Description
This documentation request is basically a clone of the "related_integrations" documentation request, but for "required_fields".
We are wrapping up the work on the PR that adds an ability to add and edit rule's required fields. "Required fields" is an optional field that shows the user which Elasticsearch fields are needed for the rule to run properly. Currently required fields are hardcoded in Elastic prebuilt rules. Once this PR is merged, users will be able to modify required fields for custom rules.
Background & resources
Which documentation set does this change impact?
ESS and serverless
ESS release
8.15
Serverless release
Mon, May 20, 2024
Feature differences
The feature is identical in ESS and Serverless.
API docs impact
The feature touched existing rule management endpoints. All endpoints will accept required fields as well as return them. The followings APIs are affected
- Get rule
GET /api/detection_engine/rules
- Create rule
POST /api/detection_engine/rules
- Update rule
PUT /api/detection_engine/rules
- Patch rule
PATCH /api/detection_engine/rules
- Find rules
GET /api/detection_engine/rules/_find
- Bulk create rules
POST /api/detection_engine/rules/_bulk_create (endpoint is deprecated)
- Bulk update rules
PUT /api/detection_engine/rules/_bulk_update (endpoint is deprecated)
- Bulk patch rules
PATCH /api/detection_engine/rules/_bulk_update (endpoint is deprecated)
- Bulk actions
POST /api/detection_engine/rules/_bulk_action
- Edit rules
- Export rules
- Import rules
- Rule response from bulk operations
- Import rules
POST /api/detection_engine/rules/_import
- Export rules
POST /api/detection_engine/rules/_export
Prerequisites, privileges, feature flags
No special requirements
### Tasks
- [x] Serverless docs — https://github.com/elastic/staging-serverless-security-docs/pull/357
- [x] Classic docs — https://github.com/elastic/security-docs/pull/5287
- [x] API docs (classic) — https://github.com/elastic/security-docs/pull/5190
Description
This documentation request is basically a clone of the "related_integrations" documentation request, but for "required_fields".
We are wrapping up the work on the PR that adds an ability to add and edit rule's required fields. "Required fields" is an optional field that shows the user which Elasticsearch fields are needed for the rule to run properly. Currently required fields are hardcoded in Elastic prebuilt rules. Once this PR is merged, users will be able to modify required fields for custom rules.
Background & resources
Which documentation set does this change impact?
ESS and serverless
ESS release
8.15
Serverless release
Mon, May 20, 2024
Feature differences
The feature is identical in ESS and Serverless.
API docs impact
The feature touched existing rule management endpoints. All endpoints will accept required fields as well as return them. The followings APIs are affected
GET /api/detection_engine/rulesPOST /api/detection_engine/rulesPUT /api/detection_engine/rulesPATCH /api/detection_engine/rulesGET /api/detection_engine/rules/_findPOST /api/detection_engine/rules/_bulk_create(endpoint is deprecated)PUT /api/detection_engine/rules/_bulk_update(endpoint is deprecated)PATCH /api/detection_engine/rules/_bulk_update(endpoint is deprecated)POST /api/detection_engine/rules/_bulk_actionPOST /api/detection_engine/rules/_importPOST /api/detection_engine/rules/_exportPrerequisites, privileges, feature flags
No special requirements