security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

[Bug] Adding Deprecated Rules to Rules Package Breaks Current Package Build (#5773)

Browse Source 
* applying patch fix for historical rules and deprecated JSON object

---------

Co-authored-by: eric-forte-elastic <eric.forte@elastic.co>
This commit is contained in:
Terrance DeJesus
2026-02-24 13:54:46 -05:00
committed by GitHub
parent 92a379e034
commit 201660af36
2 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
detection_rules/integrations.py
+11 -8
View File
@@ -474,7 +474,7 @@ class SecurityDetectionEngine:
def keep_latest_versions( def keep_latest_versions(
self, self,
assets: dict[str, Any], assets: dict[str, dict[str, Any]],
num_versions: int = DEFAULT_MAX_RULE_VERSIONS, num_versions: int = DEFAULT_MAX_RULE_VERSIONS,
) -> dict[str, Any]: ) -> dict[str, Any]:
"""Keeps only the latest N versions of each rule to limit historical rule versions in our release package.""" """Keeps only the latest N versions of each rule to limit historical rule versions in our release package."""
@@ -482,15 +482,18 @@ class SecurityDetectionEngine:
# Dictionary to hold the sorted list of versions for each base rule ID # Dictionary to hold the sorted list of versions for each base rule ID
rule_versions: dict[str, list[tuple[int, str]]] = defaultdict(list) rule_versions: dict[str, list[tuple[int, str]]] = defaultdict(list)
# Separate rule ID and version, and group by base rule ID # Only version-limit assets that look like rules (have attributes.rule_id and attributes.version).
for key in assets: # Other JSON assets in the package (e.g. manifest) are skipped; add_historical_rules expects only rules.
base_id, version = assets[key]["attributes"]["rule_id"], assets[key]["attributes"]["version"]
version = int(version) # Convert version to an integer for sorting
rule_versions[base_id].append((version, key))
# Dictionary to hold the final assets with only the specified number of latest versions
filtered_assets: dict[str, Any] = {} filtered_assets: dict[str, Any] = {}
for key, asset in assets.items():
attrs = asset.get("attributes")
if not attrs or "rule_id" not in attrs or "version" not in attrs:
continue
base_id = attrs["rule_id"]
version = int(attrs["version"])
rule_versions[base_id].append((version, key))
# Keep only the last/latest num_versions versions for each rule # Keep only the last/latest num_versions versions for each rule
# Sort versions and take the last num_versions # Sort versions and take the last num_versions
# Add the latest versions of the rule to the filtered assets # Add the latest versions of the rule to the filtered assets
pyproject.toml
+1 -1
View File
@@ -1,6 +1,6 @@
[project] [project]
name = "detection_rules" name = "detection_rules"
version = "1.5.48" version = "1.5.49"
description = "Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Securitys Detection Engine." description = "Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Securitys Detection Engine."
readme = "README.md" readme = "README.md"
requires-python = ">=3.12" requires-python = ">=3.12"