Open xcrzx opened 1 month ago
Pinging @elastic/security-solution (Team: SecuritySolution)
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)
Pinging @elastic/security-detections-response (Team:Detections and Resp)
Epics: https://github.com/elastic/security-team/issues/1974 (internal), https://github.com/elastic/kibana/issues/174168 Related to: https://github.com/elastic/kibana/issues/180395
Summary
Implement an algorithm for diffing the
type
field of detection rules. Requirements:target
version as themerged
one.upgrade/_review
API response such rules should be marked as having unsolvable conflicts.type
to any version other than thetarget
. This should be implemented under the hood in theupgrade/_perform
endpoint in https://github.com/elastic/kibana/issues/166376. Thetype
field shouldn't be part of upgradeable fields that can be passed in the request body -- FYI @jpdjereContext from the Rule Customization RFC:
To do
type
field. It will become used in theupgrade/_review
endpoint.