Skip to content

[RAC][Rule Registry] Implement separate methods for writing new alerts and updating existing ones #111175

Closed
Closed
[RAC][Rule Registry] Implement separate methods for writing new alerts and updating existing ones#111175
Labels
Team: SecuritySolutionSecurity Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.Team:Detection AlertsSecurity Detection Alerts Area TeamTeam:Detections and RespSecurity Detection Response TeamTheme: raclabel obsolete
@banderror

Description

@banderror
banderror
opened on Sep 3, 2021

Parent ticket: #101016

Summary

Background: #110519 (comment)

  • Remove RuleDataWriter.bulk()
  • Implement a new method for writing new alerts
  • Implement a new method for updating existing alerts

The new methods should have simple and safe to use APIs which would keep developers away from making mistakes (related to providing concrete index names vs aliases, certain ES options etc).

Metadata

Metadata

Assignees

No one assigned

    Labels

    Team: SecuritySolutionSecurity Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.Team:Detection AlertsSecurity Detection Alerts Area TeamTeam:Detections and RespSecurity Detection Response TeamTheme: raclabel obsolete

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions