Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Detections] Add support for exceptions to ML Rules #75820

Closed
2 tasks
spong opened this issue Aug 24, 2020 · 3 comments
Closed
2 tasks

[Security Solution][Detections] Add support for exceptions to ML Rules #75820

spong opened this issue Aug 24, 2020 · 3 comments
Assignees
@marshallmain
Labels
enhancement New value added to drive a business result Feature:Detection Rules Anything related to Security Solution's Detection Rules Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM

Comments

@spong
Copy link
Member

spong commented Aug 24, 2020

Currently exceptions are not supported for ML Rules, however there are no hard external dependencies for enabling support.

On the Detections side we'll need to make the following changes:

  • Pass the exception filters as KQL to the mlAnomalySearch for supporting non-value-list exceptions
  • Wire up a code path into the "big loop" for ML Rules so that value-lists can be supported as well

Once complete we'll of course need to remove the checks and guards around adding exceptions to ML Rules (API/UI).
@spong spong added enhancement New value added to drive a business result Team:SIEM Feature:Detection Rules Anything related to Security Solution's Detection Rules labels Aug 24, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/siem (Team:SIEM)

@spong spong mentioned this issue Aug 24, 2020
Closed
@MindyRS MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Oct 27, 2020
@SHolzhauer
Copy link

Yes please!

@peluja1012
Copy link
Contributor

Implemented by #84006

@jmikell821 jmikell821 mentioned this issue Jan 4, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marshallmain marshallmain

Labels
enhancement New value added to drive a business result Feature:Detection Rules Anything related to Security Solution's Detection Rules Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@peluja1012 @MindyRS @spong @elasticmachine @SHolzhauer @marshallmain