[SIEM][Detections Engine] - Update rule.lists to be rule.exceptions_list#63717
Merged
yctercero merged 5 commits intoelastic:masterfrom Apr 17, 2020
Merged
[SIEM][Detections Engine] - Update rule.lists to be rule.exceptions_list#63717yctercero merged 5 commits intoelastic:masterfrom
yctercero merged 5 commits intoelastic:masterfrom
Conversation
Contributor
|
Pinging @elastic/siem (Team:SIEM) |
FrankHassanabad
approved these changes
Apr 17, 2020
Contributor
FrankHassanabad
left a comment
There was a problem hiding this comment.
Simple enough, LGTM for the name change. Appreciate the time you took to accept feedback and then apply it to this to make it super simple for the API vocabulary to avoid user confusion.
This will save us time in the long run from forum posts and documentation for end users.
Contributor
💚 Build SucceededHistory
To update your PR or re-run it, just comment with: |
yctercero
added a commit
to yctercero/kibana
that referenced
this pull request
Apr 17, 2020
…ist (elastic#63717) ### Summary [63717] This PR updates the rules lists param to be `exceptions_list`. This is done in an attempt to make the terminology less confusing as lists will generally be referring to the big lists values. It should also make it more clear that the `exceptions_list` logic is being applied as a double not.
jloleysens
added a commit
to jloleysens/kibana
that referenced
this pull request
Apr 20, 2020
…bana into ingest-node-pipelines/privileges * 'feature/ingest-node-pipelines' of github.com:elastic/kibana: (126 commits) [SEARCH] Cleanup fetch soon (elastic#63320) skip flaky suite (elastic#58692) [Uptime] Refresh index and also show more info to user regardi… (elastic#62606) [Drilldowns] Fix back button by removing panels from url in dashboard in view mode (elastic#62415) [platform] serve plugins from /bundles/plugin:${id} [Alerting] Documentation for how to pre-configure connectors. (elastic#63807) skip flaky suite (elastic#63621) Revert "skip flaky suite (elastic#63747)" skip flaky suite (elastic#63747) [SIEM][Detections Engine] - Update rule.lists to be rule.exceptions_list (elastic#63717) [SIEM] Flaky test fix: Bump find_statuses timeout (elastic#63900) [Uptime] Add cert API request and runtime type checking (elastic#63062) [Lens] Allow table to scroll horizontally (elastic#63805) [Metrics UI] Allow users to create alerts from the central Alerts UI (elastic#63803) Migrate legacy maps licensing (x-pack/tilemap) to NP (elastic#63539) [Alerting] "Create alert" and alert list design improvements (elastic#63515) [Lens] Fix existence for dotted paths in _source (elastic#63752) Example plugins in X-Pack (elastic#63823) [ML] Migrate Mocha unit tests to Jest: migrate job utils and query utils tests (elastic#63775) Endpoint: middleware receive immutable versions of state and actions (elastic#63802) ...
FrankHassanabad
pushed a commit
to FrankHassanabad/kibana
that referenced
this pull request
Apr 20, 2020
…ist (elastic#63717) ### Summary [63717] This PR updates the rules lists param to be `exceptions_list`. This is done in an attempt to make the terminology less confusing as lists will generally be referring to the big lists values. It should also make it more clear that the `exceptions_list` logic is being applied as a double not.
jloleysens
added a commit
to jloleysens/kibana
that referenced
this pull request
Apr 20, 2020
…bana into pipeline-editor-part-mvp-2 * 'feature/ingest-node-pipelines' of github.com:elastic/kibana: (127 commits) [Ingest pipelines] Polish details panel and empty list (elastic#63926) [SEARCH] Cleanup fetch soon (elastic#63320) skip flaky suite (elastic#58692) [Uptime] Refresh index and also show more info to user regardi… (elastic#62606) [Drilldowns] Fix back button by removing panels from url in dashboard in view mode (elastic#62415) [platform] serve plugins from /bundles/plugin:${id} [Alerting] Documentation for how to pre-configure connectors. (elastic#63807) skip flaky suite (elastic#63621) Revert "skip flaky suite (elastic#63747)" skip flaky suite (elastic#63747) [SIEM][Detections Engine] - Update rule.lists to be rule.exceptions_list (elastic#63717) [SIEM] Flaky test fix: Bump find_statuses timeout (elastic#63900) [Uptime] Add cert API request and runtime type checking (elastic#63062) [Lens] Allow table to scroll horizontally (elastic#63805) [Metrics UI] Allow users to create alerts from the central Alerts UI (elastic#63803) Migrate legacy maps licensing (x-pack/tilemap) to NP (elastic#63539) [Alerting] "Create alert" and alert list design improvements (elastic#63515) [Lens] Fix existence for dotted paths in _source (elastic#63752) Example plugins in X-Pack (elastic#63823) [ML] Migrate Mocha unit tests to Jest: migrate job utils and query utils tests (elastic#63775) ...
yctercero
pushed a commit
that referenced
this pull request
Apr 20, 2020
…ist (#63717) (#63962) ### Summary [63717] This PR updates the rules lists param to be `exceptions_list`. This is done in an attempt to make the terminology less confusing as lists will generally be referring to the big lists values. It should also make it more clear that the `exceptions_list` logic is being applied as a double not.
5 tasks
Contributor
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR updates the rules
listsparam to beexceptions_list. This is done in an attempt to make the terminology less confusing as lists will generally be referring to the big lists values. It should also make it more clear that theexceptions_listlogic is being applied as a double not.The following example does say
event.module is not suricataBUT as this is an exceptions list, the logic isnot when even.module is not suricata-->query && !(!event.module:suricata)--->query && event.module:suricataDid not update type names (ex
lists_valuesetc...) as they'll also be useful when (maybe) adding such things as inclusion lists.Tests marked
describe.skipdue to this being behind a feature flag were checked to be sure they are passing when feature flag is turned on.Testing
./post_rule.sh ./rules/queries/lists/query_with_list.json./update_rule.sh ./rules/updates/update_list.json./patch_rule.sh ./rules/patches/update_list.jsonChecklist
For maintainers