Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Detections] Add package tests for rule_id uniqueness and ensuring correct sourcePackage #128547

Open
spong opened this issue Mar 24, 2022 · 1 comment
Open

[Security Solution][Detections] Add package tests for rule_id uniqueness and ensuring correct sourcePackage #128547

spong opened this issue Mar 24, 2022 · 1 comment
Labels
enhancement New value added to drive a business result Feature:Detection Rules Security Solution rules and Detection Engine Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area Feature:Rule Management Security Solution Detection Rule Management area Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. triage_needed

Comments

@spong
Copy link
Member

spong commented Mar 24, 2022
edited
Loading

In discussion from #128202, in effort to cut down on packages shipping security-rule assets without a unique rule_id, it was decided to add a sourcePackage field for disambiguation (#128544), and to also add tests within the integrations repo to ensure any security-rules assets a package ships at least have a unique rule_id within the package itself (since a test case can't be added globally for all packages elastic/integrations#2115 (comment)).

While this work would happen within the integrations repo, it's most likely the @elastic/security-detections-response-rules team that will be doing it, so this ticket is for tracking that effort.

Outputs:

  1. Test to ensure all security-rule assets in the package have a unique `rule_id
  2. Test to ensure all security-rule assets have the field sourcePackage and that it is the name of the package itself
@spong spong added triage_needed enhancement New value added to drive a business result Feature:Detection Rules Security Solution rules and Detection Engine Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Feature:Rule Management Security Solution Detection Rule Management area Team:Detection Rule Management Security Detection Rule Management Team Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area labels Mar 24, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@spong spong mentioned this issue Mar 24, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New value added to drive a business result Feature:Detection Rules Security Solution rules and Detection Engine Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area Feature:Rule Management Security Solution Detection Rule Management area Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. triage_needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@spong @elasticmachine