Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] DetectionRulesClient refactoring. Part 3 #187656

Open
14 tasks
Tracked by #179907
banderror opened this issue Jul 5, 2024 · 3 comments
Open
14 tasks
Tracked by #179907

[Security Solution] DetectionRulesClient refactoring. Part 3 #187656

banderror opened this issue Jul 5, 2024 · 3 comments
Labels
Feature:Rule Management Security Solution Detection Rule Management area refactoring Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.

Comments

@banderror
Copy link
Contributor

banderror commented Jul 5, 2024
edited by xcrzx
Loading

Epics: https://github.com/elastic/security-team/issues/1974 (internal), #174168
Follow-up to: #184364

Summary

Let's finalize the DetectionRulesClient refactoring previously done in #184364 and #180128.

PRs

TBD

Left to do

  • Add methods for fetching multiple rules to the client and refactor these utilities:
  • Add methods for fetching a single rule and refactor these utilities:
  • Consider adding a method for exporting rules to the client. Check if this refactoring is overly complex. If it is, add it to a separate ticket.
  • Replace usage of getIdError in DetectionRulesClient. Perhaps findRuleById can be used instead.
  • Refactor throwing an error created with createBulkErrorObject in importRule. There shouldn't be a dependency on createBulkErrorObject since we don't deal with bulk operations in the client.
  • Wrap every method in a try-catch and throw a method-specific error (check how it's done it rule monitoring)
  • Check in Git history why is there a check for removed rule at the end of upgradePrebuiltRule
  • Add duplicateRule method?
  • Add error handling to toggleRuleEnabledOnUpdate (comment)
@banderror banderror added triage_needed refactoring Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Feature:Rule Management Security Solution Detection Rule Management area Team:Detection Rule Management Security Detection Rule Management Team labels Jul 5, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

This was referenced Jul 5, 2024
Closed
Open
@banderror banderror mentioned this issue Jul 5, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature:Rule Management Security Solution Detection Rule Management area refactoring Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@banderror @elasticmachine