bc6 rule import april 9 #63152
Merged
bc6 rule import april 9 #63152
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Increased the lookback of the ML rules
randomuserid
added
release_note:skip
|
Pinging @elastic/siem (Team:SIEM) |
rw-access
reviewed
Apr 9, 2020
| ], | ||
| "type": "query", | ||
| "version": 2 | ||
| { |
There was a problem hiding this comment.
line endings are screwed up again.
should I fix this like the other one?
There was a problem hiding this comment.
Let's let this test run complete first, I'd like to see the test result as early as possible. After that yes, please do fix later today or tomorrow. I will hold off on merging until we're happy.
There was a problem hiding this comment.
It would be great if this could be fixed upstream. @randomuserid where does that toml -> json code live?
There was a problem hiding this comment.
Just ensure that it is from a package generated from https://github.com/elastic/siem-rules/pull/137 with the hash
- sha256: 65a4b77aaba364acb7196c4d0ffc8c0dd9476f63bb96f9c5105e59ddc01a8f3d
There was a problem hiding this comment.
Oh, nice! Thanks @brokensound77 and @rw-access for being on top of this.
|
@elasticmachine merge upstream |
💚 Build SucceededHistory
To update your PR or re-run it, just comment with: |
This was referenced Apr 10, 2020
spong
pushed a commit
to spong/kibana
that referenced
this pull request
Apr 10, 2020
* bc6 rule import april 9 Increased the lookback of the ML rules * re-import with LF chars Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
spong
added a commit
that referenced
this pull request
Apr 10, 2020
* bc6 rule import april 9 Increased the lookback of the ML rules * re-import with LF chars Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: The SpaceCake Project <randomuserid@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
spong
added a commit
that referenced
this pull request
Apr 11, 2020
* bc6 rule import april 9 Increased the lookback of the ML rules * re-import with LF chars Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: The SpaceCake Project <randomuserid@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
majagrubic
pushed a commit
to majagrubic/kibana
that referenced
this pull request
Apr 16, 2020
* bc6 rule import april 9 Increased the lookback of the ML rules * re-import with LF chars Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
majagrubic
pushed a commit
that referenced
this pull request
Apr 22, 2020
* Attempt at deangularization, nr.2 * Remove padding in fullscreen * Fixing failing functional test * Fixing remaining functional test * Fixing typescript errors * Fixing filter bar not being visible in fullscreen * Fixing filter bar not being visible in fullscreen * Rebasing against master * Fixing a small leftover * Fix order of functions * Fixing linting error * Changing noPadding to a custom class * Use filterManagers to handle filters * Rename class * Attempt at deangularization, nr.2 * Remove padding in fullscreen * Fixing failing functional test * Fixing remaining functional test * Fixing typescript errors * Fixing filter bar not being visible in fullscreen * Fixing filter bar not being visible in fullscreen * Rebasing against master * Fixing a small leftover * Fix order of functions * Fixing linting error * [APM] Agent config select box doesn't work on IE (#63236) * adding value property to select options * fixing test * Use globe icon for "ext" span type on service map (#63205) Both "external" and "ext" can be returned and should have the same icon. * Move shared vislib components into Charts plugin (#62957) * Closes #56310 Move shared vislib components into Charts plugin * Fixed imports in tests * Changed i18n IDs to match charts namespace * Renamed ColorSchemaVislibParams to ColorSchemaParams, added enums and got rid of useValidation function * Renamed ColorSchemaVislibParams to ColorSchemaParams and got rid of useValidation function * Fixed merge conflict * Replaced enums with objects again * Make uptime alert flyout test a little more resilient (#62702) * [SIEM] [Cases] Unit tests for case UI components (#63005) * Endpoint: Remove unused `lib` module (#63248) * [Lens] Fix error in query from generated suggestion (#63018) * [Lens] Fix error in query from generated suggestion * Update from