Skip to content

[Security Solution] Implement query filters diff algorithm #190241

Open
Enhancement
Open
[Security Solution] Implement query filters diff algorithm#190241
Enhancement
Labels
Feature:Prebuilt Detection RulesSecurity Solution Prebuilt Detection Rules areaTeam: SecuritySolutionSecurity Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.Team:Detection Rule ManagementSecurity Detection Rule Management TeamTeam:Detections and RespSecurity Detection Response TeamenhancementNew value added to drive a business result
@jpdjere

Description

@jpdjere
jpdjere
opened on Aug 9, 2024

Summary

Implement an algorithm for diffing and merging changes in the array of filters which is used in the query fields: kql_query, eql_query, and esql_query. The array is currently diffed using a simple diffing approach.

Context from the Rule Customization RFC:

To do

  • Create a way to effectively merge three versions of the filters array that makes sense from the UX perspective.
  • Implement this new algorithm for diffing three versions of filters within the kql_query, eql_query, and esql_query algorithms.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Feature:Prebuilt Detection RulesSecurity Solution Prebuilt Detection Rules areaTeam: SecuritySolutionSecurity Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.Team:Detection Rule ManagementSecurity Detection Rule Management TeamTeam:Detections and RespSecurity Detection Response TeamenhancementNew value added to drive a business result

    Type

    Enhancement

    Fields

    No fields configured for Enhancement.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions