security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

[Bug] Adding Deprecated Rules to Rules Package Breaks Current Package Build (#5773)

Browse Source 
* applying patch fix for historical rules and deprecated JSON object

---------

Co-authored-by: eric-forte-elastic <eric.forte@elastic.co>
This commit is contained in:
Terrance DeJesus
2026-02-24 13:54:46 -05:00
committed by GitHub
parent 92a379e034
commit 201660af36
2 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
detection_rules/integrations.py
+11 -8
View File
@@ -474,7 +474,7 @@ class SecurityDetectionEngine:
def keep_latest_versions(
self,
assets: dict[str, Any],
assets: dict[str, dict[str, Any]],
num_versions: int = DEFAULT_MAX_RULE_VERSIONS,
) -> dict[str, Any]:
"""Keeps only the latest N versions of each rule to limit historical rule versions in our release package."""
@@ -482,15 +482,18 @@ class SecurityDetectionEngine:
# Dictionary to hold the sorted list of versions for each base rule ID
rule_versions: dict[str, list[tuple[int, str]]] = defaultdict(list)
# Separate rule ID and version, and group by base rule ID
for key in assets:
base_id, version = assets[key]["attributes"]["rule_id"], assets[key]["attributes"]["version"]
version = int(version) # Convert version to an integer for sorting
rule_versions[base_id].append((version, key))
# Dictionary to hold the final assets with only the specified number of latest versions
# Only version-limit assets that look like rules (have attributes.rule_id and attributes.version).
# Other JSON assets in the package (e.g. manifest) are skipped; add_historical_rules expects only rules.
filtered_assets: dict[str, Any] = {}
for key, asset in assets.items():
attrs = asset.get("attributes")
if not attrs or "rule_id" not in attrs or "version" not in attrs:
continue
base_id = attrs["rule_id"]
version = int(attrs["version"])
rule_versions[base_id].append((version, key))
# Keep only the last/latest num_versions versions for each rule
# Sort versions and take the last num_versions
# Add the latest versions of the rule to the filtered assets
pyproject.toml
+1 -1
View File
@@ -1,6 +1,6 @@
[project]
name = "detection_rules"
version = "1.5.48"
version = "1.5.49"
description = "Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Securitys Detection Engine."
readme = "README.md"
requires-python = ">=3.12"