Open jpdjere opened 6 months ago
Pinging @elastic/security-detections-response (Team:Detections and Resp)
Pinging @elastic/security-solution (Team: SecuritySolution)
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)
Transitioning this back in "Todo" as I need to switch to another ticket.
Here's some info for future reference. I came up with this KQL query to filter by "prebuilt non-customized":
(alert.attributes.params.immutable: true AND NOT alert.attributes.params.ruleSource.isCustomized: *) OR alert.attributes.params.ruleSource.isCustomized: false
Epics: https://github.com/elastic/security-team/issues/1974 (internal), https://github.com/elastic/kibana/issues/174168 Design Discussion context: https://github.com/elastic/kibana/issues/178211
Summary
immutable: false
immutable: true
andrule_source.is_customized: false
(orrule_source
isundefined
)immutable: true
andrule_source.is_customized: true