Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Make existing OpenAPI specs for Detections API correct #183701

Open
18 tasks
maximpn opened this issue May 17, 2024 · 4 comments
Open
18 tasks

[Security Solution] Make existing OpenAPI specs for Detections API correct #183701

maximpn opened this issue May 17, 2024 · 4 comments
Labels
docs Team:Detection Engine Security Solution Detection Engine Area Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.

Comments

@maximpn
Copy link
Contributor

maximpn commented May 17, 2024
edited by banderror
Loading

Epic: https://github.com/elastic/security-team/issues/9398

Deadline: Jul 29, 2024 (see milestones in https://github.com/elastic/security-team/issues/9400)

Summary

As part of the Serverless project, we need to make sure OpenAPI specs for all public Detections API endpoints are correct. We want all the APIs documented before Serverless GA. Please look for more context in the epic.

During a Security Solution public API research we discovered that for some of the public Detections API endpoints we already have OpenAPI specs. We just need to make sure they are correct. Please see below what needs to be done exactly.

API endpoints

The following public API endpoints are available in both Serverless and ESS, and have OpenAPI specs:

  • GET /api/detection_engine/rules
  • POST /api/detection_engine/rules
  • PUT /api/detection_engine/rules
  • PATCH /api/detection_engine/rules
  • DELETE /api/detection_engine/rules
  • POST /api/detection_engine/rules/_bulk_action
  • POST /api/detection_engine/rules/_export
  • POST /api/detection_engine/rules/_import
  • GET /api/detection_engine/rules/_find
  • GET /api/detection_engine/tags
  • GET /api/detection_engine/rules/prepackaged/_status
  • PUT /api/detection_engine/rules/prepackaged
  • POST /api/detection_engine/signals/assignees
  • POST /api/exceptions/shared

The following public API endpoints are available in ESS only, and have OpenAPI specs:

  • POST /api/detection_engine/rules/_bulk_create
  • PUT /api/detection_engine/rules/_bulk_update
  • PATCH /api/detection_engine/rules/_bulk_update
  • DELETE /api/detection_engine/rules/_bulk_delete

To do

  • Make sure your specs (including those above) are valid OpenAPI documents.
  • Make sure your specs (including those above) match the actual API contracts defined in the code.
  • Mark the endpoints as available in ESS, or Serverless, or in both offerings (depends on: https://github.com/elastic/security-team/issues/9516).
@maximpn maximpn added docs Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Detection Rule Management Security Detection Rule Management Team Project:Serverless Work as part of the Serverless project for its initial release Team:Detection Engine Security Solution Detection Engine Area labels May 17, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-engine (Team:Detection Engine)

@maximpn maximpn mentioned this issue May 17, 2024
Open
31 tasks
@banderror banderror changed the title [Security Solution] Make existing OpenAPI specs for Detection Engine API correct [Security Solution] Make existing OpenAPI specs for Detections API correct May 17, 2024
This was referenced May 20, 2024
Open
Open
@banderror banderror removed the Project:Serverless Work as part of the Serverless project for its initial release label Jun 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
docs Team:Detection Engine Security Solution Detection Engine Area Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@maximpn @banderror @elasticmachine