review comments * Fix test Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> * Resolver/node svg 2 html (#62958) * Remove some SVG in Resolver nodes and replace with HTML * [Reporting] convert all server unit tests to TypeScript (#62873) * [Reporting] convert all server unit tests to TypeScript * fix ts * revert unrelated change * [SIEM] Link ML Rule card CTA to license_management (#63210) * Link ML Rule card CTA to license_management Taking the user directly to the license management page within kibana (where they could immediately start a trial subscription) is much more actionable than taking them to the subscriptions marketing page. * Revert translation key change Neither of these is totally accurate, and there've already been translations written for the old one. * Correctly type ILM's optional dependencies as optional (#63255) And guard against their absence. * [Telemetry] use prod keys (#63263) * update chromedriver dependency to 81.0.0 (#63266) * task/mac-eventing-form (#62999) adds mac events form for endpoint policy details Co-authored-by: oatkiller <robert.austin@elastic.co> * bc6 rule import april 9 (#63152) * bc6 rule import april 9 Increased the lookback of the ML rules * re-import with LF chars Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> * Added UI for pre-configured connectors. (#63074) * Added UI for pre-configured connectors. * fixed due to comments * Fixed jest tests * Fixed due to comments and added some functional tests * test fix * Fixed failed checks * Fixed functional tests failing * TaskManager tasks scheduled without attempting to run (#62078) * TaskManager tasks scheduled without attempting to run * Removing unused import Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> * Changed alerting wrong param name for help xpack.encrypted_saved_objects.encryptionKey to xpack.encryptedSavedObjects.encryptionKey (#63307) * fix ScopedHistory.createHref to prepend location with scoped history basePath (#62407) * fix createHref to prepend with scoped history basePath + add option to exclude it. * fix prependBasePath behavior * fix test plugins urls * add pathname to endpoint url builder methods * Revert "add pathname to endpoint url builder methods" This reverts commit 7604932 * adapt createHref instead of prependBasePath * use object options for createHref * update generated doc * fixing custom link popover size and hiding scroll (#63240) * Changing noPadding to a custom class * Use filterManagers to handle filters * Rename class * Applying some changes * Reverting search_bar code changes * Removing some stuff that was causing functional tests to fail * Removing refresh dashboard container which was causing errors during navigation * Do not destroy dashboardContainer * Adding updateSavedQueryId method Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: Cauê Marcondes <55978943+cauemarcondes@users.noreply.github.com> Co-authored-by: Nathan L Smith <nathan.smith@elastic.co> Co-authored-by: DianaDerevyankina <54894989+DianaDerevyankina@users.noreply.github.com> Co-authored-by: Brian Seeders <brian.seeders@elastic.co> Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co> Co-authored-by: Robert Austin <robert.austin@elastic.co> Co-authored-by: Wylie Conlon <william.conlon@elastic.co> Co-authored-by: Brent Kimmel <bkimmel@users.noreply.github.com> Co-authored-by: Tim Sullivan <tsullivan@users.noreply.github.com> Co-authored-by: Ryland Herrick <ryalnd@gmail.com> Co-authored-by: CJ Cenizal <cj@cenizal.com> Co-authored-by: Ahmad Bamieh <ahmadbamieh@gmail.com> Co-authored-by: Dmitry Lemeshko <dzmitry.lemechko@elastic.co> Co-authored-by: Candace Park <56409205+parkiino@users.noreply.github.com> Co-authored-by: The SpaceCake Project <randomuserid@users.noreply.github.com> Co-authored-by: Yuliia Naumenko <jo.naumenko@gmail.com> Co-authored-by: Brandon Kobel <brandon.kobel@elastic.co> Co-authored-by: Pierre Gayvallet <pierre.gayvallet@elastic.co>
majagrubic
pushed a commit
to majagrubic/kibana
that referenced
this pull request
Apr 22, 2020
