fe8c81d762
[FR] Generate investigation guides ( #4358 )
2025-01-22 11:17:38 -06:00
df31c002ca
[Bug] Handle formatting empty list ( #4086 )
2024-09-17 13:25:17 -05:00
8618b1ad73
Support toml lint for investigate transforms ( #4066 )
2024-09-11 20:45:36 +05:30
47d7a3acaa
[DaC] Beta Release ( #3889 )
...
Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com >
Co-authored-by: brokensound77 <brokensound77@users.noreply.github.com >
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com >
Co-authored-by: Mika Ayenson <mika.ayenson@elastic.co >
2024-08-06 18:07:12 -04:00
2110ad53f0
[FR] Support new_terms schema import/export w/custom format ( #3890 )
...
* [FR] Support new_terms schema import/export w/custom format
* fix formatter for filters
* handle both rule formats when parsing data view
2024-07-12 17:17:09 -05:00
094ef22604
[Bug] Update Rule Formatter ( #3668 )
...
* Update Rule Formatter
* Only apply fix to Note
2024-05-13 15:00:01 -04:00
c35652c8c8
[Bug] Add explicit format preserver ( #3566 )
2024-04-04 15:50:48 -05:00
411ec36ff0
Validate markdown plugin fields ( #2602 )
2023-03-28 09:17:50 -04:00
0aeb7399d4
[Bug] Fix toml-lint ordering of Mitre metadata #1249 ( #1774 )
...
* Order the MITRE metadata by recursively sorting the rule object before writing.
* Refactor order_rule into the rule_formatter module.
* sort test_toml.json according to rule_formatter spec
* rename var to obj since this will traverse all data in the rule
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
2022-02-22 13:57:49 -05:00
163d9e3864
Update cardinality field in schema for threshold rules ( #1349 )
...
* Make cardinality array in schema for threshold rules
* update master, 7.12, 7.13, and 7.14 schemas with cardinality fix
* fix 7.12 downgrade to handle cardinality as an array
* Add two new rules to detect agent spoofing
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com >
2021-07-21 08:32:54 -08:00
e46f5e96d3
Fix create-rule bug ( #1246 )
2021-06-01 08:31:36 -08:00
eb40c52c7c
Port historical schemas to jsonschema ( #1084 )
...
* Port historical schemas to jsonschema
* Add marshmallow-json dependency
* Mark etc/api_schemas as binary
* Remove gitattributes attempt
* Lint fix
* Apply PR feedback
* Additional PR feedback
* Extract stack version from packages.yml
* Fix the backport schemas
* Cache the schema reads
* Add migration for #1167
* Make a separate 'migration not found' error
2021-05-13 14:27:32 -06:00
3fc34b86f2
Update License to Elastic v2 ( #944 )
2021-03-03 22:12:11 -09:00
bf202b6b6c
[New Rule] Initial converted EQL rules ( #304 )
...
* 18 converted eql rules (not all prod)
2020-09-30 21:40:55 -08:00
cb1c401e27
Merge branch '7.9' into main
2020-08-03 15:20:36 -06:00
01b1e8be26
[Rule Tuning] Update Tags for Cloud Rules ( #99 )
...
* [Rule Tuning] Update Tags for Cloud Rules
* commenting out specifying alphabetical tag order in rule formatter
* Update rule_formatter.py
* py lint
* Lint fix comments
* update modified dates
* Update credential_access_secretsmanager_getsecretvalue.toml
* adding Continuous Monitoring tag
* update tags
* fixed and in tags
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com >
2020-08-03 17:15:15 -04:00
d15da0ada1
Add versioned schemas with a downgrade path ( #84 )
...
* Add versioned schemas with a downgrade path
* Remove and move unused variables
* Add missing license
* Skip NotField for output_index
* Add strip_additional_properties for kibana import
* Remove stray comment
* Apply suggestions from code review
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
2020-07-23 11:39:35 -06:00
3b305d3003
Add rule loader and dependencies
...
Co-Authored-By: Justin Ibarra <brokensound77@users.noreply.github.com >
2020-06-29 23:17:42 -06:00
Mika Ayenson