In the Rule Customization RFC, we proposed different concrete diff algorithms for different types of rule fields. The goal of concrete diff algorithms is to improve the rule upgrade UX by trying to auto-merge user customizations with updates from Elastic.
Epics: https://github.com/elastic/security-team/issues/1974 (internal), https://github.com/elastic/kibana/issues/174168 Related to: https://github.com/elastic/kibana/pull/144060
Summary
In the Rule Customization RFC, we proposed different concrete diff algorithms for different types of rule fields. The goal of concrete diff algorithms is to improve the rule upgrade UX by trying to auto-merge user customizations with updates from Elastic.
Once the following algorithms are developed and assigned to a subset of rule fields: single-line string, multi-line string, number, array of objects, array of scalar values; we will need to review all the rule fields we have, which algorithms are used for which fields, and if there are any gaps.
For example, we might need to:
The end goal is to have all the rule fields assigned a proper diff algorithm.
Prior art