-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Architecture design for prebuilt rules customization #125665
Comments
Pinging @elastic/security-solution (Team: SecuritySolution) |
We have been waiting for this for a long time, as the team find it difficult to identify new pre-built rules to enabled then keep their clones in sync with regular updates pushed out by elastic. Some of the customisation's we make are
|
@mbudge Thank you so much for your feedback and for listing the customizations you usually make. Could you give an example of this one: |
Hi, I'm also interested in this feature, any updates? |
Hey @twanva, our team is working on it. At this point, you can look for updates in the related GH issues which you can find in the "Proposal" section of this issue's description. Do you have any specific questions or thoughts? |
The architecture is done, for everyone curious: please read the Architecture Design Document and the updated description of this issue. We are working on the implementation and hoping to ship this feature in one of the future releases! 🚢 |
Epic: https://github.com/elastic/security-team/issues/1974 (internal)
Summary
Come up with an architecture design for the workflows of:
We need to find answers to some technical questions, including:
We'd need a proposal (e.g. an architecture design document) providing answers to those questions and clarifying how it's all going to work. We should start opening tickets and/or RFCs where applicable for individual parts of the big problem.
Architecture Design
Architecture Design Document, status:
done
.Follow-up work
Here are some tickets that you can track to follow the progress on implementing prebuilt rules customization:
Design:
Removing filesystem rules:
Rule versions and revisions:
Fixes for Fleet:
Fleet package with historical versions of prebuilt rules (support in the current application):
API for prebuilt rule upgrade and installation workflows:
The text was updated successfully, but these errors were encountered: