Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Detection Engine] Adds 8.4 rules #138515

Closed
wants to merge 7 commits into from
Closed

[Detection Engine] Adds 8.4 rules #138515

wants to merge 7 commits into from

Conversation

terrancedejesus
Copy link
Contributor

Summary

Pull updates to detection rules from https://github.com/elastic/detection-rules/tree/395ae2c1d1e1d93ea7520300d4fb5000c58ae870.

Checklist

Delete any items that are not applicable to this PR.

@terrancedejesus terrancedejesus requested a review from a team as a code owner August 10, 2022 13:36
@terrancedejesus terrancedejesus self-assigned this Aug 10, 2022
@terrancedejesus terrancedejesus added auto-backport Deprecated - use backport:version if exact versions are needed release_note:skip Skip the PR/issue when compiling release notes v8.4.0 labels Aug 10, 2022
@terrancedejesus
Copy link
Contributor Author

@elasticmachine merge upstream

terrancedejesus and others added 4 commits August 10, 2022 11:08
@terrancedejesus
Update x-pack/plugins/security_solution/server/lib/detection_engine/r…
516672c 
…ules/prepackaged_rules/index.ts
@terrancedejesus
fixing delta changes that were causing buildkite failures
036992f
@terrancedejesus
Update index.ts
3a4d10f 
file contained delta changes and symbols in it from local vscode. Fixed locally and attempted to push but changes did not take place. Fixed locally and copy pasted into GitHub editor.
@terrancedejesus
Update discovery_remote_system_discovery_commands_windows.json
5f5d186 
Fixing local vscode delta changes and formatting. Changed locally and pushed but did not take place in Github. Fixed locally and then copy pasted contents of file into Github editor.
@terrancedejesus
Copy link
Contributor Author

terrancedejesus commented Aug 10, 2022
edited
Loading

⏳ Build in-progress, with failures

Failed CI Steps

Test Failures

History

To update your PR or re-run it, just comment with: @elasticmachine merge upstream

cc @terrancedejesus

These were due to conflicts that were addressed locally in VSCode but still had delta comments in them and then made their way into the files which caused the jobs to fail. Fixed locally and then pushed but changes did not take affect for some odd reason so I edited each file in Github's editor with the local fixes and committed them, the following files caused these errors.

  • index.ts
  • execution_user_exec_to_pod.json
  • discovery_remote_system_discovery_commands_windows.json

@kibana-ci
Copy link
Collaborator

kibana-ci commented Aug 10, 2022
edited
Loading

💔 Build Failed

Failed CI Steps

Test Failures

  • [job] [logs] x-pack/test/detection_engine_api_integration/security_and_spaces/group1/config.ts / detection engine api security and spaces enabled - Group 1 update_actions updating actions should be able to create a new webhook action and attach it to an immutable rule
  • [job] [logs] x-pack/test/detection_engine_api_integration/security_and_spaces/group1/config.ts / detection engine api security and spaces enabled - Group 1 update_actions updating actions should be able to create a new webhook action and attach it to an immutable rule
  • [job] [logs] FTR Configs #31 / detection engine api security and spaces enabled - Group 4 Detection rule type telemetry Detection rule telemetry "pre-packaged"/"immutable" rules should show stats for the detection_rule_details for a specific pre-packaged rule
  • [job] [logs] FTR Configs #31 / detection engine api security and spaces enabled - Group 4 Detection rule type telemetry Detection rule telemetry "pre-packaged"/"immutable" rules should show stats for the detection_rule_details for a specific pre-packaged rule

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @terrancedejesus

@terrancedejesus
Copy link
Contributor Author

terrancedejesus commented Aug 10, 2022
edited
Loading

@elastic/security-detections-response any potential insight into why this test failed?

https://buildkite.com/elastic/kibana-pull-request/builds/64272#0182886d-8b78-44a0-ad8c-66a006c9fcd1

From the looks of it, something in the build job attempts to create an example rule and was expecting most of it to be blank but required_fields was added and it threw the error? Does this happen to be something on our end or the testing side?

Screen Shot 2022-08-10 at 12 02 15 PM

@terrancedejesus terrancedejesus requested a review from a team August 10, 2022 16:46
@banderror banderror requested review from a team and vitaliidm and removed request for spong and a team August 10, 2022 16:57
@terrancedejesus
Copy link
Contributor Author

Closing this due to some original conflicts when the PR was created that I addressed but were likely due to local differences. Confirmed with @brokensound77 during his PR creation using the same Detection Rules tag release but no initial conflicts. The BuildKite job failures are consistent.

@terrancedejesus terrancedejesus deleted the detection-rules/8.4-395ae2c1 branch September 27, 2022 01:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brokensound77 brokensound77 Awaiting requested review from brokensound77

@vitaliidm vitaliidm Awaiting requested review from vitaliidm vitaliidm was automatically assigned from elastic/security-detection-rule-management

Assignees

@terrancedejesus terrancedejesus

Labels
auto-backport Deprecated - use backport:version if exact versions are needed release_note:skip Skip the PR/issue when compiling release notes v8.4.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@terrancedejesus @kibana-ci @kibanamachine