Conversation
💚 Build Succeeded
Expand to view the summary
Build stats
Trends 🧪 |
mtojek
left a comment
There was a problem hiding this comment.
Please make sure that the PR passes the CI verification. Quick check:
make update && make check && make test
| type: file | ||
| contentMediaType: "application/json" | ||
| pattern: '^.+\.json$' | ||
| - description: Folder containing rules |
There was a problem hiding this comment.
Please create a sample package and add it to the test/packages.
There was a problem hiding this comment.
I added this asset to test/packages/good
There was a problem hiding this comment.
Unless this should be its own test package
|
@rw-access Are rules and timeline tied together? Could a user just ship a rule or just a timeline? |
|
@rw-access Could you add a sample package for testing this? |
ruflin
left a comment
There was a problem hiding this comment.
For later: Should we do on the package side an validation of the rules file?
@ycombinator do we apply some automatic formatting to it?
versions/1/kibana/spec.yml
Outdated
| - description: An individual rule file for the detection engine | ||
| type: file | ||
| contentMediaType: "application/json" | ||
| pattern: '^rule-.+\.json$' |
There was a problem hiding this comment.
Is the rule prefix in the name required?
There was a problem hiding this comment.
no, I can loosen this to just *.json
The package spec does allow for defining the structure of file contents but we have deliberately not specified structures for other Kibana saved objects like dashboards, etc. because we're treating those as Kibana implementation details (at least for the moment). The only basic validation is that the files match a certain mime type and are (potentially) named a certain way, both of which are being done in this PR.
Automatic formatting to the JSON files? Yes, |
cc @FrankHassanabad, @spong, @brokensound77, @kevinlog
What does this PR do?
security-ruleasset type for rules that will be delivered to Security » Detection Engine » Detection rules part of Kibana.Why is it important?
This is a dependency for:
Checklist
Note: I haven't added a test package yet, because I'm expecting requested changes. Once we converge on the spec, I think it makes sense to add a test package.
test/packagesthat prove my change is effective.versions/N/changelog.yml.Related issues
No related public issues, just these PRs