diff --git a/.github/workflows/attack-coverage-update.yml b/.github/workflows/attack-coverage-update.yml index 13ca7e9e8..221108114 100644 --- a/.github/workflows/attack-coverage-update.yml +++ b/.github/workflows/attack-coverage-update.yml @@ -3,7 +3,7 @@ on: workflow_dispatch: inputs: update-coverage: - description: 'Update the docs/ATT&CK-coverage.md file' + description: 'Update the docs-dev/ATT&CK-coverage.md file' required: true default: '--update-coverage' @@ -37,12 +37,12 @@ jobs: git config --global user.email "72879786+protectionsmachine@users.noreply.github.com" git config --global user.name "protectionsmachine" - - name: Update navigator gist files and docs/ATT&CK-coverage.md file. + - name: Update navigator gist files and docs-dev/ATT&CK-coverage.md file. env: GITHUB_TOKEN: "${{ secrets.WRITE_TRADEBOT_GIST_TOKEN }}" run: | python -m detection_rules dev update-navigator-gists "${{ github.event.inputs.update-coverage }}" - git add docs/"ATT\&CK-coverage.md" + git add docs-dev/"ATT\&CK-coverage.md" - name: Create Pull Request uses: peter-evans/create-pull-request@v7.0.3 @@ -50,12 +50,12 @@ jobs: assignees: '${{github.actor}}' delete-branch: true branch: "update-attack-coverage" - commit-message: "Update ATT&CK coverage URL(s) in docs/ATT&CK-coverage.md" + commit-message: "Update ATT&CK coverage URL(s) in docs-dev/ATT&CK-coverage.md" branch-suffix: "short-commit-hash" base: main - title: 'Update ATT&CK coverage URL(s) in docs/ATT&CK-coverage.md' + title: 'Update ATT&CK coverage URL(s) in docs-dev/ATT&CK-coverage.md' body: | - Update ATT&CK coverage URL(s) in docs/ATT&CK-coverage.md + Update ATT&CK coverage URL(s) in docs-dev/ATT&CK-coverage.md - Autogenerated from job `attack-coverage-update: pr`. labels: "backport: auto" diff --git a/.github/workflows/version-code-and-release.yml b/.github/workflows/version-code-and-release.yml index dbea182fd..3ab8d0f5f 100644 --- a/.github/workflows/version-code-and-release.yml +++ b/.github/workflows/version-code-and-release.yml @@ -8,7 +8,7 @@ on: - 'hunting/**/*.py' - 'pyproject.toml' - 'Makefile' - - 'docs/**' + - 'docs-dev/**' - 'detection_rules/**' - 'tests/**' - '!hunting/**/*.md' diff --git a/.gitignore b/.gitignore index 302d627cd..2a9bf3337 100644 --- a/.gitignore +++ b/.gitignore @@ -77,7 +77,7 @@ instance/ .scrapy # Sphinx documentation -docs/_build/ +docs-dev/_build/ # PyBuilder target/ diff --git a/CLI.md b/CLI.md index ff3e28fbc..98f888611 100644 --- a/CLI.md +++ b/CLI.md @@ -498,7 +498,7 @@ python -m detection_rules kibana import-rules -d test-export-rules -o ### Exporting rules -This command should be run with the `CUSTOM_RULES_DIR` envvar set, that way proper validation is applied to versioning when the rules are downloaded. See the [custom rules docs](docs/custom-rules.md) for more information. +This command should be run with the `CUSTOM_RULES_DIR` envvar set, that way proper validation is applied to versioning when the rules are downloaded. See the [custom rules docs](docs-dev/custom-rules.md) for more information. ``` python -m detection_rules kibana export-rules -h diff --git a/detection_rules/custom_rules.py b/detection_rules/custom_rules.py index 6a4d71371..864b2f59d 100644 --- a/detection_rules/custom_rules.py +++ b/detection_rules/custom_rules.py @@ -11,11 +11,12 @@ import yaml from .main import root from .utils import get_etc_path, load_etc_dump, ROOT_DIR +from .docs import REPO_DOCS_DIR from semver import Version DEFAULT_CONFIG_PATH = Path(get_etc_path('_config.yaml')) -CUSTOM_RULES_DOC_PATH = Path(ROOT_DIR).joinpath('docs', 'custom-rules.md') +CUSTOM_RULES_DOC_PATH = Path(ROOT_DIR).joinpath(REPO_DOCS_DIR, 