(), + threat_language: FieldUpgradeRequest.optional(), + new_terms_fields: FieldUpgradeRequest.optional(), + history_window_start: FieldUpgradeRequest.optional(), + }) + .optional(), }); export type UpgradeSpecificRulesRequest = z.infer; export const UpgradeSpecificRulesRequest = z.object({ mode: z.literal('SPECIFIC_RULES'), rules: z.array(RuleUpgradeSpecifier), - pick_version: PickVersionValues.optional(), + pick_version: RulePickVersionValues.optional(), }); export type UpgradeAllRulesRequest = z.infer; export const UpgradeAllRulesRequest = z.object({ mode: z.literal('ALL_RULES'), - pick_version: PickVersionValues.optional(), + pick_version: RulePickVersionValues.optional(), }); export type SkipRuleUpgradeReason = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml index a81439f4a0014..0ee217e94bb63 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml +++ b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml @@ -30,9 +30,13 @@ paths: components: schemas: - PickVersionValues: + RulePickVersionValues: type: string - enum: [BASE, CURRENT, TARGET] + enum: [BASE, CURRENT, TARGET, MERGED] + + FieldPickVersionValues: + type: string + enum: [BASE, CURRENT, TARGET, MERGED, RESOLVED] RuleUpgradeSpecifier: type: object @@ -48,7 +52,143 @@ components: version: $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleVersion' pick_version: - $ref: '#/components/schemas/PickVersionValues' + $ref: '#/components/schemas/RulePickVersionValues' + fields: + type: object + properties: + name: + $ref: '#/components/schemas/FieldUpgradeRequest' + tags: + $ref: '#/components/schemas/FieldUpgradeRequest' + description: + $ref: '#/components/schemas/FieldUpgradeRequest' + severity: + $ref: '#/components/schemas/FieldUpgradeRequest' + severity_mapping: + $ref: '#/components/schemas/FieldUpgradeRequest' + risk_score: + $ref: '#/components/schemas/FieldUpgradeRequest' + risk_score_mapping: + $ref: '#/components/schemas/FieldUpgradeRequest' + references: + $ref: '#/components/schemas/FieldUpgradeRequest' + false_positives: + $ref: '#/components/schemas/FieldUpgradeRequest' + threat: + $ref: '#/components/schemas/FieldUpgradeRequest' + note: + $ref: '#/components/schemas/FieldUpgradeRequest' + setup: + $ref: '#/components/schemas/FieldUpgradeRequest' + related_integrations: + $ref: '#/components/schemas/FieldUpgradeRequest' + required_fields: + $ref: '#/components/schemas/FieldUpgradeRequest' + max_signals: + $ref: '#/components/schemas/FieldUpgradeRequest' + building_block_type: + $ref: '#/components/schemas/FieldUpgradeRequest' + from: + $ref: '#/components/schemas/FieldUpgradeRequest' + interval: + $ref: '#/components/schemas/FieldUpgradeRequest' + exceptions_list: + $ref: '#/components/schemas/FieldUpgradeRequest' + rule_name_override: + $ref: '#/components/schemas/FieldUpgradeRequest' + timestamp_override: + $ref: '#/components/schemas/FieldUpgradeRequest' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/FieldUpgradeRequest' + timeline_id: + $ref: '#/components/schemas/FieldUpgradeRequest' + timeline_title: + $ref: '#/components/schemas/FieldUpgradeRequest' + index: + $ref: '#/components/schemas/FieldUpgradeRequest' + data_view_id: + $ref: '#/components/schemas/FieldUpgradeRequest' + query: + $ref: '#/components/schemas/FieldUpgradeRequest' + language: + $ref: '#/components/schemas/FieldUpgradeRequest' + filters: + $ref: '#/components/schemas/FieldUpgradeRequest' + saved_id: + $ref: '#/components/schemas/FieldUpgradeRequest' + machine_learning_job_id: + $ref: '#/components/schemas/FieldUpgradeRequest' + anomaly_threshold: + $ref: '#/components/schemas/FieldUpgradeRequest' + threat_query: + $ref: '#/components/schemas/FieldUpgradeRequest' + threat_mapping: + $ref: '#/components/schemas/FieldUpgradeRequest' + threat_index: + $ref: '#/components/schemas/FieldUpgradeRequest' + threat_filters: + $ref: '#/components/schemas/FieldUpgradeRequest' + threat_indicator_path: + $ref: '#/components/schemas/FieldUpgradeRequest' + threat_language: + $ref: '#/components/schemas/FieldUpgradeRequest' + new_terms_fields: + $ref: '#/components/schemas/FieldUpgradeRequest' + history_window_start: + $ref: '#/components/schemas/FieldUpgradeRequest' + + FieldUpgradeRequest: + type: object + required: + - pick_version + properties: + pick_version: + type: string + enum: [BASE, CURRENT, TARGET, MERGED, RESOLVED] + resolved_value: + oneOf: + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleName' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleTagArray' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleDescription' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/Severity' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/SeverityMapping' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RiskScore' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RiskScoreMapping' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleReferenceArray' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleFalsePositiveArray' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/ThreatArray' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/InvestigationGuide' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/SetupGuide' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RelatedIntegrationArray' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RequiredFieldArray' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RequiredFieldArray' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/MaxSignals' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/BuildingBlockType' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleIntervalFrom' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleInterval' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleExceptionList' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleNameOverride' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimestampOverride' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimestampOverrideFallbackDisabled' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimelineTemplateId' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimelineTemplateTitle' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/IndexPatternArray' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/DataViewId' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleQuery' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/QueryLanguage' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleFilterArray' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/SavedQueryId' + - $ref: '../../model/rule_schema/specific_attributes/ml_attributes.schema.yaml#/components/schemas/MachineLearningJobId' + - $ref: '../../model/rule_schema/specific_attributes/ml_attributes.schema.yaml#/components/schemas/AnomalyThreshold' + - $ref: '../../model/rule_schema/specific_attributes/ml_attributes.schema.yaml#/components/schemas/AnomalyThreshold' + - $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatQuery' + - $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatMapping' + - $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatIndex' + - $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatFilters' + - $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatIndicatorPath' + - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/KqlQueryLanguage' # threat_language + - $ref: '../../model/rule_schema/specific_attributes/new_terms_attributes.schema.yaml#/components/schemas/NewTermsFields' + - $ref: '../../model/rule_schema/specific_attributes/new_terms_attributes.schema.yaml#/components/schemas/HistoryWindowStart' UpgradeSpecificRulesRequest: type: object @@ -64,7 +204,7 @@ components: items: $ref: '#/components/schemas/RuleUpgradeSpecifier' pick_version: - $ref: '#/components/schemas/PickVersionValues' + $ref: '#/components/schemas/RulePickVersionValues' UpgradeAllRulesRequest: type: object @@ -75,7 +215,7 @@ components: type: string enum: [ALL_RULES] pick_version: - $ref: '#/components/schemas/PickVersionValues' + $ref: '#/components/schemas/RulePickVersionValues' SkipRuleUpgradeReason: type: string From c724a2f25f3786f54da73ec2f92650c774748671 Mon Sep 17 00:00:00 2001 From: jpdjere Date: Fri, 26 Jul 2024 13:23:18 +0200 Subject: [PATCH 04/12] Update description --- .../perform_rule_upgrade/perform_rule_upgrade_route.gen.ts | 7 +++++++ .../perform_rule_upgrade_route.schema.yaml | 5 +++++ 2 files changed, 12 insertions(+) diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts index 168c9f0d07af7..7d64e9a2808e0 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts +++ b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts @@ -136,6 +136,13 @@ export const RuleUpgradeSpecifier = z.object({ revision: z.number(), version: RuleVersion, pick_version: RulePickVersionValues.optional(), + /** + * Fields that can be customized during the upgrade workflow +as decided in: https://github.com/elastic/kibana/issues/186544 +Fields listed here, which are not specified in the request body, +will default to a `pick_version` of `MERGED`. + + */ fields: z .object({ name: FieldUpgradeRequest.optional(), diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml index 0ee217e94bb63..9b80fe84eac4f 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml +++ b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml @@ -55,6 +55,11 @@ components: $ref: '#/components/schemas/RulePickVersionValues' fields: type: object + description: | + Fields that can be customized during the upgrade workflow + as decided in: https://github.com/elastic/kibana/issues/186544 + Fields listed here, which are not specified in the request body, + will default to a `pick_version` of `MERGED`. properties: name: $ref: '#/components/schemas/FieldUpgradeRequest' From fc614c5e9817fcae652909b9d14e3fa0368c2e53 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Fri, 26 Jul 2024 12:16:35 +0000 Subject: [PATCH 05/12] [CI] Auto-commit changed files from 'yarn openapi:bundle:detections' --- ...ections_api_2023_10_31.bundled.schema.yaml | 179 ++++++++++++++++-- 1 file changed, 165 insertions(+), 14 deletions(-) diff --git a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml index c6ca21c88ffea..aa809824070e2 100644 --- a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml @@ -780,7 +780,9 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/PerformRuleUpgradeRequestBody' + oneOf: + - $ref: '#/components/schemas/UpgradeAllRulesRequest' + - $ref: '#/components/schemas/UpgradeSpecificRulesRequest' required: true responses: '200': @@ -2963,6 +2965,63 @@ components: required: - type - is_customized + FieldUpgradeRequest: + type: object + properties: + pick_version: + enum: + - BASE + - CURRENT + - TARGET + - MERGED + - RESOLVED + type: string + resolved_value: + oneOf: + - $ref: '#/components/schemas/RuleName' + - $ref: '#/components/schemas/RuleTagArray' + - $ref: '#/components/schemas/RuleDescription' + - $ref: '#/components/schemas/Severity' + - $ref: '#/components/schemas/SeverityMapping' + - $ref: '#/components/schemas/RiskScore' + - $ref: '#/components/schemas/RiskScoreMapping' + - $ref: '#/components/schemas/RuleReferenceArray' + - $ref: '#/components/schemas/RuleFalsePositiveArray' + - $ref: '#/components/schemas/ThreatArray' + - $ref: '#/components/schemas/InvestigationGuide' + - $ref: '#/components/schemas/SetupGuide' + - $ref: '#/components/schemas/RelatedIntegrationArray' + - $ref: '#/components/schemas/RequiredFieldArray' + - $ref: '#/components/schemas/RequiredFieldArray' + - $ref: '#/components/schemas/MaxSignals' + - $ref: '#/components/schemas/BuildingBlockType' + - $ref: '#/components/schemas/RuleIntervalFrom' + - $ref: '#/components/schemas/RuleInterval' + - $ref: '#/components/schemas/RuleExceptionList' + - $ref: '#/components/schemas/RuleNameOverride' + - $ref: '#/components/schemas/TimestampOverride' + - $ref: '#/components/schemas/TimestampOverrideFallbackDisabled' + - $ref: '#/components/schemas/TimelineTemplateId' + - $ref: '#/components/schemas/TimelineTemplateTitle' + - $ref: '#/components/schemas/IndexPatternArray' + - $ref: '#/components/schemas/DataViewId' + - $ref: '#/components/schemas/RuleQuery' + - $ref: '#/components/schemas/QueryLanguage' + - $ref: '#/components/schemas/RuleFilterArray' + - $ref: '#/components/schemas/SavedQueryId' + - $ref: '#/components/schemas/MachineLearningJobId' + - $ref: '#/components/schemas/AnomalyThreshold' + - $ref: '#/components/schemas/AnomalyThreshold' + - $ref: '#/components/schemas/ThreatQuery' + - $ref: '#/components/schemas/ThreatMapping' + - $ref: '#/components/schemas/ThreatIndex' + - $ref: '#/components/schemas/ThreatFilters' + - $ref: '#/components/schemas/ThreatIndicatorPath' + - $ref: '#/components/schemas/KqlQueryLanguage' + - $ref: '#/components/schemas/NewTermsFields' + - $ref: '#/components/schemas/HistoryWindowStart' + required: + - pick_version FindRulesSortField: enum: - created_at @@ -4195,10 +4254,6 @@ components: required: - action_type_id - params - PerformRuleUpgradeRequestBody: - oneOf: - - $ref: '#/components/schemas/UpgradeAllRulesRequest' - - $ref: '#/components/schemas/UpgradeSpecificRulesRequest' PerformRuleUpgradeResponseBody: type: object properties: @@ -4240,12 +4295,6 @@ components: - summary - results - errors - PickVersionValues: - enum: - - BASE - - CURRENT - - TARGET - type: string PlatformErrorResponse: type: object properties: @@ -4284,6 +4333,13 @@ components: required: - command - config + QueryLanguage: + enum: + - kuery + - lucene + - eql + - esql + type: string QueryRule: allOf: - type: object @@ -5215,6 +5271,13 @@ components: - $ref: '#/components/schemas/MachineLearningRulePatchProps' - $ref: '#/components/schemas/NewTermsRulePatchProps' - $ref: '#/components/schemas/EsqlRulePatchProps' + RulePickVersionValues: + enum: + - BASE + - CURRENT + - TARGET + - MERGED + type: string RulePreviewLogs: type: object properties: @@ -5299,8 +5362,96 @@ components: RuleUpgradeSpecifier: type: object properties: + fields: + description: | + Fields that can be customized during the upgrade workflow + as decided in: https://github.com/elastic/kibana/issues/186544 + Fields listed here, which are not specified in the request body, + will default to a `pick_version` of `MERGED`. + type: object + properties: + anomaly_threshold: + $ref: '#/components/schemas/FieldUpgradeRequest' + building_block_type: + $ref: '#/components/schemas/FieldUpgradeRequest' + data_view_id: + $ref: '#/components/schemas/FieldUpgradeRequest' + description: + $ref: '#/components/schemas/FieldUpgradeRequest' + exceptions_list: + $ref: '#/components/schemas/FieldUpgradeRequest' + false_positives: + $ref: '#/components/schemas/FieldUpgradeRequest' + filters: + $ref: '#/components/schemas/FieldUpgradeRequest' + from: + $ref: '#/components/schemas/FieldUpgradeRequest' + history_window_start: + $ref: '#/components/schemas/FieldUpgradeRequest' + index: + $ref: '#/components/schemas/FieldUpgradeRequest' + interval: + $ref: '#/components/schemas/FieldUpgradeRequest' + language: + $ref: '#/components/schemas/FieldUpgradeRequest' + machine_learning_job_id: + $ref: '#/components/schemas/FieldUpgradeRequest' + max_signals: + $ref: '#/components/schemas/FieldUpgradeRequest' + name: + $ref: '#/components/schemas/FieldUpgradeRequest' + new_terms_fields: + $ref: '#/components/schemas/FieldUpgradeRequest' + note: + $ref: '#/components/schemas/FieldUpgradeRequest' + query: + $ref: '#/components/schemas/FieldUpgradeRequest' + references: + $ref: '#/components/schemas/FieldUpgradeRequest' + related_integrations: + $ref: '#/components/schemas/FieldUpgradeRequest' + required_fields: + $ref: '#/components/schemas/FieldUpgradeRequest' + risk_score: + $ref: '#/components/schemas/FieldUpgradeRequest' + risk_score_mapping: + $ref: '#/components/schemas/FieldUpgradeRequest' + rule_name_override: + $ref: '#/components/schemas/FieldUpgradeRequest' + saved_id: + $ref: '#/components/schemas/FieldUpgradeRequest' + setup: + $ref: '#/components/schemas/FieldUpgradeRequest' + severity: + $ref: '#/components/schemas/FieldUpgradeRequest' + severity_mapping: + $ref: '#/components/schemas/FieldUpgradeRequest' + tags: + $ref: '#/components/schemas/FieldUpgradeRequest' + threat: + $ref: '#/components/schemas/FieldUpgradeRequest' + threat_filters: + $ref: '#/components/schemas/FieldUpgradeRequest' + threat_index: + $ref: '#/components/schemas/FieldUpgradeRequest' + threat_indicator_path: + $ref: '#/components/schemas/FieldUpgradeRequest' + threat_language: + $ref: '#/components/schemas/FieldUpgradeRequest' + threat_mapping: + $ref: '#/components/schemas/FieldUpgradeRequest' + threat_query: + $ref: '#/components/schemas/FieldUpgradeRequest' + timeline_id: + $ref: '#/components/schemas/FieldUpgradeRequest' + timeline_title: + $ref: '#/components/schemas/FieldUpgradeRequest' + timestamp_override: + $ref: '#/components/schemas/FieldUpgradeRequest' + timestamp_override_fallback_disabled: + $ref: '#/components/schemas/FieldUpgradeRequest' pick_version: - $ref: '#/components/schemas/PickVersionValues' + $ref: '#/components/schemas/RulePickVersionValues' revision: type: number rule_id: @@ -7009,7 +7160,7 @@ components: - ALL_RULES type: string pick_version: - $ref: '#/components/schemas/PickVersionValues' + $ref: '#/components/schemas/RulePickVersionValues' required: - mode UpgradeSpecificRulesRequest: @@ -7020,7 +7171,7 @@ components: - SPECIFIC_RULES type: string pick_version: - $ref: '#/components/schemas/PickVersionValues' + $ref: '#/components/schemas/RulePickVersionValues' rules: items: $ref: '#/components/schemas/RuleUpgradeSpecifier' From c0fec4d7063be91ce32fe8eda639389652850db1 Mon Sep 17 00:00:00 2001 From: jpdjere Date: Fri, 26 Jul 2024 17:06:45 +0200 Subject: [PATCH 06/12] Rewrote schemas --- .../perform_rule_upgrade/perform_rule_upgrade_route.gen.ts | 4 +++- .../perform_rule_upgrade_route.schema.yaml | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts index 7d64e9a2808e0..afc208ce1223f 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts +++ b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts @@ -203,7 +203,9 @@ export const UpgradeAllRulesRequest = z.object({ }); export type SkipRuleUpgradeReason = z.infer; -export const SkipRuleUpgradeReason = z.literal('RULE_UP_TO_DATE'); +export const SkipRuleUpgradeReason = z.enum(['RULE_UP_TO_DATE', 'RULE_NOT_FOUND']); +export type SkipRuleUpgradeReasonEnum = typeof SkipRuleUpgradeReason.enum; +export const SkipRuleUpgradeReasonEnum = SkipRuleUpgradeReason.enum; export type SkippedRuleUpgrade = z.infer; export const SkippedRuleUpgrade = z.object({ diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml index 9b80fe84eac4f..057095e8c8e0b 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml +++ b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml @@ -224,7 +224,7 @@ components: SkipRuleUpgradeReason: type: string - enum: [RULE_UP_TO_DATE] + enum: [RULE_UP_TO_DATE, RULE_NOT_FOUND] SkippedRuleUpgrade: type: object From 32b6d4fdf0bdb17a64e3764682bc71f595ae5b39 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Fri, 26 Jul 2024 15:51:33 +0000 Subject: [PATCH 07/12] [CI] Auto-commit changed files from 'yarn openapi:bundle:detections' --- ...curity_solution_detections_api_2023_10_31.bundled.schema.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml index aa809824070e2..4b0ed4f0b8099 100644 --- a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml @@ -6027,6 +6027,7 @@ components: SkipRuleUpgradeReason: enum: - RULE_UP_TO_DATE + - RULE_NOT_FOUND type: string SortOrder: enum: From da8713be03c6395af349bbe5db0acd2c0541804b Mon Sep 17 00:00:00 2001 From: jpdjere Date: Tue, 30 Jul 2024 16:32:39 +0200 Subject: [PATCH 08/12] Rewrote schema again --- .../perform_rule_upgrade_route.gen.ts | 331 ++++++++++---- .../perform_rule_upgrade_route.schema.yaml | 421 ++++++++++++++---- 2 files changed, 564 insertions(+), 188 deletions(-) diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts index afc208ce1223f..e0686e5669e85 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts +++ b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts @@ -79,57 +79,6 @@ export const FieldPickVersionValues = z.enum(['BASE', 'CURRENT', 'TARGET', 'MERG export type FieldPickVersionValuesEnum = typeof FieldPickVersionValues.enum; export const FieldPickVersionValuesEnum = FieldPickVersionValues.enum; -export type FieldUpgradeRequest = z.infer; -export const FieldUpgradeRequest = z.object({ - pick_version: z.enum(['BASE', 'CURRENT', 'TARGET', 'MERGED', 'RESOLVED']), - resolved_value: z - .union([ - RuleName, - RuleTagArray, - RuleDescription, - Severity, - SeverityMapping, - RiskScore, - RiskScoreMapping, - RuleReferenceArray, - RuleFalsePositiveArray, - ThreatArray, - InvestigationGuide, - SetupGuide, - RelatedIntegrationArray, - RequiredFieldArray, - RequiredFieldArray, - MaxSignals, - BuildingBlockType, - RuleIntervalFrom, - RuleInterval, - RuleExceptionList, - RuleNameOverride, - TimestampOverride, - TimestampOverrideFallbackDisabled, - TimelineTemplateId, - TimelineTemplateTitle, - IndexPatternArray, - DataViewId, - RuleQuery, - QueryLanguage, - RuleFilterArray, - SavedQueryId, - MachineLearningJobId, - AnomalyThreshold, - AnomalyThreshold, - ThreatQuery, - ThreatMapping, - ThreatIndex, - ThreatFilters, - ThreatIndicatorPath, - KqlQueryLanguage, - NewTermsFields, - HistoryWindowStart, - ]) - .optional(), -}); - export type RuleUpgradeSpecifier = z.infer; export const RuleUpgradeSpecifier = z.object({ rule_id: RuleSignatureId, @@ -145,46 +94,246 @@ will default to a `pick_version` of `MERGED`. */ fields: z .object({ - name: FieldUpgradeRequest.optional(), - tags: FieldUpgradeRequest.optional(), - description: FieldUpgradeRequest.optional(), - severity: FieldUpgradeRequest.optional(), - severity_mapping: FieldUpgradeRequest.optional(), - risk_score: FieldUpgradeRequest.optional(), - risk_score_mapping: FieldUpgradeRequest.optional(), - references: FieldUpgradeRequest.optional(), - false_positives: FieldUpgradeRequest.optional(), - threat: FieldUpgradeRequest.optional(), - note: FieldUpgradeRequest.optional(), - setup: FieldUpgradeRequest.optional(), - related_integrations: FieldUpgradeRequest.optional(), - required_fields: FieldUpgradeRequest.optional(), - max_signals: FieldUpgradeRequest.optional(), - building_block_type: FieldUpgradeRequest.optional(), - from: FieldUpgradeRequest.optional(), - interval: FieldUpgradeRequest.optional(), - exceptions_list: FieldUpgradeRequest.optional(), - rule_name_override: FieldUpgradeRequest.optional(), - timestamp_override: FieldUpgradeRequest.optional(), - timestamp_override_fallback_disabled: FieldUpgradeRequest.optional(), - timeline_id: FieldUpgradeRequest.optional(), - timeline_title: FieldUpgradeRequest.optional(), - index: FieldUpgradeRequest.optional(), - data_view_id: FieldUpgradeRequest.optional(), - query: FieldUpgradeRequest.optional(), - language: FieldUpgradeRequest.optional(), - filters: FieldUpgradeRequest.optional(), - saved_id: FieldUpgradeRequest.optional(), - machine_learning_job_id: FieldUpgradeRequest.optional(), - anomaly_threshold: FieldUpgradeRequest.optional(), - threat_query: FieldUpgradeRequest.optional(), - threat_mapping: FieldUpgradeRequest.optional(), - threat_index: FieldUpgradeRequest.optional(), - threat_filters: FieldUpgradeRequest.optional(), - threat_indicator_path: FieldUpgradeRequest.optional(), - threat_language: FieldUpgradeRequest.optional(), - new_terms_fields: FieldUpgradeRequest.optional(), - history_window_start: FieldUpgradeRequest.optional(), + name: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: RuleName.optional(), + }) + .optional(), + tags: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: RuleTagArray.optional(), + }) + .optional(), + description: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: RuleDescription.optional(), + }) + .optional(), + severity: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: Severity.optional(), + }) + .optional(), + severity_mapping: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: SeverityMapping.optional(), + }) + .optional(), + risk_score: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: RiskScore.optional(), + }) + .optional(), + risk_score_mapping: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: RiskScoreMapping.optional(), + }) + .optional(), + references: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: RuleReferenceArray.optional(), + }) + .optional(), + false_positives: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: RuleFalsePositiveArray.optional(), + }) + .optional(), + threat: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: ThreatArray.optional(), + }) + .optional(), + note: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: InvestigationGuide.optional(), + }) + .optional(), + setup: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: SetupGuide.optional(), + }) + .optional(), + related_integrations: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: RelatedIntegrationArray.optional(), + }) + .optional(), + required_fields: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: RequiredFieldArray.optional(), + }) + .optional(), + max_signals: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: MaxSignals.optional(), + }) + .optional(), + building_block_type: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: BuildingBlockType.optional(), + }) + .optional(), + from: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: RuleIntervalFrom.optional(), + }) + .optional(), + interval: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: RuleInterval.optional(), + }) + .optional(), + exceptions_list: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: RuleExceptionList.optional(), + }) + .optional(), + rule_name_override: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: RuleNameOverride.optional(), + }) + .optional(), + timestamp_override: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: TimestampOverride.optional(), + }) + .optional(), + timestamp_override_fallback_disabled: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: TimestampOverrideFallbackDisabled.optional(), + }) + .optional(), + timeline_id: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: TimelineTemplateId.optional(), + }) + .optional(), + timeline_title: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: TimelineTemplateTitle.optional(), + }) + .optional(), + index: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: IndexPatternArray.optional(), + }) + .optional(), + data_view_id: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: DataViewId.optional(), + }) + .optional(), + query: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: RuleQuery.optional(), + }) + .optional(), + language: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: QueryLanguage.optional(), + }) + .optional(), + filters: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: RuleFilterArray.optional(), + }) + .optional(), + saved_id: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: SavedQueryId.optional(), + }) + .optional(), + machine_learning_job_id: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: MachineLearningJobId.optional(), + }) + .optional(), + anomaly_threshold: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: AnomalyThreshold.optional(), + }) + .optional(), + threat_query: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: ThreatQuery.optional(), + }) + .optional(), + threat_mapping: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: ThreatMapping.optional(), + }) + .optional(), + threat_index: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: ThreatIndex.optional(), + }) + .optional(), + threat_filters: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: ThreatFilters.optional(), + }) + .optional(), + threat_indicator_path: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: ThreatIndicatorPath.optional(), + }) + .optional(), + threat_language: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: KqlQueryLanguage.optional(), + }) + .optional(), + new_terms_fields: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: NewTermsFields.optional(), + }) + .optional(), + history_window_start: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: HistoryWindowStart.optional(), + }) + .optional(), }) .optional(), }); diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml index 057095e8c8e0b..ee7fb8c06d3c6 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml +++ b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml @@ -56,144 +56,371 @@ components: fields: type: object description: | - Fields that can be customized during the upgrade workflow - as decided in: https://github.com/elastic/kibana/issues/186544 - Fields listed here, which are not specified in the request body, - will default to a `pick_version` of `MERGED`. + Fields that can be customized during the upgrade workflow + as decided in: https://github.com/elastic/kibana/issues/186544 + Fields listed here, which are not specified in the request body, + will default to a `pick_version` of `MERGED`. properties: name: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleName' tags: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleTagArray' description: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleDescription' severity: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/Severity' severity_mapping: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/SeverityMapping' risk_score: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RiskScore' risk_score_mapping: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RiskScoreMapping' references: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleReferenceArray' false_positives: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleFalsePositiveArray' threat: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/ThreatArray' note: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/InvestigationGuide' setup: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/SetupGuide' related_integrations: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RelatedIntegrationArray' required_fields: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RequiredFieldArray' max_signals: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/MaxSignals' building_block_type: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/BuildingBlockType' from: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleIntervalFrom' interval: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleInterval' exceptions_list: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleExceptionList' rule_name_override: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleNameOverride' timestamp_override: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimestampOverride' timestamp_override_fallback_disabled: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimestampOverrideFallbackDisabled' timeline_id: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimelineTemplateId' timeline_title: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimelineTemplateTitle' index: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/IndexPatternArray' data_view_id: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/DataViewId' query: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleQuery' language: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/QueryLanguage' filters: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleFilterArray' saved_id: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/SavedQueryId' machine_learning_job_id: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/ml_attributes.schema.yaml#/components/schemas/MachineLearningJobId' anomaly_threshold: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/ml_attributes.schema.yaml#/components/schemas/AnomalyThreshold' threat_query: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatQuery' threat_mapping: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatMapping' threat_index: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatIndex' threat_filters: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatFilters' threat_indicator_path: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatIndicatorPath' threat_language: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/KqlQueryLanguage' new_terms_fields: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/new_terms_attributes.schema.yaml#/components/schemas/NewTermsFields' history_window_start: - $ref: '#/components/schemas/FieldUpgradeRequest' - - FieldUpgradeRequest: - type: object - required: - - pick_version - properties: - pick_version: - type: string - enum: [BASE, CURRENT, TARGET, MERGED, RESOLVED] - resolved_value: - oneOf: - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleName' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleTagArray' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleDescription' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/Severity' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/SeverityMapping' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RiskScore' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RiskScoreMapping' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleReferenceArray' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleFalsePositiveArray' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/ThreatArray' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/InvestigationGuide' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/SetupGuide' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RelatedIntegrationArray' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RequiredFieldArray' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RequiredFieldArray' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/MaxSignals' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/BuildingBlockType' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleIntervalFrom' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleInterval' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleExceptionList' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleNameOverride' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimestampOverride' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimestampOverrideFallbackDisabled' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimelineTemplateId' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimelineTemplateTitle' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/IndexPatternArray' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/DataViewId' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleQuery' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/QueryLanguage' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleFilterArray' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/SavedQueryId' - - $ref: '../../model/rule_schema/specific_attributes/ml_attributes.schema.yaml#/components/schemas/MachineLearningJobId' - - $ref: '../../model/rule_schema/specific_attributes/ml_attributes.schema.yaml#/components/schemas/AnomalyThreshold' - - $ref: '../../model/rule_schema/specific_attributes/ml_attributes.schema.yaml#/components/schemas/AnomalyThreshold' - - $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatQuery' - - $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatMapping' - - $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatIndex' - - $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatFilters' - - $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatIndicatorPath' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/KqlQueryLanguage' # threat_language - - $ref: '../../model/rule_schema/specific_attributes/new_terms_attributes.schema.yaml#/components/schemas/NewTermsFields' - - $ref: '../../model/rule_schema/specific_attributes/new_terms_attributes.schema.yaml#/components/schemas/HistoryWindowStart' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/new_terms_attributes.schema.yaml#/components/schemas/HistoryWindowStart' UpgradeSpecificRulesRequest: type: object From c30b261655f93fc3d81f9d504988a1f0c8c15a0f Mon Sep 17 00:00:00 2001 From: jpdjere Date: Tue, 30 Jul 2024 16:52:48 +0200 Subject: [PATCH 09/12] Update bundle --- ...ections_api_2023_10_31.bundled.schema.yaml | 425 ++++++++++++++---- 1 file changed, 328 insertions(+), 97 deletions(-) diff --git a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml index 4b0ed4f0b8099..9211e3f9121a8 100644 --- a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml @@ -2965,63 +2965,14 @@ components: required: - type - is_customized - FieldUpgradeRequest: - type: object - properties: - pick_version: - enum: - - BASE - - CURRENT - - TARGET - - MERGED - - RESOLVED - type: string - resolved_value: - oneOf: - - $ref: '#/components/schemas/RuleName' - - $ref: '#/components/schemas/RuleTagArray' - - $ref: '#/components/schemas/RuleDescription' - - $ref: '#/components/schemas/Severity' - - $ref: '#/components/schemas/SeverityMapping' - - $ref: '#/components/schemas/RiskScore' - - $ref: '#/components/schemas/RiskScoreMapping' - - $ref: '#/components/schemas/RuleReferenceArray' - - $ref: '#/components/schemas/RuleFalsePositiveArray' - - $ref: '#/components/schemas/ThreatArray' - - $ref: '#/components/schemas/InvestigationGuide' - - $ref: '#/components/schemas/SetupGuide' - - $ref: '#/components/schemas/RelatedIntegrationArray' - - $ref: '#/components/schemas/RequiredFieldArray' - - $ref: '#/components/schemas/RequiredFieldArray' - - $ref: '#/components/schemas/MaxSignals' - - $ref: '#/components/schemas/BuildingBlockType' - - $ref: '#/components/schemas/RuleIntervalFrom' - - $ref: '#/components/schemas/RuleInterval' - - $ref: '#/components/schemas/RuleExceptionList' - - $ref: '#/components/schemas/RuleNameOverride' - - $ref: '#/components/schemas/TimestampOverride' - - $ref: '#/components/schemas/TimestampOverrideFallbackDisabled' - - $ref: '#/components/schemas/TimelineTemplateId' - - $ref: '#/components/schemas/TimelineTemplateTitle' - - $ref: '#/components/schemas/IndexPatternArray' - - $ref: '#/components/schemas/DataViewId' - - $ref: '#/components/schemas/RuleQuery' - - $ref: '#/components/schemas/QueryLanguage' - - $ref: '#/components/schemas/RuleFilterArray' - - $ref: '#/components/schemas/SavedQueryId' - - $ref: '#/components/schemas/MachineLearningJobId' - - $ref: '#/components/schemas/AnomalyThreshold' - - $ref: '#/components/schemas/AnomalyThreshold' - - $ref: '#/components/schemas/ThreatQuery' - - $ref: '#/components/schemas/ThreatMapping' - - $ref: '#/components/schemas/ThreatIndex' - - $ref: '#/components/schemas/ThreatFilters' - - $ref: '#/components/schemas/ThreatIndicatorPath' - - $ref: '#/components/schemas/KqlQueryLanguage' - - $ref: '#/components/schemas/NewTermsFields' - - $ref: '#/components/schemas/HistoryWindowStart' - required: - - pick_version + FieldPickVersionValues: + enum: + - BASE + - CURRENT + - TARGET + - MERGED + - RESOLVED + type: string FindRulesSortField: enum: - created_at @@ -5371,85 +5322,365 @@ components: type: object properties: anomaly_threshold: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/AnomalyThreshold' + required: + - pick_version building_block_type: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/BuildingBlockType' + required: + - pick_version data_view_id: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/DataViewId' + required: + - pick_version description: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/RuleDescription' + required: + - pick_version exceptions_list: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/RuleExceptionList' + required: + - pick_version false_positives: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/RuleFalsePositiveArray' + required: + - pick_version filters: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/RuleFilterArray' + required: + - pick_version from: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/RuleIntervalFrom' + required: + - pick_version history_window_start: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/HistoryWindowStart' + required: + - pick_version index: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/IndexPatternArray' + required: + - pick_version interval: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/RuleInterval' + required: + - pick_version language: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/QueryLanguage' + required: + - pick_version machine_learning_job_id: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/MachineLearningJobId' + required: + - pick_version max_signals: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/MaxSignals' + required: + - pick_version name: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/RuleName' + required: + - pick_version new_terms_fields: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/NewTermsFields' + required: + - pick_version note: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/InvestigationGuide' + required: + - pick_version query: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/RuleQuery' + required: + - pick_version references: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/RuleReferenceArray' + required: + - pick_version related_integrations: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/RelatedIntegrationArray' + required: + - pick_version required_fields: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/RequiredFieldArray' + required: + - pick_version risk_score: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/RiskScore' + required: + - pick_version risk_score_mapping: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/RiskScoreMapping' + required: + - pick_version rule_name_override: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/RuleNameOverride' + required: + - pick_version saved_id: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/SavedQueryId' + required: + - pick_version setup: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/SetupGuide' + required: + - pick_version severity: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/Severity' + required: + - pick_version severity_mapping: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/SeverityMapping' + required: + - pick_version tags: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/RuleTagArray' + required: + - pick_version threat: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/ThreatArray' + required: + - pick_version threat_filters: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/ThreatFilters' + required: + - pick_version threat_index: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/ThreatIndex' + required: + - pick_version threat_indicator_path: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/ThreatIndicatorPath' + required: + - pick_version threat_language: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/KqlQueryLanguage' + required: + - pick_version threat_mapping: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/ThreatMapping' + required: + - pick_version threat_query: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/ThreatQuery' + required: + - pick_version timeline_id: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/TimelineTemplateId' + required: + - pick_version timeline_title: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/TimelineTemplateTitle' + required: + - pick_version timestamp_override: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/TimestampOverride' + required: + - pick_version timestamp_override_fallback_disabled: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '#/components/schemas/TimestampOverrideFallbackDisabled' + required: + - pick_version pick_version: $ref: '#/components/schemas/RulePickVersionValues' revision: From fc2bb62511e46e3f3006983949c77673b4715871 Mon Sep 17 00:00:00 2001 From: jpdjere Date: Wed, 31 Jul 2024 11:45:34 +0200 Subject: [PATCH 10/12] Created union for each field --- .../perform_rule_upgrade_route.gen.ts | 539 ++++++--- .../perform_rule_upgrade_route.schema.yaml | 1014 +++++++++++------ 2 files changed, 1053 insertions(+), 500 deletions(-) diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts index e0686e5669e85..de1c87fcf619d 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts +++ b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts @@ -69,22 +69,17 @@ import { import { RuleResponse } from '../../model/rule_schema/rule_schemas.gen'; import { ErrorSchema } from '../../model/error_schema.gen'; -export type RulePickVersionValues = z.infer; -export const RulePickVersionValues = z.enum(['BASE', 'CURRENT', 'TARGET', 'MERGED']); -export type RulePickVersionValuesEnum = typeof RulePickVersionValues.enum; -export const RulePickVersionValuesEnum = RulePickVersionValues.enum; - -export type FieldPickVersionValues = z.infer; -export const FieldPickVersionValues = z.enum(['BASE', 'CURRENT', 'TARGET', 'MERGED', 'RESOLVED']); -export type FieldPickVersionValuesEnum = typeof FieldPickVersionValues.enum; -export const FieldPickVersionValuesEnum = FieldPickVersionValues.enum; +export type PickVersionValues = z.infer; +export const PickVersionValues = z.enum(['BASE', 'CURRENT', 'TARGET', 'MERGED']); +export type PickVersionValuesEnum = typeof PickVersionValues.enum; +export const PickVersionValuesEnum = PickVersionValues.enum; export type RuleUpgradeSpecifier = z.infer; export const RuleUpgradeSpecifier = z.object({ rule_id: RuleSignatureId, revision: z.number(), version: RuleVersion, - pick_version: RulePickVersionValues.optional(), + pick_version: PickVersionValues.optional(), /** * Fields that can be customized during the upgrade workflow as decided in: https://github.com/elastic/kibana/issues/186544 @@ -95,244 +90,444 @@ will default to a `pick_version` of `MERGED`. fields: z .object({ name: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: RuleName.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: RuleName, + }), + ]) .optional(), tags: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: RuleTagArray.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: RuleTagArray, + }), + ]) .optional(), description: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: RuleDescription.