- Stage: 0 (strawperson)
- Date: TBD
This RFC proposes addition of 1 new field (rule.remediation) in rule fieldset to the Elastic Common Schema (ECS). The goal of this field is to provide more context to the users in the rule fieldset, rule.remediation will be used to capture the remediation instructions associated with rules, it is generally provided by the benchmark or framework from which the rule is published.
The rule fields being proposed are as follows:
| Field | Type | Example | Description/Usage |
|---|---|---|---|
| rule.remediation | array | Enable encryption on all S3 buckets | Used to capture remediation instructions that come from the benchmark / framework the rule is from |
The following are the people that consulted on the contents of this RFC.
- @smriti0321 | author
- @tinnytintin10 | Product Manager
- @oren-zohar | Engineering Manager
- @orouz | Engineer
- @trisch-me | Security ECS team