Skip to content

[SIEM][Detection Rules] Add 7.9 rules#71332

Merged
rw-access merged 10 commits intoelastic:masterfrom
rw-access:rules/7.9
Jul 13, 2020
Merged

[SIEM][Detection Rules] Add 7.9 rules#71332
rw-access merged 10 commits intoelastic:masterfrom
rw-access:rules/7.9

Conversation

@rw-access
Copy link
Copy Markdown
Contributor

@rw-access rw-access commented Jul 9, 2020

Summary

Add rules from detection-rules

Checklist

N/A

For maintainers

@rw-access rw-access added the Feature:Detection Rules Security Solution rules and Detection Engine label Jul 9, 2020
@rw-access rw-access requested a review from a team as a code owner July 9, 2020 21:53
@brokensound77
Copy link
Copy Markdown
Contributor

brokensound77 commented Jul 9, 2020

Versioning looks solid for all of the rules 👍

@rw-access rw-access added release_note:skip Skip the PR/issue when compiling release notes v7.9.0 v8.0.0 labels Jul 9, 2020
@rw-access rw-access mentioned this pull request Jul 9, 2020
Merged
brokensound77
brokensound77 approved these changes Jul 9, 2020
View reviewed changes
Copy link
Copy Markdown
Contributor

@brokensound77 brokensound77 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Versioning, autogenerated files, and renames all seem to have worked nicely.

LGTM once it passes 👍

@spong spong mentioned this pull request Jul 9, 2020
Closed
@elastic elastic deleted a comment from kibanamachine Jul 9, 2020
spong
spong approved these changes Jul 9, 2020
View reviewed changes
Copy link
Copy Markdown
Member

@spong spong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Was able to verify successful POST of the Elastic Endpoint and External Alerts rules without issue. Skimmed the other changes and those look good as well. Thanks @rw-access! 🙂

@rw-access
Copy link
Copy Markdown
Contributor Author

rw-access commented Jul 11, 2020

@elasticmachine merge upstream

@elastic elastic deleted a comment from kibanamachine Jul 11, 2020
@spong
Copy link
Copy Markdown
Member

spong commented Jul 11, 2020

@rw-access @brokensound77 -- needed to run node scripts/notice from kibana root to regenerate the NOTICE.txt. I missed this as part of elastic/detection-rules#32 as I was thinking it happened during the build, but looks like it needs to be done manually after updating any notice.ts (similar to i18n behavior). I'll defer to you for where this command fits in with your existing rules workflow, but would it be fine to add as part of the generation of this PR?

@spong
Copy link
Copy Markdown
Member

spong commented Jul 11, 2020

@elasticmachine merge upstream

@spong
Copy link
Copy Markdown
Member

spong commented Jul 13, 2020

Twas a twofer:

  1. My repo had the below cached and outdated target references, so just needed to delete those and regen. Something to be cautious of when automating. 🙂
 info Found @notice comment in src/plugins/console/target/public/0.plugin.js
 info Found @notice comment in src/plugins/es_ui_shared/target/public/esUiShared.plugin.js
 info Found @notice comment in x-pack/plugins/maps/target/public/1.plugin.js
 info Found @notice comment in x-pack/plugins/siem/target/public/27.plugin.js
  1. Flakey Failing test: Kibana Embedded in iframe... 🎲🎲

@rw-access
Copy link
Copy Markdown
Contributor Author

rw-access commented Jul 13, 2020

@elasticmachine merge upstream

@rw-access rw-access mentioned this pull request Jul 13, 2020
Closed
@kibanamachine
Copy link
Copy Markdown
Contributor

kibanamachine commented Jul 13, 2020

💚 Build Succeeded

Build metrics

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@rw-access rw-access merged commit 85d4253 into elastic:master Jul 13, 2020
@rw-access rw-access deleted the rules/7.9 branch July 13, 2020 20:44
@rw-access rw-access mentioned this pull request Jul 13, 2020
Merged
rw-access added a commit that referenced this pull request Jul 13, 2020
@rw-access
[SIEM][Detection Rules] Add 7.9 rules (#71332) (#71547)
275cf60
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@spong spong spong approved these changes

@FrankHassanabad FrankHassanabad Awaiting requested review from FrankHassanabad

+1 more reviewer

@brokensound77 brokensound77 brokensound77 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

Feature:Detection Rules Security Solution rules and Detection Engine release_note:skip Skip the PR/issue when compiling release notes v7.9.0 v8.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@rw-access @brokensound77 @spong @kibanamachine @elasticmachine