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: RuleDescription, + }), + ]) .optional(), severity: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: Severity.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: Severity, + }), + ]) .optional(), severity_mapping: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: SeverityMapping.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: SeverityMapping, + }), + ]) .optional(), risk_score: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: RiskScore.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: RiskScore, + }), + ]) .optional(), risk_score_mapping: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: RiskScoreMapping.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: RiskScoreMapping, + }), + ]) .optional(), references: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: RuleReferenceArray.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: RuleReferenceArray, + }), + ]) .optional(), false_positives: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: RuleFalsePositiveArray.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: RuleFalsePositiveArray, + }), + ]) .optional(), threat: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: ThreatArray.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: ThreatArray, + }), + ]) .optional(), note: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: InvestigationGuide.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: InvestigationGuide, + }), + ]) .optional(), setup: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: SetupGuide.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: SetupGuide, + }), + ]) .optional(), related_integrations: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: RelatedIntegrationArray.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: RelatedIntegrationArray, + }), + ]) .optional(), required_fields: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: RequiredFieldArray.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: RequiredFieldArray, + }), + ]) .optional(), max_signals: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: MaxSignals.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: MaxSignals, + }), + ]) .optional(), building_block_type: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: BuildingBlockType.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: BuildingBlockType, + }), + ]) .optional(), from: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: RuleIntervalFrom.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: RuleIntervalFrom, + }), + ]) .optional(), interval: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: RuleInterval.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: RuleInterval, + }), + ]) .optional(), exceptions_list: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: RuleExceptionList.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: RuleExceptionList, + }), + ]) .optional(), rule_name_override: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: RuleNameOverride.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: RuleNameOverride, + }), + ]) .optional(), timestamp_override: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: TimestampOverride.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: TimestampOverride, + }), + ]) .optional(), timestamp_override_fallback_disabled: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: TimestampOverrideFallbackDisabled.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: TimestampOverrideFallbackDisabled, + }), + ]) .optional(), timeline_id: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: TimelineTemplateId.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: TimelineTemplateId, + }), + ]) .optional(), timeline_title: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: TimelineTemplateTitle.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: TimelineTemplateTitle, + }), + ]) .optional(), index: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: IndexPatternArray.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: IndexPatternArray, + }), + ]) .optional(), data_view_id: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: DataViewId.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: DataViewId, + }), + ]) .optional(), query: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: RuleQuery.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: RuleQuery, + }), + ]) .optional(), language: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: QueryLanguage.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: QueryLanguage, + }), + ]) .optional(), filters: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: RuleFilterArray.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: RuleFilterArray, + }), + ]) .optional(), saved_id: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: SavedQueryId.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: SavedQueryId, + }), + ]) .optional(), machine_learning_job_id: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: MachineLearningJobId.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: MachineLearningJobId, + }), + ]) .optional(), anomaly_threshold: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: AnomalyThreshold.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: AnomalyThreshold, + }), + ]) .optional(), threat_query: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: ThreatQuery.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: ThreatQuery, + }), + ]) .optional(), threat_mapping: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: ThreatMapping.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: ThreatMapping, + }), + ]) .optional(), threat_index: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: ThreatIndex.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: ThreatIndex, + }), + ]) .optional(), threat_filters: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: ThreatFilters.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: ThreatFilters, + }), + ]) .optional(), threat_indicator_path: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: ThreatIndicatorPath.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: ThreatIndicatorPath, + }), + ]) .optional(), threat_language: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: KqlQueryLanguage.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: KqlQueryLanguage, + }), + ]) .optional(), new_terms_fields: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: NewTermsFields.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: NewTermsFields, + }), + ]) .optional(), history_window_start: z - .object({ - pick_version: FieldPickVersionValues, - resolved_value: HistoryWindowStart.optional(), - }) + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: HistoryWindowStart, + }), + ]) .optional(), }) .optional(), @@ -342,13 +537,13 @@ export type UpgradeSpecificRulesRequest = z.infer; export const UpgradeAllRulesRequest = z.object({ mode: z.literal('ALL_RULES'), - pick_version: RulePickVersionValues.optional(), + pick_version: PickVersionValues.optional(), }); export type SkipRuleUpgradeReason = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml index ee7fb8c06d3c6..f61d0a27b4d12 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml +++ b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml @@ -30,14 +30,10 @@ paths: components: schemas: - RulePickVersionValues: + PickVersionValues: type: string enum: [BASE, CURRENT, TARGET, MERGED] - FieldPickVersionValues: - type: string - enum: [BASE, CURRENT, TARGET, MERGED, RESOLVED] - RuleUpgradeSpecifier: type: object required: @@ -52,7 +48,7 @@ components: version: $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleVersion' pick_version: - $ref: '#/components/schemas/RulePickVersionValues' + $ref: '#/components/schemas/PickVersionValues' fields: type: object description: | @@ -62,365 +58,727 @@ components: will default to a `pick_version` of `MERGED`. properties: