Skip to content

Commit 8277147

Browse files
shashank-elasticshashank-elastic
authored
Merge branch 'main' into 5255-bug-dac-auto-gen-schema-fails-on-certain-subqueries
2 parents 6583002 + e938ecf commit 8277147

File tree

138 files changed

+2533
-1246
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

138 files changed

+2533
-1246
lines changed

detection_rules/etc/api_schemas/master/master.base.json

Lines changed: 21 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -83,15 +83,15 @@
8383
]
8484
},
8585
"interval": {
86-
"type": [
87-
"string"
88-
]
86+
"pattern": "^\\d+[mshd]$",
87+
"type": "string"
8988
},
9089
"investigation_fields": {
9190
"additionalProperties": false,
9291
"properties": {
9392
"field_names": {
9493
"items": {
94+
"minLength": 1,
9595
"type": "string"
9696
},
9797
"type": "array"
@@ -108,9 +108,8 @@
108108
]
109109
},
110110
"max_signals": {
111-
"type": [
112-
"integer"
113-
]
111+
"minimum": 1,
112+
"type": "integer"
114113
},
115114
"meta": {
116115
"additionalProperties": {
@@ -147,22 +146,11 @@
147146
"items": {
148147
"additionalProperties": false,
149148
"properties": {
150-
"integration": {
151-
"type": [
152-
"string"
153-
]
154-
},
155149
"package": {
156-
"type": "string"
157-
},
158-
"version": {
150+
"minLength": 1,
159151
"type": "string"
160152
}
161153
},
162-
"required": [
163-
"package",
164-
"version"
165-
],
166154
"type": "object"
167155
},
168156
"min_compat": "8.3",
@@ -178,16 +166,12 @@
178166
"type": "boolean"
179167
},
180168
"name": {
181-
"type": "string"
182-
},
183-
"type": {
169+
"minLength": 1,
184170
"type": "string"
185171
}
186172
},
187173
"required": [
188-
"ecs",
189-
"name",
190-
"type"
174+
"ecs"
191175
],
192176
"type": "object"
193177
},
@@ -203,6 +187,8 @@
203187
]
204188
},
205189
"risk_score": {
190+
"maximum": 100,
191+
"minimum": 1,
206192
"type": "integer"
207193
},
208194
"risk_score_mapping": {
@@ -236,6 +222,7 @@
236222
]
237223
},
238224
"rule_id": {
225+
"pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$|^7eb54028-ca72-4eb7-8185-b6864572347db$",
239226
"type": "string"
240227
},
241228
"rule_name_override": {
@@ -323,13 +310,13 @@
323310
"type": "string"
324311
},
325312
"reference": {
313+
"pattern": "^https://attack.mitre.org/tactics/TA[0-9]+/$",
326314
"type": "string"
327315
}
328316
},
329317
"required": [
330318
"id",
331-
"name",
332-
"reference"
319+
"name"
333320
],
334321
"type": "object"
335322
},
@@ -344,6 +331,7 @@
344331
"type": "string"
345332
},
346333
"reference": {
334+
"pattern": "^https://attack.mitre.org/techniques/T[0-9]+/$",
347335
"type": "string"
348336
},
349337
"subtechnique": {
@@ -357,13 +345,13 @@
357345
"type": "string"
358346
},
359347
"reference": {
348+
"pattern": "^https://attack.mitre.org/techniques/T[0-9]+/[0-9]+/$",
360349
"type": "string"
361350
}
362351
},
363352
"required": [
364353
"id",
365-
"name",
366-
"reference"
354+
"name"
367355
],
368356
"type": "object"
369357
},
@@ -374,8 +362,7 @@
374362
},
375363
"required": [
376364
"id",
377-
"name",
378-
"reference"
365+
"name"
379366
],
380367
"type": "object"
381368
},
@@ -400,14 +387,10 @@
400387
]
401388
},
402389
"timeline_id": {
403-
"type": [
404-
"string"
405-
]
390+
"type": "string"
406391
},
407392
"timeline_title": {
408-
"type": [
409-
"string"
410-
]
393+
"type": "string"
411394
},
412395
"timestamp_override": {
413396
"type": [
@@ -434,17 +417,13 @@
434417
"type": "string"
435418
},
436419
"version": {
437-
"type": [
438-
"integer"
439-
]
420+
"minimum": 1,
421+
"type": "integer"
440422
}
441423
},
442424
"required": [
443425
"author",
444426
"description",
445-
"name",
446-
"risk_score",
447-
"rule_id",
448427
"severity",
449428
"type"
450429
],

