Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SIEM][Detection Engine] Critical blocker rule changes and ECS changes #55883

Merged
merged 10 commits into from
Jan 25, 2020
Merged

[SIEM][Detection Engine] Critical blocker rule changes and ECS changes #55883

merged 10 commits into from
Jan 25, 2020

Conversation

FrankHassanabad
Copy link
Contributor

@FrankHassanabad FrankHassanabad commented Jan 24, 2020
edited
Loading

Summary

  • Changes ECS techniques to the word technique as techniques is incorrect ECS and incorrect mapping and without this our product could crash
  • Changes ECS threats to the word threat as threats is incorrect ECS and incorrect mapping and without this our product could crash
  • Added histogram mapping for signal.rule.threat.tactic.name as that was missing
  • Added Elastic and removed EIA for tags
  • Updates unit tests
  • Cleans up rules by removing extra characters and removing fields not required.
  • Adds concrete index'es as this was a critical breaking bug
  • Fixes issues with imports where imports could change an immutable from false to true and suddenly cause out of band immutables to occur.

Checklist

Use strikethroughs to remove checklist items you don't feel are applicable to this PR.

- [ ] This was checked for cross-browser compatibility, including a check against IE11

- [ ] Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support

- [ ] Documentation was added for features that require explanation or tutorials

- [ ] This was checked for keyboard-only and screenreader accessibility

For maintainers

- [ ] This was checked for breaking API changes and was labeled appropriately

@FrankHassanabad FrankHassanabad self-assigned this Jan 24, 2020
@FrankHassanabad FrankHassanabad marked this pull request as ready for review January 24, 2020 20:38
@FrankHassanabad FrankHassanabad added release_note:skip Skip the PR/issue when compiling release notes v7.6.0 v7.7.0 v8.0.0 Team:SIEM labels Jan 24, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/siem (Team:SIEM)

dhurley14
dhurley14 approved these changes Jan 24, 2020
View reviewed changes
Copy link
Contributor

@dhurley14 dhurley14 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you are updating one more test but LGTM.

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@FrankHassanabad FrankHassanabad merged commit a63e8a4 into elastic:master Jan 25, 2020
@FrankHassanabad FrankHassanabad deleted the change-technique-to-techniques branch January 25, 2020 05:18
This was referenced Jan 25, 2020
Merged
Merged
@rylnd rylnd mentioned this pull request Apr 20, 2020
Merged
1 task
rylnd added a commit to rylnd/kibana that referenced this pull request Apr 21, 2020
@rylnd
Update script following updates to the output's usage
a3284b2 
This was changed in elastic#55883 but the
script was not updated accordingly.
rylnd added a commit that referenced this pull request Apr 21, 2020
@rylnd
[SIEM] Server NP Followup (#64010)
ff5971a 
* Remove unused file

This was moved to a constant in common/constants.

* Remove unused types

Omit is now part of Typescript, and Pick3 is unused.

* Define and export SIEM's plugin contracts

They're empty for now.

* Import config type from config file

Instead of our plugin index, which could only cause circular
dependencies.

* SiemClient API uses getter function instead of direct property access

* Add public mock for SiemClient

* Fix typo in extract-mitre-attacks script

We were backgrounding the process (&) instead of ANDing it with the
linting. Whoops!

* Remove missed instance of old siemClient API

I missed this one when grepping, but typescript and CI saved me.

* Use our client mock in our test suite

This was causing some test failures as I forgot to update the client mock

* Update script following updates to the output's usage

This was changed in #55883 but the
script was not updated accordingly.
rylnd added a commit that referenced this pull request Apr 21, 2020
@rylnd
[SIEM] Server NP Followup (#64010) (#64100)
7997f2c 
* Remove unused file

This was moved to a constant in common/constants.

* Remove unused types

Omit is now part of Typescript, and Pick3 is unused.

* Define and export SIEM's plugin contracts

They're empty for now.

* Import config type from config file

Instead of our plugin index, which could only cause circular
dependencies.

* SiemClient API uses getter function instead of direct property access

* Add public mock for SiemClient

* Fix typo in extract-mitre-attacks script

We were backgrounding the process (&) instead of ANDing it with the
linting. Whoops!

* Remove missed instance of old siemClient API

I missed this one when grepping, but typescript and CI saved me.

* Use our client mock in our test suite

This was causing some test failures as I forgot to update the client mock

* Update script following updates to the output's usage

This was changed in #55883 but the
script was not updated accordingly.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dhurley14 dhurley14 dhurley14 approved these changes

Assignees

@FrankHassanabad FrankHassanabad

Labels
release_note:skip Skip the PR/issue when compiling release notes Team:SIEM v7.6.0 v7.7.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@FrankHassanabad @elasticmachine @kibanamachine @dhurley14