'custom-rules.md') @root.group('custom-rules') diff --git a/detection_rules/devtools.py b/detection_rules/devtools.py index f01eed1fa..d21851013 100644 --- a/detection_rules/devtools.py +++ b/detection_rules/devtools.py @@ -34,7 +34,7 @@ from .beats import (download_beats_schema, download_latest_beats_schema, refresh_main_schema) from .cli_utils import single_collection from .config import parse_rules_config -from .docs import IntegrationSecurityDocs, IntegrationSecurityDocsMDX +from .docs import IntegrationSecurityDocs, IntegrationSecurityDocsMDX, REPO_DOCS_DIR from .ecs import download_endpoint_schemas, download_schemas from .endgame import EndgameSchemaManager from .eswrap import CollectEvents, add_range_to_dsl @@ -802,7 +802,7 @@ def deprecate_rule(ctx: click.Context, rule_file: Path, deprecation_folder: Path help='GitHub token to push to gist', hide_input=True) @click.option('--gist-id', default=NAVIGATOR_GIST_ID, help='Gist ID to be updated (must exist).') @click.option('--print-markdown', is_flag=True, help='Print the generated urls') -@click.option('--update-coverage', is_flag=True, help='Update the docs/ATT&CK-coverage.md file') +@click.option('--update-coverage', is_flag=True, help=f'Update the {REPO_DOCS_DIR}/ATT&CK-coverage.md file') def update_navigator_gists(directory: Path, token: str, gist_id: str, print_markdown: bool, update_coverage: bool) -> list: """Update the gists with new navigator files.""" @@ -857,7 +857,7 @@ def update_navigator_gists(directory: Path, token: str, gist_id: str, print_mark click.echo('\n'.join(markdown) + '\n') if update_coverage: - coverage_file_path = get_path('docs', 'ATT&CK-coverage.md') + coverage_file_path = get_path(REPO_DOCS_DIR, 'ATT&CK-coverage.md') header_lines = textwrap.dedent("""# Rule coverage ATT&CK navigator layer files are generated when a package is built with `make release` or diff --git a/detection_rules/docs.py b/detection_rules/docs.py index 0e6139fc9..27c455d20 100644 --- a/detection_rules/docs.py +++ b/detection_rules/docs.py @@ -24,6 +24,8 @@ from .rule import DeprecatedRule, ThreatMapping, TOMLRule from .rule_loader import DeprecatedCollection, RuleCollection from .utils import load_etc_dump, save_etc_dump +REPO_DOCS_DIR = "docs-dev" + class PackageDocument(xlsxwriter.Workbook): """Excel document for summarizing a rules package.""" diff --git a/docs/ATT&CK-coverage.md b/docs-dev/ATT&CK-coverage.md similarity index 100% rename from docs/ATT&CK-coverage.md rename to docs-dev/ATT&CK-coverage.md diff --git a/docs/custom-rules.md b/docs-dev/custom-rules.md similarity index 100% rename from docs/custom-rules.md rename to docs-dev/custom-rules.md diff --git a/docs/deprecating.md b/docs-dev/deprecating.md similarity index 100% rename from docs/deprecating.md rename to docs-dev/deprecating.md diff --git a/docs/developing.md b/docs-dev/developing.md similarity index 100% rename from docs/developing.md rename to docs-dev/developing.md diff --git a/docs/experimental-machine-learning/DGA.md b/docs-dev/experimental-machine-learning/DGA.md similarity index 100% rename from docs/experimental-machine-learning/DGA.md rename to docs-dev/experimental-machine-learning/DGA.md diff --git a/docs/experimental-machine-learning/beaconing.md b/docs-dev/experimental-machine-learning/beaconing.md similarity index 100% rename from docs/experimental-machine-learning/beaconing.md rename to docs-dev/experimental-machine-learning/beaconing.md diff --git a/docs/experimental-machine-learning/experimental-detections.md b/docs-dev/experimental-machine-learning/experimental-detections.md similarity index 100% rename from docs/experimental-machine-learning/experimental-detections.md rename to docs-dev/experimental-machine-learning/experimental-detections.md diff --git a/docs/experimental-machine-learning/host-risk-score.md b/docs-dev/experimental-machine-learning/host-risk-score.md similarity index 100% rename from docs/experimental-machine-learning/host-risk-score.md rename to docs-dev/experimental-machine-learning/host-risk-score.md diff --git a/docs/experimental-machine-learning/images/0a_host_risk_score_card.png b/docs-dev/experimental-machine-learning/images/0a_host_risk_score_card.png similarity index 100% rename from docs/experimental-machine-learning/images/0a_host_risk_score_card.png rename to docs-dev/experimental-machine-learning/images/0a_host_risk_score_card.png diff --git a/docs/experimental-machine-learning/images/0b_alert_summary.png b/docs-dev/experimental-machine-learning/images/0b_alert_summary.png similarity index 100% rename from docs/experimental-machine-learning/images/0b_alert_summary.png rename to docs-dev/experimental-machine-learning/images/0b_alert_summary.png diff --git a/docs/experimental-machine-learning/images/0c_host_page_risk_column.png b/docs-dev/experimental-machine-learning/images/0c_host_page_risk_column.png similarity index 100% rename from docs/experimental-machine-learning/images/0c_host_page_risk_column.png rename to docs-dev/experimental-machine-learning/images/0c_host_page_risk_column.png diff --git a/docs/experimental-machine-learning/images/0d_host_page_hosts_by_risk_tab.png b/docs-dev/experimental-machine-learning/images/0d_host_page_hosts_by_risk_tab.png similarity index 100% rename from docs/experimental-machine-learning/images/0d_host_page_hosts_by_risk_tab.png rename to docs-dev/experimental-machine-learning/images/0d_host_page_hosts_by_risk_tab.png diff --git a/docs/experimental-machine-learning/images/0e_host_details_page_risk_overview.png b/docs-dev/experimental-machine-learning/images/0e_host_details_page_risk_overview.png similarity index 100% rename from docs/experimental-machine-learning/images/0e_host_details_page_risk_overview.png rename to docs-dev/experimental-machine-learning/images/0e_host_details_page_risk_overview.png diff --git a/docs/experimental-machine-learning/images/0f_host_details_page_hosts_by_risk_tab.png b/docs-dev/experimental-machine-learning/images/0f_host_details_page_hosts_by_risk_tab.png similarity index 100% rename from docs/experimental-machine-learning/images/0f_host_details_page_hosts_by_risk_tab.png rename to docs-dev/experimental-machine-learning/images/0f_host_details_page_hosts_by_risk_tab.png diff --git a/docs/experimental-machine-learning/images/1_create_deployment.png b/docs-dev/experimental-machine-learning/images/1_create_deployment.png similarity index 100% rename from docs/experimental-machine-learning/images/1_create_deployment.png rename to docs-dev/experimental-machine-learning/images/1_create_deployment.png diff --git a/docs/experimental-machine-learning/images/2_edit_configuration.png b/docs-dev/experimental-machine-learning/images/2_edit_configuration.png similarity index 100% rename from docs/experimental-machine-learning/images/2_edit_configuration.png rename to docs-dev/experimental-machine-learning/images/2_edit_configuration.png diff --git a/docs/experimental-machine-learning/images/3_edit_user_settings.png b/docs-dev/experimental-machine-learning/images/3_edit_user_settings.png similarity index 100% rename from docs/experimental-machine-learning/images/3_edit_user_settings.png rename to docs-dev/experimental-machine-learning/images/3_edit_user_settings.png diff --git a/docs/experimental-machine-learning/images/4_add_flag.png