Open jpdjere opened 3 months ago
Pinging @elastic/security-solution (Team: SecuritySolution)
Pinging @elastic/security-detections-response (Team:Detections and Resp)
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)
Epics: https://github.com/elastic/security-team/issues/1974 (internal), https://github.com/elastic/kibana/issues/174168 Depends on: https://github.com/elastic/kibana/issues/166376 Related to: https://github.com/elastic/kibana/issues/180393
Summary
Based on the discussions that took place in https://github.com/elastic/kibana/issues/147239, we need to treat different rule fields in different ways in the context of the upgrade workflow.
For each field we must decide:
/upgrade/_perform
?: should the endpoint accept anyPICK_VERSION
value for this field? (base
,target
,current
,merged
,resolved
) Should it always upgrade to the current version?PICK_VERSION
sField list
/upgrade/_perform
?id
rule_source
immutable
version
revision
enabled
execution_summary
alert_suppression
actions
throttle
response_actions
meta
output_index
namespace
alias_purpose
alias_target_id
outcome
created_at
created_by
updated_at
updated_by
author
license
exceptions_list
rule_id
concurrent_searches
(IM Rules)items_per_search
(IM Rules)name
tags
description
severity
severity_mapping
risk_score
risk_score_mapping
references
false_positives
threat
note
setup
related_integrations
required_fields
max_signals
building_block_type
from
(rule_schedule)interval
(rule_schedule)rule_name_override
timestamp_override
timestamp_override_fallback_disabled
timeline_id
(timeline_template)timeline_title
(timeline_template)index
(data_source)data_view_id
(data_source)query
language
filters
saved_id
machine_learning_job_id
(ML Rules)anomaly_threshold
(ML Rules)threat_filters
(IM Rules)threat_query
(IM Rules)threat_mapping
(IM Rules)threat_language
(IM Rules)threat_index
(IM Rules)threat_indicator_path
(IM Rules)new_terms_fields
(New Terms Rules)history_window_start
(New Terms Rules)Notes on fields
alert_suppression
andinvestigation_fields
: https://github.com/elastic/kibana/issues/190597