From 029cf00ada5e63375fe9967632f80ba4cb20efeb Mon Sep 17 00:00:00 2001
From: Smriti <152067238+smriti0321@users.noreply.github.com>
Date: Tue, 10 Sep 2024 12:24:36 +0200
Subject: [PATCH] [RFC] Stage 0: Introducing new field in rule namespace
 (#2330)

* Update 0000-rfc-template.md

Updating the temaplate for RFC Stage 0 for adding 2 new rule fields: rule.tags and rule.remediation

* Update 0000-rfc-template.md

Incorporating review comments.

* Renaming the template file with recommended name

* Resolving conflicts

* Removing Tag Field

* Resolving comments from @trisch-me

* Moving file to rfcs/text folder as per @trisch-me comment. using next number in series.

* I saw number 44 was used in a recent RFC, using next number in series

---------

Co-authored-by: Eric Beahan <eric.beahan@elastic.co>
Co-authored-by: Alexandra Konrad <alexandra.konrad@elastic.co>
---
 .../0046-additional-rule-field.md}            | 44 +++++++------------
 1 file changed, 16 insertions(+), 28 deletions(-)
 rename rfcs/{0000-rfc-template.md => text/0046-additional-rule-field.md} (63%)

diff --git a/rfcs/0000-rfc-template.md b/rfcs/text/0046-additional-rule-field.md
similarity index 63%
rename from rfcs/0000-rfc-template.md
rename to rfcs/text/0046-additional-rule-field.md
index 1ac7c95052..f9354ce2f2 100644
--- a/rfcs/0000-rfc-template.md
+++ b/rfcs/text/0046-additional-rule-field.md
@@ -1,35 +1,27 @@
-# 0000: Name of RFC
+# 0000: Additional Rule Field
 <!-- Leave this ID at 0000. The ECS team will assign a unique, contiguous RFC number upon merging the initial stage of this RFC. -->
 
 - Stage: **0 (strawperson)** <!-- Update to reflect target stage. See https://elastic.github.io/ecs/stages.html -->
 - Date: **TBD** <!-- The ECS team sets this date at merge time. This is the date of the latest stage advancement. -->
 
-<!--
-As you work on your RFC, use the "Stage N" comments to guide you in what you should focus on, for the stage you're targeting.
-Feel free to remove these comments as you go along.
--->
+
 
 <!--
 Stage 0: Provide a high level summary of the premise of these changes. Briefly describe the nature, purpose, and impact of the changes. ~2-5 sentences.
 -->
+This RFC proposes addition of 1 new field (rule.remediation) in rule fieldset to the Elastic Common Schema (ECS). The goal of this field is to provide more context to the users in the rule fieldset, rule.remediation will be used to capture the remediation instructions associated with rules, it is generally provided by the benchmark or framework from which the rule is published. 
 
-<!--
-Stage 1: If the changes include field additions or modifications, please create a folder titled as the RFC number under rfcs/text/. This will be where proposed schema changes as standalone YAML files or extended example mappings and larger source documents will go as the RFC is iterated upon.
--->
 
-<!--
-Stage X: Provide a brief explanation of why the proposal is being marked as abandoned. This is useful context for anyone revisiting this proposal or considering similar changes later on.
--->
 
 ## Fields
 
-<!--
-Stage 1: Describe at a high level how this change affects fields. Include new or updated yml field definitions for all of the essential fields in this draft. While not exhaustive, the fields documented here should be comprehensive enough to deeply evaluate the technical considerations of this change. The goal here is to validate the technical details for all essential fields and to provide a basis for adding experimental field definitions to the schema. Use GitHub code blocks with yml syntax formatting, and add them to the corresponding RFC folder.
--->
+The `rule` fields being proposed are as follows:
+
+Field | Type | Example | Description/Usage
+-- | -- | -- | --
+rule.remediation | array | Enable encryption on all S3 buckets | Used to capture remediation instructions that come from the benchmark / framework the rule is from 
+
 
-<!--
-Stage 2: Add or update all remaining field definitions. The list should now be exhaustive. The goal here is to validate the technical details of all remaining fields and to provide a basis for releasing these field definitions as beta in the schema. Use GitHub code blocks with yml syntax formatting, and add them to the corresponding RFC folder.
--->
 
 ## Usage
 
@@ -79,25 +71,21 @@ Stage 3: Document resolutions for all existing concerns. Any new concerns should
 
 The following are the people that consulted on the contents of this RFC.
 
-* TBD | author
+* @smriti0321 | author
+* @tinnytintin10 | Product Manager
+* @oren-zohar | Engineering Manager
+* @orouz | Engineer
+* @trisch-me | Security ECS team
 
-<!--
-Who will be or has been consulted on the contents of this RFC? Identify authorship and sponsorship, and optionally identify the nature of involvement of others. Link to GitHub aliases where possible. This list will likely change or grow stage after stage.
 
-e.g.:
-
-* @Yasmina | author
-* @Monique | sponsor
-* @EunJung | subject matter expert
-* @JaneDoe | grammar, spelling, prose
-* @Mariana
--->
 
 
 ## References
 
 <!-- Insert any links appropriate to this RFC in this section. -->
 
+
+
 ### RFC Pull Requests
 
 <!-- An RFC should link to the PRs for each of it stage advancements. -->