fix: allows enable/disable of detections via config file

matanolabs / matano

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

https://matano.dev

Apache License 2.0

1.42k stars 98 forks source link

fix: allows enable/disable of detections via config file #174

Open rileydakota opened 11 months ago

rileydakota commented 11 months ago

Wanted to throw this out there to start a discussion on the implementation. I tested with:

a disabled detection
an enabled detection
both enabled and disabled detection

thoughts? Major thing IMO would be that it defaults to false if the key isn't specified, but I believe this is consistent with the docs.

Screenshot 2023-08-09 at 11 14 38 AM Screenshot 2023-08-09 at 11 15 40 AM

rileydakota commented 11 months ago

I am also willing to move this logic to the infra code and just have the decision made to package a detection or not via the CDK. Just wanted to open a PR to start the discussion 😁

rileydakota commented 11 months ago

@shaeqahmed @Samrose-Ahmed any chance we could kick off the CI job again, I am a bit confused on why the build failed

shaeqahmed commented 11 months ago

Hey @rileydakota, looks like you might need to rebase since I recently committed a change to fix the broken CI build error you are getting

rileydakota commented 11 months ago

@shaeqahmed looks like that did the trick! Would love some feedback on this when you get time :). Totally happy to refactor this to live in the CDK portion of the app versus runtime if that makes more sense