Skip to content

Commit

Permalink
[Detection Rules] Resolves regression where Elastic Endgame rules wou…
Browse files Browse the repository at this point in the history 
…ld warn about unmapped timestamp override field (#96394)

related to elastic/detection-rules#1082

## Summary

Endgame promotion rules in Kibana/7.12 are at version 5 and have timestamp_override defined (which should not be). These same rules are at version 4 in the detection-rules repo 7.12 branch and kibana/master and timestamp_override is not defined. These updates are targeted for 7.12.1

There most likely was an issue with the maze of backports and interlaced updates.

To fix the rules, they need to be reconciled across:

detection-rules 7.12 & main
kibana 7.12.1 and master
bump detection-rules/7.12 to v6 -> PR to kibana/master -> backport to 7.12.1
### Checklist

Delete any items that are not applicable to this PR.

- [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md)


### For maintainers

- [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
  • Loading branch information
@brokensound77
brokensound77 authored Apr 8, 2021
1 parent 391e92e commit bc14f24
Show file tree
Hide file tree
Showing 15 changed files with 15 additions and 15 deletions.
2 changes: 1 addition & 1 deletion ...ver/lib/detection_engine/rules/prepackaged_rules/endgame_adversary_behavior_detected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,5 @@
"Elastic Endgame"
],
"type": "query",
"version": 4
"version": 6
}
2 changes: 1 addition & 1 deletion ...on/server/lib/detection_engine/rules/prepackaged_rules/endgame_cred_dumping_detected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,5 @@
"Elastic Endgame"
],
"type": "query",
"version": 4
"version": 6
}
2 changes: 1 addition & 1 deletion ...n/server/lib/detection_engine/rules/prepackaged_rules/endgame_cred_dumping_prevented.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,5 @@
"Elastic Endgame"
],
"type": "query",
"version": 4
"version": 6
}
2 changes: 1 addition & 1 deletion ...rver/lib/detection_engine/rules/prepackaged_rules/endgame_cred_manipulation_detected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,5 @@
"Elastic Endgame"
],
"type": "query",
"version": 4
"version": 6
}
2 changes: 1 addition & 1 deletion ...ver/lib/detection_engine/rules/prepackaged_rules/endgame_cred_manipulation_prevented.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,5 @@
"Elastic Endgame"
],
"type": "query",
"version": 4
"version": 6
}
2 changes: 1 addition & 1 deletion ...olution/server/lib/detection_engine/rules/prepackaged_rules/endgame_exploit_detected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,5 @@
"Elastic Endgame"
],
"type": "query",
"version": 4
"version": 6
}
2 changes: 1 addition & 1 deletion ...lution/server/lib/detection_engine/rules/prepackaged_rules/endgame_exploit_prevented.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,5 @@
"Elastic Endgame"
],
"type": "query",
"version": 4
"version": 6
}
2 changes: 1 addition & 1 deletion ...olution/server/lib/detection_engine/rules/prepackaged_rules/endgame_malware_detected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,5 @@
"Elastic Endgame"
],
"type": "query",
"version": 4
"version": 6
}
2 changes: 1 addition & 1 deletion ...lution/server/lib/detection_engine/rules/prepackaged_rules/endgame_malware_prevented.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,5 @@
"Elastic Endgame"
],
"type": "query",
"version": 4
"version": 6
}
2 changes: 1 addition & 1 deletion ...erver/lib/detection_engine/rules/prepackaged_rules/endgame_permission_theft_detected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,5 @@
"Elastic Endgame"
],
"type": "query",
"version": 4
"version": 6
}
2 changes: 1 addition & 1 deletion ...rver/lib/detection_engine/rules/prepackaged_rules/endgame_permission_theft_prevented.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,5 @@
"Elastic Endgame"
],
"type": "query",
"version": 4
"version": 6
}
2 changes: 1 addition & 1 deletion ...rver/lib/detection_engine/rules/prepackaged_rules/endgame_process_injection_detected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,5 @@
"Elastic Endgame"
],
"type": "query",
"version": 4
"version": 6
}
2 changes: 1 addition & 1 deletion ...ver/lib/detection_engine/rules/prepackaged_rules/endgame_process_injection_prevented.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,5 @@
"Elastic Endgame"
],
"type": "query",
"version": 4
"version": 6
}
2 changes: 1 addition & 1 deletion ...tion/server/lib/detection_engine/rules/prepackaged_rules/endgame_ransomware_detected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,5 @@
"Elastic Endgame"
],
"type": "query",
"version": 4
"version": 6
}
2 changes: 1 addition & 1 deletion ...ion/server/lib/detection_engine/rules/prepackaged_rules/endgame_ransomware_prevented.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,5 @@
"Elastic Endgame"
],
"type": "query",
"version": 4
"version": 6
}

0 comments on commit bc14f24

Please sign in to comment.