name: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleName' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleName' tags: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleTagArray' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleTagArray' description: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleDescription' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleDescription' severity: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/Severity' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/Severity' severity_mapping: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/SeverityMapping' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/SeverityMapping' risk_score: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RiskScore' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RiskScore' risk_score_mapping: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RiskScoreMapping' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RiskScoreMapping' references: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleReferenceArray' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleReferenceArray' false_positives: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleFalsePositiveArray' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleFalsePositiveArray' threat: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/ThreatArray' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/ThreatArray' note: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/InvestigationGuide' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/InvestigationGuide' setup: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/SetupGuide' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/SetupGuide' related_integrations: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RelatedIntegrationArray' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RelatedIntegrationArray' required_fields: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RequiredFieldArray' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RequiredFieldArray' max_signals: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/MaxSignals' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/MaxSignals' building_block_type: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/BuildingBlockType' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/BuildingBlockType' from: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleIntervalFrom' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleIntervalFrom' interval: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleInterval' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleInterval' exceptions_list: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleExceptionList' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleExceptionList' rule_name_override: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleNameOverride' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleNameOverride' timestamp_override: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimestampOverride' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimestampOverride' timestamp_override_fallback_disabled: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimestampOverrideFallbackDisabled' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimestampOverrideFallbackDisabled' timeline_id: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimelineTemplateId' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimelineTemplateId' timeline_title: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimelineTemplateTitle' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimelineTemplateTitle' index: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/IndexPatternArray' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/IndexPatternArray' data_view_id: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/DataViewId' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/DataViewId' query: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleQuery' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleQuery' language: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/QueryLanguage' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/QueryLanguage' filters: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleFilterArray' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleFilterArray' saved_id: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/SavedQueryId' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/SavedQueryId' machine_learning_job_id: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/specific_attributes/ml_attributes.schema.yaml#/components/schemas/MachineLearningJobId' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/ml_attributes.schema.yaml#/components/schemas/MachineLearningJobId' anomaly_threshold: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/specific_attributes/ml_attributes.schema.yaml#/components/schemas/AnomalyThreshold' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/ml_attributes.schema.yaml#/components/schemas/AnomalyThreshold' threat_query: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatQuery' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatQuery' threat_mapping: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatMapping' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatMapping' threat_index: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatIndex' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatIndex' threat_filters: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatFilters' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatFilters' threat_indicator_path: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatIndicatorPath' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatIndicatorPath' threat_language: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/KqlQueryLanguage' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/KqlQueryLanguage' new_terms_fields: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/specific_attributes/new_terms_attributes.schema.yaml#/components/schemas/NewTermsFields' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/new_terms_attributes.schema.yaml#/components/schemas/NewTermsFields' history_window_start: - type: object - required: - - pick_version - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '../../model/rule_schema/specific_attributes/new_terms_attributes.schema.yaml#/components/schemas/HistoryWindowStart' + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/new_terms_attributes.schema.yaml#/components/schemas/HistoryWindowStart' + + UpgradeSpecificRulesRequest: type: object @@ -436,7 +794,7 @@ components: items: $ref: '#/components/schemas/RuleUpgradeSpecifier' pick_version: - $ref: '#/components/schemas/RulePickVersionValues' + $ref: '#/components/schemas/PickVersionValues' UpgradeAllRulesRequest: type: object @@ -447,7 +805,7 @@ components: type: string enum: [ALL_RULES] pick_version: - $ref: '#/components/schemas/RulePickVersionValues' + $ref: '#/components/schemas/PickVersionValues' SkipRuleUpgradeReason: type: string From 329e696f32eb8426978f96642d24700b0c10cef3 Mon Sep 17 00:00:00 2001 From: jpdjere Date: Wed, 31 Jul 2024 11:46:35 +0200 Subject: [PATCH 11/12] Add bundle --- ...ections_api_2023_10_31.bundled.schema.yaml | 1068 +++++++++++------ 1 file changed, 730 insertions(+), 338 deletions(-) diff --git a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml index 9211e3f9121a8..9f614b2d943b9 100644 --- a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml @@ -2965,14 +2965,6 @@ components: required: - type - is_customized - FieldPickVersionValues: - enum: - - BASE - - CURRENT - - TARGET - - MERGED - - RESOLVED - type: string FindRulesSortField: enum: - created_at @@ -4246,6 +4238,13 @@ components: - summary - results - errors + PickVersionValues: + enum: + - BASE + - CURRENT + - TARGET + - MERGED + type: string PlatformErrorResponse: type: object properties: @@ -5222,13 +5221,6 @@ components: - $ref: '#/components/schemas/MachineLearningRulePatchProps' - $ref: '#/components/schemas/NewTermsRulePatchProps' - $ref: '#/components/schemas/EsqlRulePatchProps' - RulePickVersionValues: - enum: - - BASE - - CURRENT - - TARGET - - MERGED - type: string RulePreviewLogs: type: object properties: @@ -5322,367 +5314,767 @@ components: type: object properties: anomaly_threshold: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/AnomalyThreshold' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/AnomalyThreshold' + required: + - pick_version + - resolved_value building_block_type: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/BuildingBlockType' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/BuildingBlockType' + required: + - pick_version + - resolved_value data_view_id: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/DataViewId' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/DataViewId' + required: + - pick_version + - resolved_value description: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/RuleDescription' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/RuleDescription' + required: + - pick_version + - resolved_value exceptions_list: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/RuleExceptionList' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/RuleExceptionList' + required: + - pick_version + - resolved_value false_positives: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/RuleFalsePositiveArray' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/RuleFalsePositiveArray' + required: + - pick_version + - resolved_value filters: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/RuleFilterArray' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/RuleFilterArray' + required: + - pick_version + - resolved_value from: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/RuleIntervalFrom' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/RuleIntervalFrom' + required: + - pick_version + - resolved_value history_window_start: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/HistoryWindowStart' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/HistoryWindowStart' + required: + - pick_version + - resolved_value index: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/IndexPatternArray' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/IndexPatternArray' + required: + - pick_version + - resolved_value interval: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/RuleInterval' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/RuleInterval' + required: + - pick_version + - resolved_value language: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/QueryLanguage' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/QueryLanguage' + required: + - pick_version + - resolved_value machine_learning_job_id: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/MachineLearningJobId' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/MachineLearningJobId' + required: + - pick_version + - resolved_value max_signals: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/MaxSignals' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/MaxSignals' + required: + - pick_version + - resolved_value name: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/RuleName' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/RuleName' + required: + - pick_version + - resolved_value new_terms_fields: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/NewTermsFields' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/NewTermsFields' + required: + - pick_version + - resolved_value note: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/InvestigationGuide' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/InvestigationGuide' + required: + - pick_version + - resolved_value query: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/RuleQuery' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/RuleQuery' + required: + - pick_version + - resolved_value references: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/RuleReferenceArray' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/RuleReferenceArray' + required: + - pick_version + - resolved_value related_integrations: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/RelatedIntegrationArray' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/RelatedIntegrationArray' + required: + - pick_version + - resolved_value required_fields: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/RequiredFieldArray' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/RequiredFieldArray' + required: + - pick_version + - resolved_value risk_score: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/RiskScore' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/RiskScore' + required: + - pick_version + - resolved_value risk_score_mapping: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/RiskScoreMapping' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/RiskScoreMapping' + required: + - pick_version + - resolved_value rule_name_override: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/RuleNameOverride' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/RuleNameOverride' + required: + - pick_version + - resolved_value saved_id: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/SavedQueryId' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/SavedQueryId' + required: + - pick_version + - resolved_value setup: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/SetupGuide' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/SetupGuide' + required: + - pick_version + - resolved_value severity: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/Severity' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/Severity' + required: + - pick_version + - resolved_value severity_mapping: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/SeverityMapping' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/SeverityMapping' + required: + - pick_version + - resolved_value tags: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/RuleTagArray' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/RuleTagArray' + required: + - pick_version + - resolved_value threat: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/ThreatArray' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/ThreatArray' + required: + - pick_version + - resolved_value threat_filters: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/ThreatFilters' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/ThreatFilters' + required: + - pick_version + - resolved_value threat_index: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/ThreatIndex' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/ThreatIndex' + required: + - pick_version + - resolved_value threat_indicator_path: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/ThreatIndicatorPath' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/ThreatIndicatorPath' + required: + - pick_version + - resolved_value threat_language: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/KqlQueryLanguage' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/KqlQueryLanguage' + required: + - pick_version + - resolved_value threat_mapping: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/ThreatMapping' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/ThreatMapping' + required: + - pick_version + - resolved_value threat_query: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/ThreatQuery' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/ThreatQuery' + required: + - pick_version + - resolved_value timeline_id: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/TimelineTemplateId' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/TimelineTemplateId' + required: + - pick_version + - resolved_value timeline_title: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/TimelineTemplateTitle' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/TimelineTemplateTitle' + required: + - pick_version + - resolved_value timestamp_override: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/TimestampOverride' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/TimestampOverride' + required: + - pick_version + - resolved_value timestamp_override_fallback_disabled: - type: object - properties: - pick_version: - $ref: '#/components/schemas/FieldPickVersionValues' - resolved_value: - $ref: '#/components/schemas/TimestampOverrideFallbackDisabled' - required: - - pick_version + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/TimestampOverrideFallbackDisabled' + required: + - pick_version + - resolved_value pick_version: - $ref: '#/components/schemas/RulePickVersionValues' + $ref: '#/components/schemas/PickVersionValues' revision: type: number rule_id: @@ -7392,7 +7784,7 @@ components: - ALL_RULES type: string pick_version: - $ref: '#/components/schemas/RulePickVersionValues' + $ref: '#/components/schemas/PickVersionValues' required: - mode UpgradeSpecificRulesRequest: @@ -7403,7 +7795,7 @@ components: - SPECIFIC_RULES type: string pick_version: - $ref: '#/components/schemas/RulePickVersionValues' + $ref: '#/components/schemas/PickVersionValues' rules: items: $ref: '#/components/schemas/RuleUpgradeSpecifier' From fbf5163ac4d80a0e9bde1de4cc1a1ec1494e9307 Mon Sep 17 00:00:00 2001 From: jpdjere Date: Thu, 1 Aug 2024 13:26:43 +0200 Subject: [PATCH 12/12] Add descriptions --- .../perform_rule_upgrade_route.schema.yaml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml index f61d0a27b4d12..a5b54657e0370 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml +++ b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml @@ -1,11 +1,11 @@ openapi: 3.0.0 info: title: Perform Rule Upgrade API endpoint - version: '2023-10-31' + version: '1' paths: - /api/detection_engine/rules/prebuilt/_perform_upgrade: + /internal/detection_engine/prebuilt_rules/upgrade/_perform: post: - x-labels: [ess] + x-labels: [ess, serverless] x-codegen-enabled: true operationId: PerformRuleUpgrade summary: Perform rule upgrade @@ -32,6 +32,12 @@ components: schemas: PickVersionValues: type: string + description: | + The version of the rule (or a specific field within a rule) to use for the upgrade. + BASE - The version of a rule authored by Elastic as it is installed from the Prebuilt Security Detection Rules package, with no user customizations. + CURRENT - The version of a rule as it is currently installed on the system. Consists of the base version of the rule plus all user customizations. + TARGET - The updated version of a rule as it is distributed in the next version of the Prebuilt Security Detection Rules package. + MERGED - The output version of a rule (or any of its fields) as a three way merge of the base, current, and target versions. This option is not always possible: if the three way merge results in a conflict which can't be automatically solved, the update will be rejected. enum: [BASE, CURRENT, TARGET, MERGED] RuleUpgradeSpecifier: @@ -42,10 +48,13 @@ components: - version properties: rule_id: + description: Rule's unique identifier. Should match the rule's signature ID returned from the Review Rule Upgrade API endpoint. $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleSignatureId' revision: + description: Rule's current revision number. Should match the rule's revision number returned from the Review Rule Upgrade API endpoint. type: number version: + description: The number of the version to which the rule is being upgraded to. Should match the rule's version number returned from the Review Rule Upgrade API endpoint. $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleVersion' pick_version: $ref: '#/components/schemas/PickVersionValues'