1784429aa7
[FR] Add Integration Schema Query Validation ( #2470 )
2023-02-02 16:22:44 -05:00
bdffab5722
adding initial solution ( #2448 )
2023-01-04 12:28:34 -05:00
4abd3b8354
[Bug] Version Comparison Bug in Related Integrations Field at Build Time ( #2331 )
...
* addresses version comparison bug for related_integrations field during build
* Update detection_rules/misc.py
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com >
* Update detection_rules/misc.py
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com >
* Update detection_rules/integrations.py
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com >
* addressed package version loading bug
* addressed flake errors
* adjusted find_least_compatible_version function to address sorting and semantic version comparison
* adjusted major version comparison in compare_versions sub function
* removed compare_versions sub function and included logic in iteration
* Update detection_rules/integrations.py
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com >
* Update detection_rules/integrations.py
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com >
* added OrderedDict to version and manifest iteration to enforce sorted dict object
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com >
2022-09-29 09:58:08 -04:00
b31a1b761c
[FR] Re-factor Build Integrations Manifest ( #2274 )
...
* adjusted how integrations list is created
* removed unused import and addressed linting errors
* adjusted integration_manifest dictionary to only load latest major
* adjusted manifests sourcing from GH to EPR CDN
* addressed flake errors
* added some additional comments and formatting
* updaing integration-manifests file
* adjusted test_integration testing
* addressed flake errors
* Update detection_rules/integrations.py
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update detection_rules/integrations.py
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* added folder unit tests
* updated unit test to remove network calls
* Update tests/test_all_rules.py
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com >
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com >
2022-09-28 09:33:49 -04:00
7d973a3b07
add new field related_integrations to the post build ( #2060 )
...
* add new field `related_integrations` to the post build
* add exception for endpoint `integration`
* Skip rules without related integrations
* lint
* refactor related_integrations to TOMLRuleContents class
* update to reflect required_fields updates
* add todo
* add new line for linting
* related_integrations updates, get_packaged_integrations returns list of dictionaries, started work on integrations py
* build_integrations_manifest command completed
* initial test completed for post-building related_integrations
* removed get_integration_manifest method from rule, removed global integrations path
* moved integration related methods to integrations.py and fixed flake issues
* adjustments for PipedQuery from eql sequence rules and packages with no integration
* adjusted github client import for integrations.py
* Update detection_rules/devtools.py
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update detection_rules/devtools.py
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* added integration manifest schema, made adjustments
* Update detection_rules/integrations.py
* Update detection_rules/rule.py
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update detection_rules/rule.py
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update detection_rules/integrations.py
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update detection_rules/integrations.py
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update detection_rules/integrations.py
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update detection_rules/rule.py
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* removed get_integrations_package to consolidate code
* removed type list return
* adjusted import flake errors
* Update detection_rules/integrations.py
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update detection_rules/integrations.py
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* adjusted indentation error
* adjusted rule.get_packaged_integrations to account for kql.ast.OrExpr if event.dataset is not set
* Update detection_rules/devtools.py
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update detection_rules/devtools.py
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update detection_rules/integrations.py
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update detection_rules/integrations.py
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* adjusted find_least_compatible_version in integrations.py
* Update detection_rules/integrations.py
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* fixed flake issues
* adjusted get_packaged_integrations
* iterate the ast for literal event.dataset values
* Update detection_rules/integrations.py
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update detection_rules/integrations.py
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update detection_rules/integrations.py
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* Update detection_rules/integrations.py
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
* made small adjustments to address errors during build manifests command
* addressing integrations.find_least_compatible method to return None instead of raise error only
* Update detection_rules/integrations.py
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com >
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
Co-authored-by: Terrance DeJesus <terrance.dejesus@elastic.co >
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com >
2022-08-08 13:44:36 -04:00
Mika Ayenson