Add rule docs for 8.6 rule changes #2751
Conversation
terrancedejesus
added
Team: Detections/Response
|
Documentation previews: |
| @@ -1,3 +1,6 @@ | |||
| .DS_Store | |||
| docs/html_docs | |||
| /html_docs | |||
|
|
|||
| # development files | |||
| *launch.json* | |||
There was a problem hiding this comment.
Added this to ignore debugging file for Python.
| @@ -5,6 +5,9 @@ The following lists prebuilt rule updates per release. Only rules with | |||
| significant modifications to their query or scope are listed. For detailed | |||
| information about a rule's changes, see the rule's description page. | |||
|
|
|||
| [float] | |||
There was a problem hiding this comment.
This should list all the files that have been changed, but does not. I will need to look into this.
| @@ -15,7 +15,7 @@ | |||
| PREBUILT_RULES = ROOT.joinpath('prebuilt-rules-scripts') | |||
| GENERATED_ASCII = ROOT.joinpath('generated-ascii-files') | |||
| DEFAULT_KIBANA_RULES_DIR = str(Path().joinpath('x-pack', 'plugins', 'security_solution', 'server', 'lib', | |||
| 'detection_engine', 'rules', 'prepackaged_rules')) | |||
| 'detection_engine', 'prebuilt_rules', 'content', 'prepackaged_rules')) | |||
There was a problem hiding this comment.
Updated this so it points to the Kibana FS rules after recent change.
Reference - elastic/kibana#142950
|
These security docs do not seem to be correct as a result of a failed backport in Kibana. Since our process requires us to checkout Kibana branch 8.6 and then create docs from there, changes not backported would not be reflected in doc updates. Reference - elastic/kibana#146402 (comment) UpdateFixes were made so the rule changes successfully backported to the 8.6 branch of Kibana and as a result, building security docs will now reflect the expected rules. For 8.6.0 rule doc updates for Kibana, please refer to the following PR which has the correct diff. |
Kibana Security Doc updates for rule changes in 8.6.