When fileds.yml was removed in version 2.0.3 of DGA as part of the PR, in the current design of our unit tests, we pull any YML field files for all integrations to do integration specific field validation within our queries, Refer making the tests dependent on static mappings somewhere.
Desired Solution
Ideate on Possible ways to move from the static mapping of the fields.
<< TBD >>
The ML team has a concern leaving the yaml files with the fields in these packages because it gives the illusion that the field mapping issue with them is already solved. The ML team has another issue open to try to help with the issue.
Repository Feature
Core Repo - (rule management, validation, testing, lib, cicd, etc.)
Problem Description
When fileds.yml was removed in version 2.0.3 of DGA as part of the PR, in the current design of our unit tests, we pull any YML field files for all integrations to do integration specific field validation within our queries, Refer making the tests dependent on static mappings somewhere.
Desired Solution
Considered Alternatives
Currently for the Integrations tests to pass, DGA package was regenerated with the field mappings via https://github.com/elastic/security-ml/issues/474.
Additional Context
The ML team has a concern leaving the yaml files with the fields in these packages because it gives the illusion that the field mapping issue with them is already solved. The ML team has another issue open to try to help with the issue.