Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adjust ESQLRuleData to Inherit QueryRuleData Dataclass #3297

Merged
merged 3 commits into from
Nov 30, 2023
Merged

Adjust ESQLRuleData to Inherit QueryRuleData Dataclass #3297

merged 3 commits into from
Nov 30, 2023

Conversation

terrancedejesus
Copy link
Contributor

Related

Summary

After internal discussion and review, it has been determined that moving forward we will remain consistent with our dataclass approach to any rule type with a query, inheriting from QueryRuleData. Previously ESQLRuleData had been introduced to support core ES|QL rule type, however inherited from BaseRuleData since index is not valid.

@terrancedejesus terrancedejesus added python Internal python for the repository schema esql ES|QL labels Nov 29, 2023
@terrancedejesus terrancedejesus self-assigned this Nov 29, 2023
@terrancedejesus terrancedejesus changed the title Adjust ESQLRuleData to Inherit QueryRuleData dataclass Adjust ESQLRuleData to Inherit QueryRuleData Dataclass Nov 29, 2023
terrancedejesus
terrancedejesus commented Nov 29, 2023
View reviewed changes
rules/linux/credential_access_credential_dumping_esql.toml Outdated
from = "now-9m"
language = "esql"
license = "Elastic License v2"
name = "ESQL Potential Linux Credential Dumping via Unshadow"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ DO NOT MERGE ⚠️

Mikaayenson
Mikaayenson approved these changes Nov 29, 2023
View reviewed changes
Copy link
Contributor

@Mikaayenson Mikaayenson left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! just dont forget to remove the test file. Also dont forget to tweak the unit test.

@terrancedejesus
Copy link
Contributor Author

Looks good! just dont forget to remove the test file. Also dont forget to tweak the unit test.

Thanks Mika! I chatted with @brokensound77 and he is going to push a commit to fix the testing as he has already solved these that are causing the unit tests errors. Once in and approved, we can merge.

@brokensound77
Copy link
Contributor

passing tests with example rule

brokensound77
brokensound77 approved these changes Nov 29, 2023
View reviewed changes
Copy link
Contributor

@brokensound77 brokensound77 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updates to unit tests pushed and test rule removed - LGTM 👍

@terrancedejesus
Copy link
Contributor Author

Thanks!

@terrancedejesus terrancedejesus merged commit 5358361 into main Nov 30, 2023
12 checks passed
@terrancedejesus terrancedejesus deleted the esql-rule-data-inheritence branch November 30, 2023 14:06
protectionsmachine pushed a commit that referenced this pull request Nov 30, 2023
@terrancedejesus @github-actions
Adjust ESQLRuleData to Inherit QueryRuleData Dataclass (#3297)
6e9b742 
* adjusting inheritance of ESQL rule data

* update tests to handle missing index from QueryRuleData

* removed test es|ql rule

---------

Co-authored-by: brokensound77 <[email protected]>

(cherry picked from commit 5358361)
protectionsmachine pushed a commit that referenced this pull request Nov 30, 2023
@terrancedejesus @github-actions
Adjust ESQLRuleData to Inherit QueryRuleData Dataclass (#3297)
a8170ea 
* adjusting inheritance of ESQL rule data

* update tests to handle missing index from QueryRuleData

* removed test es|ql rule

---------

Co-authored-by: brokensound77 <[email protected]>

(cherry picked from commit 5358361)
protectionsmachine pushed a commit that referenced this pull request Nov 30, 2023
@terrancedejesus @github-actions
Adjust ESQLRuleData to Inherit QueryRuleData Dataclass (#3297)
3f2364e 
* adjusting inheritance of ESQL rule data

* update tests to handle missing index from QueryRuleData

* removed test es|ql rule

---------

Co-authored-by: brokensound77 <[email protected]>

(cherry picked from commit 5358361)
protectionsmachine pushed a commit that referenced this pull request Nov 30, 2023
@terrancedejesus @github-actions
Adjust ESQLRuleData to Inherit QueryRuleData Dataclass (#3297)
409a97c 
* adjusting inheritance of ESQL rule data

* update tests to handle missing index from QueryRuleData

* removed test es|ql rule

---------

Co-authored-by: brokensound77 <[email protected]>

(cherry picked from commit 5358361)
protectionsmachine pushed a commit that referenced this pull request Nov 30, 2023
@terrancedejesus @github-actions
Adjust ESQLRuleData to Inherit QueryRuleData Dataclass (#3297)
c5f41d9 
* adjusting inheritance of ESQL rule data

* update tests to handle missing index from QueryRuleData

* removed test es|ql rule

---------

Co-authored-by: brokensound77 <[email protected]>

(cherry picked from commit 5358361)
protectionsmachine pushed a commit that referenced this pull request Nov 30, 2023
@terrancedejesus @github-actions
Adjust ESQLRuleData to Inherit QueryRuleData Dataclass (#3297)
e36b5ab 
* adjusting inheritance of ESQL rule data

* update tests to handle missing index from QueryRuleData

* removed test es|ql rule

---------

Co-authored-by: brokensound77 <[email protected]>

(cherry picked from commit 5358361)
protectionsmachine pushed a commit that referenced this pull request Nov 30, 2023
@terrancedejesus @github-actions
Adjust ESQLRuleData to Inherit QueryRuleData Dataclass (#3297)
b1d2fc5 
* adjusting inheritance of ESQL rule data

* update tests to handle missing index from QueryRuleData

* removed test es|ql rule

---------

Co-authored-by: brokensound77 <[email protected]>

(cherry picked from commit 5358361)
protectionsmachine pushed a commit that referenced this pull request Nov 30, 2023
@terrancedejesus @github-actions
Adjust ESQLRuleData to Inherit QueryRuleData Dataclass (#3297)
2168afc 
* adjusting inheritance of ESQL rule data

* update tests to handle missing index from QueryRuleData

* removed test es|ql rule

---------

Co-authored-by: brokensound77 <[email protected]>

(cherry picked from commit 5358361)
protectionsmachine pushed a commit that referenced this pull request Nov 30, 2023
@terrancedejesus @github-actions
Adjust ESQLRuleData to Inherit QueryRuleData Dataclass (#3297)
7df6661 
* adjusting inheritance of ESQL rule data

* update tests to handle missing index from QueryRuleData

* removed test es|ql rule

---------

Co-authored-by: brokensound77 <[email protected]>

(cherry picked from commit 5358361)
terrancedejesus added a commit that referenced this pull request Dec 1, 2023
@terrancedejesus
adding changes from #3297
1662378
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brokensound77 brokensound77 brokensound77 approved these changes

@Mikaayenson Mikaayenson Mikaayenson approved these changes

@eric-forte-elastic eric-forte-elastic Awaiting requested review from eric-forte-elastic eric-forte-elastic is a code owner

Assignees

@terrancedejesus terrancedejesus

Labels
backport: auto Domain: Endpoint esql ES|QL OS: Linux python Internal python for the repository schema
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@terrancedejesus @brokensound77 @Mikaayenson