diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts index afc208ce1223f..e0686e5669e85 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts +++ b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts @@ -79,57 +79,6 @@ export const FieldPickVersionValues = z.enum(['BASE', 'CURRENT', 'TARGET', 'MERG export type FieldPickVersionValuesEnum = typeof FieldPickVersionValues.enum; export const FieldPickVersionValuesEnum = FieldPickVersionValues.enum; -export type FieldUpgradeRequest = z.infer; -export const FieldUpgradeRequest = z.object({ - pick_version: z.enum(['BASE', 'CURRENT', 'TARGET', 'MERGED', 'RESOLVED']), - resolved_value: z - .union([ - RuleName, - RuleTagArray, - RuleDescription, - Severity, - SeverityMapping, - RiskScore, - RiskScoreMapping, - RuleReferenceArray, - RuleFalsePositiveArray, - ThreatArray, - InvestigationGuide, - SetupGuide, - RelatedIntegrationArray, - RequiredFieldArray, - RequiredFieldArray, - MaxSignals, - BuildingBlockType, - RuleIntervalFrom, - RuleInterval, - RuleExceptionList, - RuleNameOverride, - TimestampOverride, - TimestampOverrideFallbackDisabled, - TimelineTemplateId, - TimelineTemplateTitle, - IndexPatternArray, - DataViewId, - RuleQuery, - QueryLanguage, - RuleFilterArray, - SavedQueryId, - MachineLearningJobId, - AnomalyThreshold, - AnomalyThreshold, - ThreatQuery, - ThreatMapping, - ThreatIndex, - ThreatFilters, - ThreatIndicatorPath, - KqlQueryLanguage, - NewTermsFields, - HistoryWindowStart, - ]) - .optional(), -}); - export type RuleUpgradeSpecifier = z.infer; export const RuleUpgradeSpecifier = z.object({ rule_id: RuleSignatureId, @@ -145,46 +94,246 @@ will default to a `pick_version` of `MERGED`. */ fields: z .object({ - name: FieldUpgradeRequest.optional(), - tags: FieldUpgradeRequest.optional(), - description: FieldUpgradeRequest.optional(), - severity: FieldUpgradeRequest.optional(), - severity_mapping: FieldUpgradeRequest.optional(), - risk_score: FieldUpgradeRequest.optional(), - risk_score_mapping: FieldUpgradeRequest.optional(), - references: FieldUpgradeRequest.optional(), - false_positives: FieldUpgradeRequest.optional(), - threat: FieldUpgradeRequest.optional(), - note: FieldUpgradeRequest.optional(), - setup: FieldUpgradeRequest.optional(), - related_integrations: FieldUpgradeRequest.optional(), - required_fields: FieldUpgradeRequest.optional(), - max_signals: FieldUpgradeRequest.optional(), - building_block_type: FieldUpgradeRequest.optional(), - from: FieldUpgradeRequest.optional(), - interval: FieldUpgradeRequest.optional(), - exceptions_list: FieldUpgradeRequest.optional(), - rule_name_override: FieldUpgradeRequest.optional(), - timestamp_override: FieldUpgradeRequest.optional(), - timestamp_override_fallback_disabled: FieldUpgradeRequest.optional(), - timeline_id: FieldUpgradeRequest.optional(), - timeline_title: FieldUpgradeRequest.optional(), - index: FieldUpgradeRequest.optional(), - data_view_id: FieldUpgradeRequest.optional(), - query: FieldUpgradeRequest.optional(), - language: FieldUpgradeRequest.optional(), - filters: FieldUpgradeRequest.optional(), - saved_id: FieldUpgradeRequest.optional(), - machine_learning_job_id: FieldUpgradeRequest.optional(), - anomaly_threshold: FieldUpgradeRequest.optional(), - threat_query: FieldUpgradeRequest.optional(), - threat_mapping: FieldUpgradeRequest.optional(), - threat_index: FieldUpgradeRequest.optional(), - threat_filters: FieldUpgradeRequest.optional(), - threat_indicator_path: FieldUpgradeRequest.optional(), - threat_language: FieldUpgradeRequest.optional(), - new_terms_fields: FieldUpgradeRequest.optional(), - history_window_start: FieldUpgradeRequest.optional(), + name: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: RuleName.optional(), + }) + .optional(), + tags: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: RuleTagArray.optional(), + }) + .optional(), + description: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: RuleDescription.optional(), + }) + .optional(), + severity: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: Severity.optional(), + }) + .optional(), + severity_mapping: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: SeverityMapping.optional(), + }) + .optional(), + risk_score: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: RiskScore.optional(), + }) + .optional(), + risk_score_mapping: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: RiskScoreMapping.optional(), + }) + .optional(), + references: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: RuleReferenceArray.optional(), + }) + .optional(), + false_positives: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: RuleFalsePositiveArray.optional(), + }) + .optional(), + threat: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: ThreatArray.optional(), + }) + .optional(), + note: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: InvestigationGuide.optional(), + }) + .optional(), + setup: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: SetupGuide.optional(), + }) + .optional(), + related_integrations: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: RelatedIntegrationArray.optional(), + }) + .optional(), + required_fields: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: RequiredFieldArray.optional(), + }) + .optional(), + max_signals: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: MaxSignals.optional(), + }) + .optional(), + building_block_type: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: BuildingBlockType.optional(), + }) + .optional(), + from: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: RuleIntervalFrom.optional(), + }) + .optional(), + interval: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: RuleInterval.optional(), + }) + .optional(), + exceptions_list: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: RuleExceptionList.optional(), + }) + .optional(), + rule_name_override: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: RuleNameOverride.optional(), + }) + .optional(), + timestamp_override: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: TimestampOverride.optional(), + }) + .optional(), + timestamp_override_fallback_disabled: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: TimestampOverrideFallbackDisabled.optional(), + }) + .optional(), + timeline_id: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: TimelineTemplateId.optional(), + }) + .optional(), + timeline_title: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: TimelineTemplateTitle.optional(), + }) + .optional(), + index: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: IndexPatternArray.optional(), + }) + .optional(), + data_view_id: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: DataViewId.optional(), + }) + .optional(), + query: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: RuleQuery.optional(), + }) + .optional(), + language: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: QueryLanguage.optional(), + }) + .optional(), + filters: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: RuleFilterArray.optional(), + }) + .optional(), + saved_id: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: SavedQueryId.optional(), + }) + .optional(), + machine_learning_job_id: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: MachineLearningJobId.optional(), + }) + .optional(), + anomaly_threshold: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: AnomalyThreshold.optional(), + }) + .optional(), + threat_query: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: ThreatQuery.optional(), + }) + .optional(), + threat_mapping: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: ThreatMapping.optional(), + }) + .optional(), + threat_index: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: ThreatIndex.optional(), + }) + .optional(), + threat_filters: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: ThreatFilters.optional(), + }) + .optional(), + threat_indicator_path: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: ThreatIndicatorPath.optional(), + }) + .optional(), + threat_language: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: KqlQueryLanguage.optional(), + }) + .optional(), + new_terms_fields: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: NewTermsFields.optional(), + }) + .optional(), + history_window_start: z + .object({ + pick_version: FieldPickVersionValues, + resolved_value: HistoryWindowStart.optional(), + }) + .optional(), }) .optional(), }); diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml index 057095e8c8e0b..ee7fb8c06d3c6 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml +++ b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml @@ -56,144 +56,371 @@ components: fields: type: object description: | - Fields that can be customized during the upgrade workflow - as decided in: https://github.com/elastic/kibana/issues/186544 - Fields listed here, which are not specified in the request body, - will default to a `pick_version` of `MERGED`. + Fields that can be customized during the upgrade workflow + as decided in: https://github.com/elastic/kibana/issues/186544 + Fields listed here, which are not specified in the request body, + will default to a `pick_version` of `MERGED`. properties: name: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleName' tags: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleTagArray' description: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleDescription' severity: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/Severity' severity_mapping: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/SeverityMapping' risk_score: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RiskScore' risk_score_mapping: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RiskScoreMapping' references: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleReferenceArray' false_positives: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleFalsePositiveArray' threat: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/ThreatArray' note: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/InvestigationGuide' setup: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/SetupGuide' related_integrations: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RelatedIntegrationArray' required_fields: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RequiredFieldArray' max_signals: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/MaxSignals' building_block_type: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/BuildingBlockType' from: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleIntervalFrom' interval: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleInterval' exceptions_list: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleExceptionList' rule_name_override: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleNameOverride' timestamp_override: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimestampOverride' timestamp_override_fallback_disabled: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimestampOverrideFallbackDisabled' timeline_id: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimelineTemplateId' timeline_title: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimelineTemplateTitle' index: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/IndexPatternArray' data_view_id: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/DataViewId' query: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleQuery' language: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/QueryLanguage' filters: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleFilterArray' saved_id: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/SavedQueryId' machine_learning_job_id: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/ml_attributes.schema.yaml#/components/schemas/MachineLearningJobId' anomaly_threshold: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/ml_attributes.schema.yaml#/components/schemas/AnomalyThreshold' threat_query: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatQuery' threat_mapping: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatMapping' threat_index: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatIndex' threat_filters: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatFilters' threat_indicator_path: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatIndicatorPath' threat_language: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/KqlQueryLanguage' new_terms_fields: - $ref: '#/components/schemas/FieldUpgradeRequest' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/new_terms_attributes.schema.yaml#/components/schemas/NewTermsFields' history_window_start: - $ref: '#/components/schemas/FieldUpgradeRequest' - - FieldUpgradeRequest: - type: object - required: - - pick_version - properties: - pick_version: - type: string - enum: [BASE, CURRENT, TARGET, MERGED, RESOLVED] - resolved_value: - oneOf: - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleName' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleTagArray' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleDescription' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/Severity' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/SeverityMapping' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RiskScore' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RiskScoreMapping' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleReferenceArray' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleFalsePositiveArray' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/ThreatArray' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/InvestigationGuide' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/SetupGuide' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RelatedIntegrationArray' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RequiredFieldArray' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RequiredFieldArray' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/MaxSignals' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/BuildingBlockType' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleIntervalFrom' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleInterval' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleExceptionList' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleNameOverride' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimestampOverride' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimestampOverrideFallbackDisabled' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimelineTemplateId' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimelineTemplateTitle' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/IndexPatternArray' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/DataViewId' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleQuery' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/QueryLanguage' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleFilterArray' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/SavedQueryId' - - $ref: '../../model/rule_schema/specific_attributes/ml_attributes.schema.yaml#/components/schemas/MachineLearningJobId' - - $ref: '../../model/rule_schema/specific_attributes/ml_attributes.schema.yaml#/components/schemas/AnomalyThreshold' - - $ref: '../../model/rule_schema/specific_attributes/ml_attributes.schema.yaml#/components/schemas/AnomalyThreshold' - - $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatQuery' - - $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatMapping' - - $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatIndex' - - $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatFilters' - - $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatIndicatorPath' - - $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/KqlQueryLanguage' # threat_language - - $ref: '../../model/rule_schema/specific_attributes/new_terms_attributes.schema.yaml#/components/schemas/NewTermsFields' - - $ref: '../../model/rule_schema/specific_attributes/new_terms_attributes.schema.yaml#/components/schemas/HistoryWindowStart' + type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/FieldPickVersionValues' + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/new_terms_attributes.schema.yaml#/components/schemas/HistoryWindowStart' UpgradeSpecificRulesRequest: type: object