* Attempt at deangularization, nr.2 * Remove padding in fullscreen * Fixing failing functional test * Fixing remaining functional test * Fixing typescript errors * Fixing filter bar not being visible in fullscreen * Fixing filter bar not being visible in fullscreen * Rebasing against master * Fixing a small leftover * Fix order of functions * Fixing linting error * Changing noPadding to a custom class * Use filterManagers to handle filters * Rename class * Attempt at deangularization, nr.2 * Remove padding in fullscreen * Fixing failing functional test * Fixing remaining functional test * Fixing typescript errors * Fixing filter bar not being visible in fullscreen * Fixing filter bar not being visible in fullscreen * Rebasing against master * Fixing a small leftover * Fix order of functions * Fixing linting error * [APM] Agent config select box doesn't work on IE (elastic#63236) * adding value property to select options * fixing test * Use globe icon for "ext" span type on service map (elastic#63205) Both "external" and "ext" can be returned and should have the same icon. * Move shared vislib components into Charts plugin (elastic#62957) * Closes elastic#56310 Move shared vislib components into Charts plugin * Fixed imports in tests * Changed i18n IDs to match charts namespace * Renamed ColorSchemaVislibParams to ColorSchemaParams, added enums and got rid of useValidation function * Renamed ColorSchemaVislibParams to ColorSchemaParams and got rid of useValidation function * Fixed merge conflict * Replaced enums with objects again * Make uptime alert flyout test a little more resilient (elastic#62702) * [SIEM] [Cases] Unit tests for case UI components (elastic#63005) * Endpoint: Remove unused `lib` module (elastic#63248) * [Lens] Fix error in query from generated suggestion (elastic#63018) * [Lens] Fix error in query from generated suggestion * Update from review comments * Fix test Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> * Resolver/node svg 2 html (elastic#62958) * Remove some SVG in Resolver nodes and replace with HTML * [Reporting] convert all server unit tests to TypeScript (elastic#62873) * [Reporting] convert all server unit tests to TypeScript * fix ts * revert unrelated change * [SIEM] Link ML Rule card CTA to license_management (elastic#63210) * Link ML Rule card CTA to license_management Taking the user directly to the license management page within kibana (where they could immediately start a trial subscription) is much more actionable than taking them to the subscriptions marketing page. * Revert translation key change Neither of these is totally accurate, and there've already been translations written for the old one. * Correctly type ILM's optional dependencies as optional (elastic#63255) And guard against their absence. * [Telemetry] use prod keys (elastic#63263) * update chromedriver dependency to 81.0.0 (elastic#63266) * task/mac-eventing-form (elastic#62999) adds mac events form for endpoint policy details Co-authored-by: oatkiller <robert.austin@elastic.co> * bc6 rule import april 9 (elastic#63152) * bc6 rule import april 9 Increased the lookback of the ML rules * re-import with LF chars Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> * Added UI for pre-configured connectors. (elastic#63074) * Added UI for pre-configured connectors. * fixed due to comments * Fixed jest tests * Fixed due to comments and added some functional tests * test fix * Fixed failed checks * Fixed functional tests failing * TaskManager tasks scheduled without attempting to run (elastic#62078) * TaskManager tasks scheduled without attempting to run * Removing unused import Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> * Changed alerting wrong param name for help xpack.encrypted_saved_objects.encryptionKey to xpack.encryptedSavedObjects.encryptionKey (elastic#63307) * fix ScopedHistory.createHref to prepend location with scoped history basePath (elastic#62407) * fix createHref to prepend with scoped history basePath + add option to exclude it. * fix prependBasePath behavior * fix test plugins urls * add pathname to endpoint url builder methods * Revert "add pathname to endpoint url builder methods" This reverts commit 7604932 * adapt createHref instead of prependBasePath * use object options for createHref * update generated doc * fixing custom link popover size and hiding scroll (elastic#63240) * Changing noPadding to a custom class * Use filterManagers to handle filters * Rename class * Applying some changes * Reverting search_bar code changes * Removing