-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Prebuilt rule upgrade and installation endpoints, initial implementation #148392
[Security Solution] Prebuilt rule upgrade and installation endpoints, initial implementation #148392
Conversation
3a25d9a
to
8193a41
Compare
bb12c80
to
02a174b
Compare
c4eb9b1
to
04bcdf9
Compare
8242cba
to
1b7ff44
Compare
dad0970
to
eea46c0
Compare
Files by Code Ownerelastic/security-detections-response
elastic/security-detections-response-alerts
elastic/security-detections-response-rules
elastic/security-solution
elastic/security-threat-hunting
|
3b36a04
to
5f9d3c9
Compare
5f9d3c9
to
e68a7fc
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
threat hunting changes lgtm 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Thank you, @banderror 🙌
buildkite test this |
e68a7fc
to
5af6476
Compare
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Module Count
Async chunks
Page load bundle
Unknown metric groupsESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: cc @banderror |
… initial implementation (elastic#148392) **Addresses:** elastic#148181, elastic#148182, elastic#148185 **Partially addresses:** elastic#148183, elastic#148189 ## Summary Based on the [POC](elastic#144060), this PR adds 4 endpoints for the new upgrade and installation workflows for prebuilt rules: - `GET /internal/detection_engine/prebuilt_rules/status` - `POST /internal/detection_engine/prebuilt_rules/upgrade/_review` - `POST /internal/detection_engine/prebuilt_rules/installation/_review` - `POST /internal/detection_engine/prebuilt_rules/_generate_assets` (temporary helper endpoint for development and testing) The new endpoints are hidden behind a feature flag and can be enabled by the following config setting: ```yaml xpack.securitySolution.enableExperimental: ['prebuiltRulesNewUpgradeAndInstallationWorkflowsEnabled'] ``` ## In the next episodes Will be done later in follow-up PRs: - Implementation of some additional response properties for the `upgrade/_review` endpoint: - elastic#148183 - Making base versions optional for diff calculation (we need to support this in order to be able to still show diffs for rule assets coming from packages without historical versions): - elastic#148189 - Further development of the diff algorithm: - elastic#148191 - Test coverage: - elastic#148192
Addresses: #148181, #148182, #148185
Partially addresses: #148183, #148189
Summary
Based on the POC, this PR adds 4 endpoints for the new upgrade and installation workflows for prebuilt rules:
GET /internal/detection_engine/prebuilt_rules/status
POST /internal/detection_engine/prebuilt_rules/upgrade/_review
POST /internal/detection_engine/prebuilt_rules/installation/_review
POST /internal/detection_engine/prebuilt_rules/_generate_assets
(temporary helper endpoint for development and testing)The new endpoints are hidden behind a feature flag and can be enabled by the following config setting:
In the next episodes
Will be done later in follow-up PRs:
upgrade/_review
endpoint: