security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
fcad19fa1847d48bbb4ddf19bbfeaba2507971d8
sigma-rules/docs-dev/deprecating.md
T
Sergey Polzunov 3bdda091e1 chore: use docs-dev instead of docs dir for docs (#4522) 
* chore: use `docs-dev` instead of `docs` folder

* patch version bump

* Rollback an incorrect rename

* Use exact docs dir in the helper comment

* Revert some overeager renamings

* Moving `docs` to `docs-dev`

* Update Docs Paths

---------

Co-authored-by: eric-forte-elastic <eric.forte@elastic.co>
2025-03-07 14:34:51 +01:00

1.0 KiB
Raw Blame History

Deprecating rules

Rules that have been version locked (added to version.lock.json), which also means they have been added to the detection engine in Kibana, must be properly deprecated.

If a rule was never version locked (not yet pushed to Kibana or still in non-production maturity), the rule can simply be removed with no additional changes, or updated the maturity = "development", which will leave it out of the release package to Kibana.

Steps to properly deprecate a rule

  1. Update the maturity to deprecated
  2. Move the rule file to rules/_deprecated
  3. Add deprecation_date and update updated_date to match

Next time the versions are locked, the rule will be added to the deprecated_rules.json file.

Using the deprecate-rule command

Alternatively, you can run python -m detection_rules dev deprecate-rule <rule-file>, which will perform all the steps

Reference in New Issue View Git Blame Copy Permalink