Skip to content

Commit

Permalink
[FR] Add support for investigation_fields (#3550)
Browse files Browse the repository at this point in the history
  • Loading branch information
Mikaayenson authored Apr 1, 2024
1 parent 8b215ea commit bb907a4
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions detection_rules/rule.py
Original file line number Diff line number Diff line change
Expand Up @@ -240,6 +240,12 @@ class ThresholdAlertSuppression:

@dataclass(frozen=True)
class BaseRuleData(MarshmallowDataclassMixin, StackCompatMixin):
"""Base rule data."""

@dataclass
class InvestigationFields:
field_names: List[definitions.NonEmptyStr]

@dataclass
class RequiredFields:
name: definitions.NonEmptyStr
Expand All @@ -264,6 +270,7 @@ class RelatedIntegrations:
# trailing `_` required since `from` is a reserved word in python
from_: Optional[str] = field(metadata=dict(data_key="from"))
interval: Optional[definitions.Interval]
investigation_fields: Optional[InvestigationFields] = field(metadata=dict(metadata=dict(min_compat="8.11")))
max_signals: Optional[definitions.MaxSignals]
meta: Optional[Dict[str, Any]]
name: definitions.RuleName
Expand Down

0 comments on commit bb907a4

Please sign in to comment.