elastic · trisch-me · Sep 10, 2024 · Apr 5, 2024 · Apr 25, 2024 · May 29, 2024
@@ -12,6 +12,7 @@ Feel free to remove these comments as you go along.
 <!--
 Stage 0: Provide a high level summary of the premise of these changes. Briefly describe the nature, purpose, and impact of the changes. ~2-5 sentences.
 -->
+This RFC proposes addition of 2 new fields (rule.tags and rule.remediation) in rule fieldset to the Elastic Common Schema (ECS). The goal of these fields is to provide more context to the users in the rule fieldset, rule.tags will be used to track the set of tags applied to the rule, customers can use it to indicate metadata about the rule, and rule.remediation will be used to capture the remediation instructions associated with rules, it is generally provided by the benchmark or framework from which the rule is published. 
 
 <!--
 Stage 1: If the changes include field additions or modifications, please create a folder titled as the RFC number under rfcs/text/. This will be where proposed schema changes as standalone YAML files or extended example mappings and larger source documents will go as the RFC is iterated upon.
@@ -23,6 +24,13 @@ Stage X: Provide a brief explanation of why the proposal is being marked as aban
 
 ## Fields
 
+The `rule` fields being proposed are as follows:
+
+Field | Type | Description /Usage
+-- | -- | -- | -- | -- 
+rule.tags | array | Used to track the set of tags applied to a rule | Customers can use it to indicate: author, benchmark partial name, rule number, rule category etc. It will be useful when we extend the capability to add more rules
+rule.remediation | array | Used to capture remediation instructions that come from the benchmark / framework the rule is from 
+
 <!--
 Stage 1: Describe at a high level how this change affects fields. Include new or updated yml field definitions for all of the essential fields in this draft. While not exhaustive, the fields documented here should be comprehensive enough to deeply evaluate the technical considerations of this change. The goal here is to validate the technical details for all essential fields and to provide a basis for adding experimental field definitions to the schema. Use GitHub code blocks with yml syntax formatting, and add them to the corresponding RFC folder.
 -->
@@ -79,7 +87,10 @@ Stage 3: Document resolutions for all existing concerns. Any new concerns should
 
 The following are the people that consulted on the contents of this RFC.
 
-* TBD | author
+* @smriti0321 | author 
+* @tinnytintin10 | Product Manager Cloud Security
+* @oren-zohar | Engineering Manager Cloud Security
+* @orouz | Engineer
 
 <!--
 Who will be or has been consulted on the contents of this RFC? Identify authorship and sponsorship, and optionally identify the nature of involvement of others. Link to GitHub aliases where possible. This list will likely change or grow stage after stage.
@@ -97,6 +108,7 @@ e.g.:
 ## References
 
 <!-- Insert any links appropriate to this RFC in this section. -->
+EPIC with detailed discussion on addition of these fields - https://github.com/elastic/security-team/issues/7658
 
 ### RFC Pull Requests