security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
Files
aeb1f91320d372ec9d88e9b5bfdba8ca3ffa5123
sigma-rules/docs/deprecating.md
T
Mika Ayenson 6219fc06b9 Move etc under detection_rules (#1885) 
* Move etc directory under detection_rules
* Prepend original `etc` path with `detection_rules`
* Update docstrings in util and CODEOWNERS
* Add resiliency to tags to account for the old directory structure
* Bug fix: remove unused param caused by commit 6ed1a39efe

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
2022-05-02 10:11:21 -04:00

1.0 KiB
Raw Blame History

Deprecating rules

Rules that have been version locked (added to version.lock.json), which also means they have been added to the detection engine in Kibana, must be properly deprecated.

If a rule was never version locked (not yet pushed to Kibana or still in non-production maturity), the rule can simply be removed with no additional changes, or updated the maturity = "development", which will leave it out of the release package to Kibana.

Steps to properly deprecate a rule

  1. Update the maturity to deprecated
  2. Move the rule file to rules/_deprecated
  3. Add deprecation_date and update updated_date to match

Next time the versions are locked, the rule will be added to the deprecated_rules.json file.

Using the deprecate-rule command

Alternatively, you can run python -m detection_rules dev deprecate-rule <rule-file>, which will perform all the steps

Reference in New Issue View Git Blame Copy Permalink