some stuff that was causing functional tests to fail * Removing refresh dashboard container which was causing errors during navigation * Do not destroy dashboardContainer * Adding updateSavedQueryId method Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: Cauê Marcondes <55978943+cauemarcondes@users.noreply.github.com> Co-authored-by: Nathan L Smith <nathan.smith@elastic.co> Co-authored-by: DianaDerevyankina <54894989+DianaDerevyankina@users.noreply.github.com> Co-authored-by: Brian Seeders <brian.seeders@elastic.co> Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co> Co-authored-by: Robert Austin <robert.austin@elastic.co> Co-authored-by: Wylie Conlon <william.conlon@elastic.co> Co-authored-by: Brent Kimmel <bkimmel@users.noreply.github.com> Co-authored-by: Tim Sullivan <tsullivan@users.noreply.github.com> Co-authored-by: Ryland Herrick <ryalnd@gmail.com> Co-authored-by: CJ Cenizal <cj@cenizal.com> Co-authored-by: Ahmad Bamieh <ahmadbamieh@gmail.com> Co-authored-by: Dmitry Lemeshko <dzmitry.lemechko@elastic.co> Co-authored-by: Candace Park <56409205+parkiino@users.noreply.github.com> Co-authored-by: The SpaceCake Project <randomuserid@users.noreply.github.com> Co-authored-by: Yuliia Naumenko <jo.naumenko@gmail.com> Co-authored-by: Brandon Kobel <brandon.kobel@elastic.co> Co-authored-by: Pierre Gayvallet <pierre.gayvallet@elastic.co>
majagrubic
pushed a commit
that referenced
this pull request
Apr 22, 2020
* Attempt at deangularization, nr.2 * Remove padding in fullscreen * Fixing failing functional test * Fixing remaining functional test * Fixing typescript errors * Fixing filter bar not being visible in fullscreen * Fixing filter bar not being visible in fullscreen * Rebasing against master * Fixing a small leftover * Fix order of functions * Fixing linting error * Changing noPadding to a custom class * Use filterManagers to handle filters * Rename class * Attempt at deangularization, nr.2 * Remove padding in fullscreen * Fixing failing functional test * Fixing remaining functional test * Fixing typescript errors * Fixing filter bar not being visible in fullscreen * Fixing filter bar not being visible in fullscreen * Rebasing against master * Fixing a small leftover * Fix order of functions * Fixing linting error * [APM] Agent config select box doesn't work on IE (#63236) * adding value property to select options * fixing test * Use globe icon for "ext" span type on service map (#63205) Both "external" and "ext" can be returned and should have the same icon. * Move shared vislib components into Charts plugin (#62957) * Closes #56310 Move shared vislib components into Charts plugin * Fixed imports in tests * Changed i18n IDs to match charts namespace * Renamed ColorSchemaVislibParams to ColorSchemaParams, added enums and got rid of useValidation function * Renamed ColorSchemaVislibParams to ColorSchemaParams and got rid of useValidation function * Fixed merge conflict * Replaced enums with objects again * Make uptime alert flyout test a little more resilient (#62702) * [SIEM] [Cases] Unit tests for case UI components (#63005) * Endpoint: Remove unused `lib` module (#63248) * [Lens] Fix error in query from generated suggestion (#63018) * [Lens] Fix error in query from generated suggestion * Update from review comments * Fix test Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> * Resolver/node svg 2 html (#62958) * Remove some SVG in Resolver nodes and replace with HTML * [Reporting] convert all server unit tests to TypeScript (#62873) * [Reporting] convert all server unit tests to TypeScript * fix ts * revert unrelated change * [SIEM] Link ML Rule card CTA to license_management (#63210) * Link ML Rule card CTA to license_management Taking the user directly to the license management page within kibana (where they could immediately start a trial subscription) is much more actionable than taking them to the subscriptions marketing page. * Revert translation key change Neither of these is totally accurate, and there've already been translations written for the old one. * Correctly type ILM's optional dependencies as optional (#63255) And guard against their absence. * [Telemetry] use prod keys (#63263) * update chromedriver dependency to 81.0.0 (#63266) * task/mac-eventing-form (#62999) adds mac events form