Skip to content

[Security Solution] Create types or tests to link Rule Schema and Diffable Rule schema #194484

New issue
New issue
Open
Task
Listed in
#221310
Open
[Security Solution] Create types or tests to link Rule Schema and Diffable Rule schema#194484
Task
Listed in
#221310
Assignees
jpdjere
Labels
Feature:Prebuilt Detection RulesSecurity Solution Prebuilt Detection Rules areaTeam: SecuritySolutionSecurity Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.Team:Detection Rule ManagementSecurity Detection Rule Management TeamTeam:Detections and RespSecurity Detection Response Team
@jpdjere

Description

@jpdjere
jpdjere
opened on Sep 30, 2024 · edited by banderror
Contributor

Epics: https://github.com/elastic/security-team/issues/1974 (internal), #179907

Summary

Currently, our API Rule Schemas and our schema for DiffableRules are completely disconnected: our Rule Schemas are auto-generated via our OpenAPI specs, while the DiffableRule schema (used in our Prebuilt Rule upgrade workflow) is created manually by listing its diffable fields.

This means that whenever a new field is added (or modified or removed) to our Rule Schemas, that change can go completely unnoticed (and the change merged to main) without the engineer realising that the DiffableRule should be adapted in a similar way.

Task

  • Create either (or both):
    • types that statically check that the fields in our Rule Schema are included -or considered in some way or another- in our DiffableRule.
    • tests that break if a change is introduced in our Rule Schema that is not reflected in the DiffableRule.
  • The files with types or tests should be set to be owned by the Detection Rules Management team, in order to prompt the involvement of one engineer from the team during this change.

Activity

jpdjere
added
Team: SecuritySolutionSecurity Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Team:Detection Rule ManagementSecurity Detection Rule Management Team
Team:Detections and RespSecurity Detection Response Team
triage_needed
on Sep 30, 2024
jpdjere
self-assigned this
on Sep 30, 2024
elasticmachine

elasticmachine commented on Sep 30, 2024

@elasticmachine
elasticmachine
on Sep 30, 2024
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

elasticmachine

elasticmachine commented on Sep 30, 2024

@elasticmachine
elasticmachine
on Sep 30, 2024
Contributor

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

elasticmachine

elasticmachine commented on Sep 30, 2024

@elasticmachine
elasticmachine
on Sep 30, 2024
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

jpdjere
added
8.16 candidate
Feature:Prebuilt Detection RulesSecurity Solution Prebuilt Detection Rules area
and removed
triage_needed
on Sep 30, 2024
jpdjere
mentioned this on Sep 30, 2024
banderror
added
8.17 candidate
8.18 candidate
and removed
8.16 candidate
8.17 candidate
on Oct 9, 2024
banderror
mentioned this on Nov 23, 2024
banderror
removed
8.18 candidate
on Nov 23, 2024
banderror
mentioned this on Mar 17, 2025
banderror
mentioned this on May 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

Labels

Feature:Prebuilt Detection RulesSecurity Solution Prebuilt Detection Rules areaTeam: SecuritySolutionSecurity Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.Team:Detection Rule ManagementSecurity Detection Rule Management TeamTeam:Detections and RespSecurity Detection Response Team

Type

Task

Projects

No projects

Milestone

No milestone

Relationships

None yet

    Development

    No branches or pull requests

      Participants

      @jpdjere@banderror@elasticmachine

      Issue actions
        [Security Solution] Create types or tests to link Rule Schema and Diffable Rule schema · Issue #194484 · elastic/kibana