diff --git a/.gitignore b/.gitignore index 94a4b14a7..36d4736ef 100644 --- a/.gitignore +++ b/.gitignore @@ -111,4 +111,5 @@ releases/ collections/ enriched-rule-indexes/ exports/ +ML-models/ surveys/ diff --git a/detection_rules/devtools.py b/detection_rules/devtools.py index 19ab42e02..027aa1f7d 100644 --- a/detection_rules/devtools.py +++ b/detection_rules/devtools.py @@ -90,13 +90,13 @@ def kibana_diff(rule_id, repo, branch, threads): rules = RuleCollection.default() if rule_id: - rules = rules.filter(lambda r: r.id in rule_id) + rules = rules.filter(lambda r: r.id in rule_id).id_map else: - rules = rules.filter(production_filter) + rules = rules.filter(production_filter).id_map # add versions to the rules manage_versions(list(rules.values()), verbose=False) - repo_hashes = {r.id: r.get_hash() for r in rules.values()} + repo_hashes = {r.id: r.contents.sha256(include_version=True) for r in rules.values()} kibana_rules = {r['rule_id']: r for r in get_kibana_rules(repo=repo, branch=branch, threads=threads).values()} kibana_hashes = {r['rule_id']: dict_hash(r) for r in kibana_rules.values()} @@ -110,8 +110,9 @@ def kibana_diff(rule_id, repo, branch, threads): continue if rule_hash != kibana_hashes[rule_id]: rule_diff.append( - f'versions - repo: {rules[rule_id].contents["version"]}, kibana: {kibana_rules[rule_id]["version"]} -> ' - f'{rule_id} - {rules[rule_id].name}' + f'versions - repo: {rules[rule_id].contents.autobumped_version}, ' + f'kibana: {kibana_rules[rule_id]["version"]} -> ' + f'{rule_id} - {rules[rule_id].contents.name}' ) diff = { @@ -141,7 +142,7 @@ def kibana_commit(ctx, local_repo, github_repo, ssh, kibana_directory, base_bran """Prep a commit and push to Kibana.""" git_exe = shutil.which("git") - package_name = Package.load_configs()['package']["name"] + package_name = Package.load_configs()["name"] release_dir = os.path.join(RELEASE_DIR, package_name) message = message or f"[Detection Rules] Add {package_name} rules" diff --git a/detection_rules/packaging.py b/detection_rules/packaging.py index 2e6103323..3cc66c95c 100644 --- a/detection_rules/packaging.py +++ b/detection_rules/packaging.py @@ -260,7 +260,7 @@ class Package(object): os.makedirs(extras_dir, exist_ok=True) for rule in self.rules: - rule.save_json(Path(os.path.join(rules_dir, os.path.basename(rule.path)))) + rule.save_json(Path(rules_dir).joinpath(rule.path.name).with_suffix('.json')) self._package_kibana_notice_file(rules_dir) self._package_kibana_index_file(rules_dir) diff --git a/detection_rules/rule.py b/detection_rules/rule.py index 9bd3ae7d9..524dd295d 100644 --- a/detection_rules/rule.py +++ b/detection_rules/rule.py @@ -386,9 +386,9 @@ class TOMLRuleContents(MarshmallowDataclassMixin): return converted @cached - def sha256(self) -> str: - # get the hash of the API dict with the version not included, otherwise it'll always be dirty. - hashable_contents = self.to_api_format(include_version=False) + def sha256(self, include_version=False) -> str: + # get the hash of the API dict without the version by default, otherwise it'll always be dirty. + hashable_contents = self.to_api_format(include_version=include_version) return utils.dict_hash(hashable_contents) @@ -416,6 +416,7 @@ class TOMLRule: toml_write(converted, str(self.path.absolute())) def save_json(self, path: Path, include_version: bool = True): + path = path.with_suffix('.json') with open(str(path.absolute()), 'w', newline='\n') as f: json.dump(self.contents.to_api_format(include_version=include_version), f, sort_keys=True, indent=2) f.write('\n')