Add kibana/security-rule asset type

[rw-access]

cc @FrankHassanabad, @spong, @brokensound77, @kevinlog

What does this PR do?

• Add a security-rule asset type for rules that will be delivered to Security » Detection Engine » Detection rules part of Kibana.

Why is it important?

This is a dependency for:

• [snapshot] Create minimal detection_rules package package-storage#843
• [Security Solution][Detections] Allows rules to be updated from EPR kibana#91949

Checklist

Note: I haven't added a test package yet, because I'm expecting requested changes. Once we converge on the spec, I think it makes sense to add a test package.

• I have added test packages to test/packages that prove my change is effective.
• I have added an entry in versions/N/changelog.yml.

Related issues

No related public issues, just these PRs

• [snapshot] Create minimal detection_rules package package-storage#843
• [Security Solution][Detections] Allows rules to be updated from EPR kibana#91949

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Build Cause: Pull request #142 updated

• Start Time: 2021-03-17T18:18:26.356+0000

• Duration: 9 min 31 sec

• Commit: ba23706

Trends 🧪

[mtojek]

Please make sure that the PR passes the CI verification. Quick check:

make update && make check && make test

[mtojek]

Please create a sample package and add it to the test/packages.

[rw-access]

I added this asset to test/packages/good

[rw-access]

Unless this should be its own test package

[ruflin]

@rw-access Are rules and timeline tied together? Could a user just ship a rule or just a timeline?

[ruflin]

@rw-access Could you add a sample package for testing this?

[ruflin]

For later: Should we do on the package side an validation of the rules file?

@ycombinator do we apply some automatic formatting to it?

[ruflin]

Is the rule prefix in the name required?

[rw-access]

no, I can loosen this to just *.json

[rw-access]

Just ^.+\.json$ as of ba23706

[ycombinator]

For later: Should we do on the package side an validation of the rules file?

The package spec does allow for defining the structure of file contents but we have deliberately not specified structures for other Kibana saved objects like dashboards, etc. because we're treating those as Kibana implementation details (at least for the moment). The only basic validation is that the files match a certain mime type and are (potentially) named a certain way, both of which are being done in this PR.

@ycombinator do we apply some automatic formatting to it?

Automatic formatting to the JSON files? Yes, elastic-package format will take care of it.

[ycombinator]

LGTM.