Open banderror opened 5 months ago
Pinging @elastic/security-solution (Team: SecuritySolution)
Pinging @elastic/security-detections-response (Team:Detections and Resp)
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)
Epic: https://github.com/elastic/kibana/issues/174168 Related to: https://github.com/elastic/detection-rules/issues/2826
Summary
We're going to add a new optional field
source_updated_at
to prebuilt rule assets (saved objects of typesecurity-rule
) we ship via the package with prebuilt rules. The TRADE team is working on it as part of https://github.com/elastic/detection-rules/issues/2826.Here's an example of this field for the
Linux Restricted Shell Breakout via Linux Binary(s)
prebuilt rule asset:This field should be optional in the
PrebuiltRuleAsset
schema.The field's value will be a string formatted in the standard ISO datetime format, so the schema should probably be
z.string().datetime()
or something like that. Time of the day is not required and can be set toT00:00:00.000Z
.See also requirements for the package itself: https://github.com/elastic/detection-rules/issues/2826#issuecomment-1927242992.