b/docs-dev/experimental-machine-learning/images/4_add_flag.png similarity index 100% rename from docs/experimental-machine-learning/images/4_add_flag.png rename to docs-dev/experimental-machine-learning/images/4_add_flag.png diff --git a/docs/experimental-machine-learning/images/5_save_settings.png b/docs-dev/experimental-machine-learning/images/5_save_settings.png similarity index 100% rename from docs/experimental-machine-learning/images/5_save_settings.png rename to docs-dev/experimental-machine-learning/images/5_save_settings.png diff --git a/docs/experimental-machine-learning/images/6_confirm_activity_finished.png b/docs-dev/experimental-machine-learning/images/6_confirm_activity_finished.png similarity index 100% rename from docs/experimental-machine-learning/images/6_confirm_activity_finished.png rename to docs-dev/experimental-machine-learning/images/6_confirm_activity_finished.png diff --git a/docs/experimental-machine-learning/problem-child.md b/docs-dev/experimental-machine-learning/problem-child.md similarity index 100% rename from docs/experimental-machine-learning/problem-child.md rename to docs-dev/experimental-machine-learning/problem-child.md diff --git a/docs/experimental-machine-learning/readme.md b/docs-dev/experimental-machine-learning/readme.md similarity index 100% rename from docs/experimental-machine-learning/readme.md rename to docs-dev/experimental-machine-learning/readme.md diff --git a/docs/experimental-machine-learning/url-spoof.md b/docs-dev/experimental-machine-learning/url-spoof.md similarity index 97% rename from docs/experimental-machine-learning/url-spoof.md rename to docs-dev/experimental-machine-learning/url-spoof.md index d2aa303e6..e89918fe3 100644 --- a/docs/experimental-machine-learning/url-spoof.md +++ b/docs-dev/experimental-machine-learning/url-spoof.md @@ -82,7 +82,7 @@ You can optionally choose to refresh your index mapping from within Kibana: ### 6. Upload detection rule(s) -You can upload the rules associated with the *URL Spoofing* framework using the instructions provided [here](https://github.com/elastic/detection-rules/blob/main/docs/experimental-machine-learning/experimental-detections.md) +You can upload the rules associated with the *URL Spoofing* framework using the instructions provided [here](https://github.com/elastic/detection-rules/blob/main/docs-dev/experimental-machine-learning/experimental-detections.md) And that's it! You should now be alerted whenever you interact with a predicted malicious URL in your environment. diff --git a/docs/experimental-machine-learning/user-risk-score.md b/docs-dev/experimental-machine-learning/user-risk-score.md similarity index 100% rename from docs/experimental-machine-learning/user-risk-score.md rename to docs-dev/experimental-machine-learning/user-risk-score.md diff --git a/docs/rule-insights.md b/docs-dev/rule-insights.md similarity index 100% rename from docs/rule-insights.md rename to docs-dev/rule-insights.md diff --git a/docs/typosquatting_rule.md b/docs-dev/typosquatting_rule.md similarity index 100% rename from docs/typosquatting_rule.md rename to docs-dev/typosquatting_rule.md diff --git a/docs/versioning.md b/docs-dev/versioning.md similarity index 100% rename from docs/versioning.md rename to docs-dev/versioning.md diff --git a/pyproject.toml b/pyproject.toml index ffa21ba37..261b65766 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [project] name = "detection_rules" -version = "0.4.17" +version = "0.4.18" description = "Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Security’s Detection Engine." readme = "README.md" requires-python = ">=3.12"