[Security Solution] Refactor the rule export endpoint #151690
Labels
Feature:Rule Import/Export
Security Solution Detection Rule Import & Export workflow
refactoring
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
technical debt
Improvement of the software architecture and operational architecture
Comments
maximpn
added
enhancement
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
maximpn
changed the title
banderror
added
refactoring
technical debt
banderror
changed the title
banderror
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Relates to: https://github.com/elastic/security-team/issues/5339, #150097, #150553
Description
Rule exporting implementation contains two separate branches to handle the export, one for exporting all rules via
getExportAll()and another one for exporting only selected rules viagetExportByObjectIds(). While the functionality should be the same which is not totally true here the only difference is rules for processing. This way it looks logical to have a single function to handle exporting logic which accepts a set of rules. This will also help to make sure exported rule data doesn't contain any runtime information stored in SO likeexecution_summaryas we encountered a such a problem before and fixed it in #150553 and #150097. Refactoring of rule exporting functionality will help mitigate mentioned risks and improve maintainability.The text was updated successfully, but these errors were encountered: