Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bc5 siem rules merge #62679

Merged
merged 11 commits into from
Apr 7, 2020
Merged

bc5 siem rules merge #62679

merged 11 commits into from
Apr 7, 2020

Conversation

randomuserid
Copy link
Contributor

@randomuserid randomuserid commented Apr 6, 2020

incremented version numbers for modified rules
field changes to endpoint signal rules
removed max_signals param from 7 rules

Summary

Few changes to the siem rules.

Checklist

Delete any items that are not applicable to this PR.

For maintainers

version changes
field changes to endpoint rules
removed max_signals from 7 rules
@elasticmachine
Copy link
Contributor

Pinging @elastic/siem (Team:SIEM)

@randomuserid randomuserid added apm-test-plan-7.4.0 release_note:skip Skip the PR/issue when compiling release notes and removed apm-test-plan-7.4.0 labels Apr 6, 2020
@spong
Copy link
Member

spong commented Apr 6, 2020

@elasticmachine merge upstream

Checked out and tests are passing locally -- possible flakiness? Verifying other possibilities while build continues...

image

Copy link
Member

@spong spong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM once green on CI! Thanks for the updates @randomuserid!

Copy link
Contributor

@rylnd rylnd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few comments:

  1. This branch adds carriage returns (^M) to all files, resulting in a lot of unnecessary churn.
  2. There are several examples of rules being changed without the version being bumped, as @spong has noted.
  3. There are also examples of rules not changing but the version being bumped anyway.

It sounds like you've been discussing this offline, so I'm going to leave these as general comments and let you work out what needs to be changed.

@brokensound77
Copy link
Contributor

The rule files need to be converted from CRLF to LF for consistency (with no other changes). Should I wait to push this commit for additional tests to run or can I push now?

@randomuserid randomuserid requested a review from rw-access April 7, 2020 00:14
Copy link
Contributor

@rw-access rw-access left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm when tests pass

for Garrett
Craig added 4 commits April 6, 2020 20:34
delete 2 files (for Garrett)
This reverts commit cc2ac1e.
@kibanamachine
Copy link
Contributor

💚 Build Succeeded

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@spong spong merged commit b65de27 into master Apr 7, 2020
@spong spong deleted the 77-siem-rules-bc5 branch April 7, 2020 02:45
spong added a commit to spong/kibana that referenced this pull request Apr 7, 2020
* bc5 rule merge

version changes
field changes to endpoint rules
removed max_signals from 7 rules

* Fixing monitoring i18n (elastic#62715)

* Updates esarchiver test data with the latest rules (elastic#62723)

* Remove CR, only CRLF for rules

* delete two files

for Garrett

* deletes

delete 2 files (for Garrett)

* Revert "deletes"

This reverts commit cc2ac1e.

* Revert "Fixing monitoring i18n (elastic#62715)"

This reverts commit 0285740.

Co-authored-by: Elastic Machine <[email protected]>
Co-authored-by: Garrett Spong <[email protected]>
Co-authored-by: Ross Wolf <[email protected]>
spong added a commit to spong/kibana that referenced this pull request Apr 7, 2020
* bc5 rule merge

version changes
field changes to endpoint rules
removed max_signals from 7 rules

* Fixing monitoring i18n (elastic#62715)

* Updates esarchiver test data with the latest rules (elastic#62723)

* Remove CR, only CRLF for rules

* delete two files

for Garrett

* deletes

delete 2 files (for Garrett)

* Revert "deletes"

This reverts commit cc2ac1e.

* Revert "Fixing monitoring i18n (elastic#62715)"

This reverts commit 0285740.

Co-authored-by: Elastic Machine <[email protected]>
Co-authored-by: Garrett Spong <[email protected]>
Co-authored-by: Ross Wolf <[email protected]>
spong added a commit that referenced this pull request Apr 7, 2020
* bc5 rule merge

version changes
field changes to endpoint rules
removed max_signals from 7 rules

* Fixing monitoring i18n (#62715)

* Updates esarchiver test data with the latest rules (#62723)

* Remove CR, only CRLF for rules

* delete two files

for Garrett

* deletes

delete 2 files (for Garrett)

* Revert "deletes"

This reverts commit cc2ac1e.

* Revert "Fixing monitoring i18n (#62715)"

This reverts commit 0285740.

Co-authored-by: Elastic Machine <[email protected]>
Co-authored-by: Garrett Spong <[email protected]>
Co-authored-by: Ross Wolf <[email protected]>

Co-authored-by: The SpaceCake Project <[email protected]>
Co-authored-by: Elastic Machine <[email protected]>
Co-authored-by: Ross Wolf <[email protected]>
spong added a commit that referenced this pull request Apr 7, 2020
* bc5 rule merge

version changes
field changes to endpoint rules
removed max_signals from 7 rules

* Fixing monitoring i18n (#62715)

* Updates esarchiver test data with the latest rules (#62723)

* Remove CR, only CRLF for rules

* delete two files

for Garrett

* deletes

delete 2 files (for Garrett)

* Revert "deletes"

This reverts commit cc2ac1e.

* Revert "Fixing monitoring i18n (#62715)"

This reverts commit 0285740.

Co-authored-by: Elastic Machine <[email protected]>
Co-authored-by: Garrett Spong <[email protected]>
Co-authored-by: Ross Wolf <[email protected]>

Co-authored-by: The SpaceCake Project <[email protected]>
Co-authored-by: Elastic Machine <[email protected]>
Co-authored-by: Ross Wolf <[email protected]>
gmmorris added a commit to gmmorris/kibana that referenced this pull request Apr 7, 2020
* master: (36 commits)
  [data.search.aggs] Remove service getters from agg types (elastic#61628)
  fixing APM internationalization (elastic#62757)
  fix: 🐛 correctly create error on no_matching_indices (elastic#61257)
  [Lens] Remove all legacy imports (elastic#62596)
  Add label for ace editor (elastic#62588)
  [ML] Show better file structure finder explanations (elastic#62316)
  Fix old pathes in eslintrc (elastic#62580)
  [Uptime] Improve Telemetry test (elastic#62428)
  [SIEM] Adds sort rules Cypress test (elastic#62700)
  [Uptime]Abstracted 'access:uptime-read' tag into a wrapper for… (elastic#62576)
  fixing bug (elastic#62577)
  [Maps] Allow updating requestType for ESGeoGridSource (elastic#62365)
  [Maps] do not show circle border when symbol size is zero (elastic#62644)
  [Maps] Always show current zoom level (elastic#62684)
  bc5 siem rules merge (elastic#62679)
  Revert "[Monitoring] Cluster state watch to Kibana alerting (elastic#61685)"
  Fix visual tests (elastic#62660)
  [Telemetry] update crypto packages (elastic#62469)
  [DOCS] Removed references to left (elastic#60807)
  [Maps] Move layers to np maps (elastic#61877)
  ...
@MindyRS MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Sep 23, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
release_note:skip Skip the PR/issue when compiling release notes Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM v7.7.0 v8.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants