Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] PoC of the rule upgrade workflow #137446

Closed
Tracked by #174166
xcrzx opened this issue Jul 28, 2022 · 3 comments
Closed
Tracked by #174166

[Security Solution] PoC of the rule upgrade workflow #137446

xcrzx opened this issue Jul 28, 2022 · 3 comments
Assignees
@banderror
Labels
8.7 candidate Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.7.0

Comments

@xcrzx
Copy link
Contributor

xcrzx commented Jul 28, 2022
edited by banderror

Epic: https://github.com/elastic/security-team/issues/1974 (internal)

Summary

To implement the rule upgrade UI (see designs), we will first need to do some software design work for the rule upgrade workflow:

  • Design a data model of prebuilt rule assets
  • Design a domain model that will be used on the frontend to build the rule upgrade UI
  • Design API endpoints for the rule upgrade workflow
  • Design an algorithm that returns a diff between several rule versions

A PoC should be built to prove the design.

Diff algorithm

For every prebuilt rule, this algorithm will return a diff between several versions of the same rule:

  • The current local rule revision (R2 on the diagram below)
  • The rule version the current had been forked from (V2)
  • The latest remote rule version we’re upgrading to(V4)

The algorithm should:

  1. Return changes between R2 and V2
  2. Return changes between V2 and V4
  3. Return conflicts: fields modified in both R2 and V4. Or that information should be easily derived from the above.
  4. Ignore insignificant changes, like changes in the order of rule tags
@xcrzx xcrzx added Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Feature:Rule Management Security Solution Detection Rule Management Team:Detection Rule Management Security Detection Rule Management Team labels Jul 28, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@banderror banderror mentioned this issue Jul 28, 2022
Closed
@banderror banderror added the Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules label Jul 28, 2022
@banderror banderror self-assigned this Jul 28, 2022
@banderror banderror changed the title [Security Solution] Implement an algorithm that calculates diff between rule verions [Security Solution] Implement an algorithm that calculates diff between rule versions Aug 7, 2022
@banderror banderror changed the title [Security Solution] Implement an algorithm that calculates diff between rule versions [Security Solution] PoC of an algorithm that calculates diff between rule versions Aug 7, 2022
@xcrzx xcrzx mentioned this issue Aug 17, 2022
Closed
8 tasks
@banderror banderror changed the title [Security Solution] PoC of an algorithm that calculates diff between rule versions [Security Solution] PoC of the rule upgrade workflow Sep 12, 2022
@banderror banderror mentioned this issue Oct 26, 2022
Closed
12 tasks
@banderror banderror mentioned this issue Nov 24, 2022
Open
@banderror banderror added v8.7.0 and removed Feature:Rule Management Security Solution Detection Rule Management labels Dec 29, 2022
@banderror
Copy link
Contributor

This PoC has been completed in #144060. Please read the description of this PR for the decisions, software design, and conclusions we've made.

@banderror banderror mentioned this issue Jan 3, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@banderror banderror

Labels
8.7 candidate Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.7.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@xcrzx @banderror @elasticmachine