Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Content] Add tag to rules with Investigation Guides #2297

Merged
merged 2 commits into from
Sep 23, 2022
Merged

[Security Content] Add tag to rules with Investigation Guides #2297

merged 2 commits into from
Sep 23, 2022

Conversation

w0rk3r
Copy link
Contributor

@w0rk3r w0rk3r commented Sep 13, 2022

Issues

Part of https://github.com/elastic/security-team/issues/4378

Summary

Add the has_guide tag to rules with Investigation Guides so they can be easily identied on the stack.

@w0rk3r w0rk3r self-assigned this Sep 13, 2022
@w0rk3r w0rk3r marked this pull request as ready for review September 13, 2022 19:02
@botelastic botelastic bot added Domain: Cloud Domain: Endpoint Integration: AWS AWS related rules Integration: Azure azure related rules Integration: Google Workspace ML machine learning related rule OS: Linux OS: Windows windows related rules labels Sep 19, 2022
brokensound77
brokensound77 approved these changes Sep 23, 2022
View reviewed changes
Copy link
Contributor

@brokensound77 brokensound77 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM,

Can you create an issue to add a test for this. It will be a bit more complicated than simply checking for rule.content.data.note due to many only including a ## Setup

@w0rk3r
Copy link
Contributor Author

w0rk3r commented Sep 23, 2022

@brokensound77 I think we can maintain this as manual work, as some rules contain "incomplete" investigation guides that weren't reviewed by the docs team or don't fully follow the format.

@w0rk3r w0rk3r merged commit ec04a39 into main Sep 23, 2022
@w0rk3r w0rk3r deleted the ig_tagging branch September 23, 2022 17:20
protectionsmachine pushed a commit that referenced this pull request Sep 23, 2022
@w0rk3r @github-actions
[Security Content] Tag rules with robust Investigation Guides (#2297)
1ea461d 
(cherry picked from commit ec04a39)
protectionsmachine pushed a commit that referenced this pull request Sep 23, 2022
@w0rk3r @github-actions
[Security Content] Tag rules with robust Investigation Guides (#2297)
d7c3d31 
(cherry picked from commit ec04a39)
protectionsmachine pushed a commit that referenced this pull request Sep 23, 2022
@w0rk3r @github-actions
[Security Content] Tag rules with robust Investigation Guides (#2297)
44ffbc9 
(cherry picked from commit ec04a39)
@approksiu approksiu mentioned this pull request Oct 10, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brokensound77 brokensound77 brokensound77 approved these changes

@imays11 imays11 imays11 approved these changes

@Mikaayenson Mikaayenson Awaiting requested review from Mikaayenson

@DefSecSentinel DefSecSentinel Awaiting requested review from DefSecSentinel

@terrancedejesus terrancedejesus Awaiting requested review from terrancedejesus

Assignees

@w0rk3r w0rk3r

Labels
backport: auto Domain: Cloud Domain: Endpoint Integration: AWS AWS related rules Integration: Azure azure related rules Integration: Google Workspace ML machine learning related rule OS: Linux OS: Windows windows related rules Security Content v8.5.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@w0rk3r @brokensound77 @imays11 @approksiu