for endpoint policy details Co-authored-by: oatkiller <robert.austin@elastic.co> * bc6 rule import april 9 (#63152) * bc6 rule import april 9 Increased the lookback of the ML rules * re-import with LF chars Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> * Added UI for pre-configured connectors. (#63074) * Added UI for pre-configured connectors. * fixed due to comments * Fixed jest tests * Fixed due to comments and added some functional tests * test fix * Fixed failed checks * Fixed functional tests failing * TaskManager tasks scheduled without attempting to run (#62078) * TaskManager tasks scheduled without attempting to run * Removing unused import Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> * Changed alerting wrong param name for help xpack.encrypted_saved_objects.encryptionKey to xpack.encryptedSavedObjects.encryptionKey (#63307) * fix ScopedHistory.createHref to prepend location with scoped history basePath (#62407) * fix createHref to prepend with scoped history basePath + add option to exclude it. * fix prependBasePath behavior * fix test plugins urls * add pathname to endpoint url builder methods * Revert "add pathname to endpoint url builder methods" This reverts commit 7604932 * adapt createHref instead of prependBasePath * use object options for createHref * update generated doc * fixing custom link popover size and hiding scroll (#63240) * Changing noPadding to a custom class * Use filterManagers to handle filters * Rename class * Applying some changes * Reverting search_bar code changes * Removing some stuff that was causing functional tests to fail * Removing refresh dashboard container which was causing errors during navigation * Do not destroy dashboardContainer * Adding updateSavedQueryId method Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: Cauê Marcondes <55978943+cauemarcondes@users.noreply.github.com> Co-authored-by: Nathan L Smith <nathan.smith@elastic.co> Co-authored-by: DianaDerevyankina <54894989+DianaDerevyankina@users.noreply.github.com> Co-authored-by: Brian Seeders <brian.seeders@elastic.co> Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co> Co-authored-by: Robert Austin <robert.austin@elastic.co> Co-authored-by: Wylie Conlon <william.conlon@elastic.co> Co-authored-by: Brent Kimmel <bkimmel@users.noreply.github.com> Co-authored-by: Tim Sullivan <tsullivan@users.noreply.github.com> Co-authored-by: Ryland Herrick <ryalnd@gmail.com> Co-authored-by: CJ Cenizal <cj@cenizal.com> Co-authored-by: Ahmad Bamieh <ahmadbamieh@gmail.com> Co-authored-by: Dmitry Lemeshko <dzmitry.lemechko@elastic.co> Co-authored-by: Candace Park <56409205+parkiino@users.noreply.github.com> Co-authored-by: The SpaceCake Project <randomuserid@users.noreply.github.com> Co-authored-by: Yuliia Naumenko <jo.naumenko@gmail.com> Co-authored-by: Brandon Kobel <brandon.kobel@elastic.co> Co-authored-by: Pierre Gayvallet <pierre.gayvallet@elastic.co> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: Cauê Marcondes <55978943+cauemarcondes@users.noreply.github.com> Co-authored-by: Nathan L Smith <nathan.smith@elastic.co> Co-authored-by: DianaDerevyankina <54894989+DianaDerevyankina@users.noreply.github.com> Co-authored-by: Brian Seeders <brian.seeders@elastic.co> Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co> Co-authored-by: Robert Austin <robert.austin@elastic.co> Co-authored-by: Wylie Conlon <william.conlon@elastic.co> Co-authored-by: Brent Kimmel <bkimmel@users.noreply.github.com> Co-authored-by: Tim Sullivan <tsullivan@users.noreply.github.com> Co-authored-by: Ryland Herrick <ryalnd@gmail.com> Co-authored-by: CJ Cenizal <cj@cenizal.com> Co-authored-by: Ahmad Bamieh <ahmadbamieh@gmail.com> Co-authored-by: Dmitry Lemeshko <dzmitry.lemechko@elastic.co> Co-authored-by: Candace Park <56409205+parkiino@users.noreply.github.com> Co-authored-by: The SpaceCake Project <randomuserid@users.noreply.github.com> Co-authored-by: Yuliia Naumenko <jo.naumenko@gmail.com> Co-authored-by: Brandon Kobel <brandon.kobel@elastic.co> Co-authored-by: Pierre Gayvallet <pierre.gayvallet@elastic.co>
MindyRS
added
the
Team: SecuritySolution
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Increased the lookback time of the ML SIEM rules.
Checklist
Delete any items that are not applicable to this PR.
For maintainers