-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Implement single-line string diff algorithm #180158
Closed
8 tasks done
Tracked by
#174168
Labels
8.15 candidate
enhancement
New value added to drive a business result
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules area
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
v8.15.0
Comments
jpdjere
added
triage_needed
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Team:Detection Rule Management
Security Detection Rule Management Team
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules area
labels
Apr 5, 2024
Pinging @elastic/security-solution (Team: SecuritySolution) |
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
banderror
changed the title
[Security Solution] Implement single-line string fields diff algorithm
[Security Solution] Implement single-line string fields diff algorithm (DRAFT)
Apr 17, 2024
Here are the proposed fields that would utilize this diff algorithm: Common fields
Non-ML rule type fields
EQL fields
New terms fields
|
5 tasks
banderror
changed the title
[Security Solution] Implement single-line string fields diff algorithm (DRAFT)
[Security Solution] Implement single-line string diff algorithm
May 24, 2024
This was referenced May 29, 2024
dplumlee
added a commit
that referenced
this issue
May 31, 2024
## Summary Adds unit tests in accordance to #180158 Abstracts the `simpleDiffAlgorithm` function used in the prebuilt rule upgrade workflow into `singleLineStringDiffAlgorithm` and `numberDiffAlgorithm` and adds unit tests for both cases Addresses the following test cases defined in the [related RFC section](https://github.com/elastic/kibana/blob/4c9ab711b2a59ebec60ce5f1de18122d7405f9a0/x-pack/plugins/security_solution/docs/rfcs/detection_response/prebuilt_rules_customization.md#single-line-string-fields) table - [x] AAA - [x] ABA - [x] AAB - [x] ABB - [x] ABC - [x] -AA - [x] -AB ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
@dplumlee Thanks, the proposal makes sense to me, except:
|
3 tasks
banderror
pushed a commit
that referenced
this issue
Jun 10, 2024
## Summary Adds test plan in accordance to #180158 Adds test cases for simple diff algorithm to prebuilt rules' `Installation and upgrade` test plan --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
dplumlee
added a commit
that referenced
this issue
Jun 13, 2024
) ## Summary Completes related tickets: #180160 and #180158 Switches fields to use the diff algorithms assigned to them in the related tickets Adds integration tests in accordance to #184484 for the `upgrade/_review` API endpoint for the simple diff algorithm. Also changes logic in the `upgrade/_review` API endpoint to return user customized fields in the diffs even if there was not an update for that field. This new logic is described in #180154. We filter out the fields that fall under this new logic so that they are only returned from the API but not displayed in the per-field rule diff flyout as the current UI cannot support them. They are utilized in testing logic and will be implemented in the UI at a later date ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
8.15 candidate
enhancement
New value added to drive a business result
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules area
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
v8.15.0
Epics: https://github.com/elastic/security-team/issues/1974 (internal), #174168
Summary
Implement an algorithm for diffing and merging changes in single-line string type of fields of detection rules.
Context from the Rule Customization RFC:
To do
upgrade/_review
endpoint.The text was updated successfully, but these errors were encountered: