Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] GetAllRuleCategories API #328

Closed
petardz opened this issue Feb 16, 2023 · 2 comments
Closed

[FEATURE] GetAllRuleCategories API #328

petardz opened this issue Feb 16, 2023 · 2 comments
Labels
enhancement New feature or request

Comments

@petardz
Copy link
Contributor

petardz commented Feb 16, 2023
edited by amsiglan
Loading

Is your feature request related to a problem?
Currently FE has all rule categories hardcoded.

What solution would you like?
We need capability for FE to fetch current rule categories from backend. We can implement new API GetAllRuleCategories which will return all categories enabled in backend:

GET /_plugins/_security_analytics/rules/categories

RESPONSE:

{
  "rule_categories": [
    {
      "key": "ad_ldap",
      "display_name": "AD/LDAP"
    },
    {
      "key": "dns",
      "display_name": "DNS logs"
    },
    {
      "key": "network",
      "display_name": "Network"
    },
    {
      "key": "apache_access",
      "display_name": "Apache access logs"
    },
    {
      "key": "cloudtrail",
      "display_name": "Cloud Trail logs"
    },
    {
      "key": "s3",
      "display_name": "S3 access logs"
    },
    {
      "key": "windows",
      "display_name": "Windows logs"
    },
    {
      "key": "linux",
      "display_name": "System logs"
    }
  ]
}

Response fields:

field description
key This value should be used as detectorType/ruleCategory param when calling APIs.(CreateDetector, SearchRules,...)
display_name Used on UI as label text
@petardz petardz added enhancement New feature or request untriaged labels Feb 16, 2023
@petardz petardz mentioned this issue Feb 16, 2023
Merged
5 tasks
@eirsep eirsep removed the untriaged label Feb 16, 2023
@amsiglan
Copy link
Collaborator

amsiglan commented Feb 16, 2023
edited
Loading

What is the use case for the enabled field? Can there be disabled categories and is it configurable by the user?
Also, how are we determining which categories are enabled?

@petardz
Copy link
Contributor Author

petardz commented Feb 16, 2023

@amsiglan After discussion with @sbcd90 I removed "enabled" param

@sbcd90 sbcd90 closed this as completed Mar 9, 2023
riysaxen-amzn pushed a commit to riysaxen-amzn/security-analytics that referenced this issue Feb 20, 2024
@jovancvetkovic3006
Patch missing detector_id with data already on UI (opensearch-project…
5eeb983 
…#328)

* [FEATURE] Detector must have at least one alert set opensearch-project#288

Signed-off-by: Jovan Cvetkovic <[email protected]>

* [FEATURE] Patch bad detector data for alerts opensearch-project#326

Signed-off-by: Jovan Cvetkovic <[email protected]>

Signed-off-by: Jovan Cvetkovic <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@sbcd90 @eirsep @petardz @amsiglan