Open jpdjere opened 2 months ago
Pinging @elastic/security-detections-response (Team:Detections and Resp)
Pinging @elastic/security-solution (Team: SecuritySolution)
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)
Epics: https://github.com/elastic/security-team/issues/1974 (internal), https://github.com/elastic/kibana/issues/174168
Summary
Implement an algorithm for diffing and merging changes in the array of
filters
which is used in the query fields:kql_query
,eql_query
, andesql_query
. The array is currently diffed using a simple diffing approach.Context from the Rule Customization RFC:
To do
filters
array that makes sense from the UX perspective.filters
within thekql_query
,eql_query
, andesql_query
algorithms.