Open jameswiggins opened 1 year ago
botelastic[bot]
commented
10 months ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
botelastic[bot]
commented
10 months ago This has been closed due to inactivity. If you feel this is an error, please re-open and include a justifying comment.
Mikaayenson
commented
6 months ago 👋 @jameswiggins Thanks for opening the issue. It sounds like you would like to update the index for prebuilt rules in the UI. Is that correct? This may be an issue better tracked by the team that manages the detection engine if this is the case. Based on your description, there are no changes that need to be made to this repo. Is that correct?
elasticmachine
commented
4 months ago Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)
elasticmachine
commented
4 months ago Pinging @elastic/security-detections-response (Team:Detections and Resp)
elasticmachine
commented
4 months ago Pinging @elastic/security-solution (Team: SecuritySolution)
banderror
commented
4 months ago Hey @jameswiggins, thank you for your suggestions, that all makes sense. I moved it to the kibana repo where we track UX-related work.
Alternative solutions I have considered: Currently I cannot edit the index patterns for pre-built rules in Kibana. Could that field be made editable without breaking the connection / ability to update the rule. I do not want to duplicate the rule and lose the connection to updates from this repository!
Yes, we will make this and other fields editable. We're working on adding support for customizing prebuilt rules: https://github.com/elastic/kibana/issues/174168.
Here is the solution I would like: I would like a way to include a user-defined namespace in the index patterns. When installing the rules, I would like to be prompted for a value for a namespace and have that value injected into the index patterns for each rule. If that value is left empty, then the rules are deployed as is e.g. winlogbeat-*.
We will consider this option as well 👍
banderror
commented
4 months ago FYI @approksiu @jpdjere I added it to https://github.com/elastic/kibana/issues/179907.
This feature request is related to a problem: I need to deploy these detection rules, but I am utilizing multiple Kibana spaces and each space corresponds to a specific namespace in my index naming scheme. The index patterns in each rule are too broad for me to use. For example, the rules related to windows query the winlogbeat- index pattern. I need to include a namespace in the index pattern like this: winlogbeat-production-.
Here is the solution I would like: I would like a way to include a user-defined namespace in the index patterns.
When installing the rules, I would like to be prompted for a value for a namespace and have that value injected into the index patterns for each rule. If that value is left empty, then the rules are deployed as is e.g. winlogbeat-*.
Alternative solutions I have considered: Currently I cannot edit the index patterns for pre-built rules in Kibana. Could that field be made editable without breaking the connection / ability to update the rule. I do not want to duplicate the rule and lose the connection to updates from this repository!
This FR may be a duplicate of this one: https://github.com/elastic/detection-rules/issues/1917, but I am creating this one to create some more information about the request and hopefully get some more traction on the topic. I feel like if Elastic allows you to create indices with namespaces then these Elastic Detection Rules should account for that!!
Thank you for considering this Feature Request!!