detection_rules/etc/api_schemas/master/master.eql.json

Lines changed: 31 additions & 48 deletions
Original file line numberDiff line numberDiff line change
@@ -35,29 +35,33 @@
3535
"type": "string"
3636
},
3737
"value": {
38+
"minimum": 1,
3839
"type": "integer"
3940
}
4041
},
4142
"required": [
42-
"unit",
43-
"value"
43+
"unit"
4444
],
4545
"type": "object"
4646
},
4747
"group_by": {
4848
"items": {
49+
"minLength": 1,
4950
"type": "string"
5051
},
52+
"maxItems": 3,
53+
"minItems": 1,
5154
"type": "array"
5255
},
5356
"missing_fields_strategy": {
57+
"enum": [
58+
"suppress",
59+
"doNotSuppress"
60+
],
61+
"enumNames": [],
5462
"type": "string"
5563
}
5664
},
57-
"required": [
58-
"group_by",
59-
"missing_fields_strategy"
60-
],
6165
"type": "object"
6266
},
6367
"author": {
@@ -143,15 +147,15 @@
143147
]
144148
},
145149
"interval": {
146-
"type": [
147-
"string"
148-
]
150+
"pattern": "^\\d+[mshd]$",
151+
"type": "string"
149152
},
150153
"investigation_fields": {
151154
"additionalProperties": false,
152155
"properties": {
153156
"field_names": {
154157
"items": {
158+
"minLength": 1,
155159
"type": "string"
156160
},
157161
"type": "array"
@@ -174,9 +178,8 @@
174178
]
175179
},
176180
"max_signals": {
177-
"type": [
178-
"integer"
179-
]
181+
"minimum": 1,
182+
"type": "integer"
180183
},
181184
"meta": {
182185
"additionalProperties": {
@@ -216,22 +219,11 @@
216219
"items": {
217220
"additionalProperties": false,
218221
"properties": {
219-
"integration": {
220-
"type": [
221-
"string"
222-
]
223-
},
224222
"package": {
225-
"type": "string"
226-
},
227-
"version": {
223+
"minLength": 1,
228224
"type": "string"
229225
}
230226
},
231-
"required": [
232-
"package",
233-
"version"
234-
],
235227
"type": "object"
236228
},
237229
"min_compat": "8.3",
@@ -247,16 +239,12 @@
247239
"type": "boolean"
248240
},
249241
"name": {
250-
"type": "string"
251-
},
252-
"type": {
242+
"minLength": 1,
253243
"type": "string"
254244
}
255245
},
256246
"required": [
257-
"ecs",
258-
"name",
259-
"type"
247+
"ecs"
260248
],
261249
"type": "object"
262250
},
@@ -272,6 +260,8 @@
272260
]
273261
},
274262
"risk_score": {
263+
"maximum": 100,
264+
"minimum": 1,
275265
"type": "integer"
276266
},
277267
"risk_score_mapping": {
@@ -305,6 +295,7 @@
305295
]
306296
},
307297
"rule_id": {
298+
"pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$|^7eb54028-ca72-4eb7-8185-b6864572347db$",
308299
"type": "string"
309300
},
310301
"rule_name_override": {
@@ -392,13 +383,13 @@
392383
"type": "string"
393384
},
394385
"reference": {
386+
"pattern": "^https://attack.mitre.org/tactics/TA[0-9]+/$",
395387
"type": "string"
396388
}
397389
},
398390
"required": [
399391
"id",
400-
"name",
401-
"reference"
392+
"name"
402393
],
403394
"type": "object"
404395
},
@@ -413,6 +404,7 @@
413404
"type": "string"
414405
},
415406
"reference": {
407+
"pattern": "^https://attack.mitre.org/techniques/T[0-9]+/$",
416408
"type": "string"
417409
},
418410
"subtechnique": {
@@ -426,13 +418,13 @@
426418
"type": "string"
427419
},
428420
"reference": {
421+
"pattern": "^https://attack.mitre.org/techniques/T[0-9]+/[0-9]+/$",
429422
"type": "string"
430423
}
431424
},
432425
"required": [
433426
"id",
434-
"name",
435-
"reference"
427+
"name"
436428
],
437429
"type": "object"
438430
},
@@ -443,8 +435,7 @@
443435
},
444436
"required": [
445437
"id",
446-
"name",
447-
"reference"
438+
"name"
448439
],
449440
"type": "object"
450441
},
@@ -475,14 +466,10 @@
475466
]
476467
},
477468
"timeline_id": {
478-
"type": [
479-
"string"
480-
]
469+
"type": "string"
481470
},
482471
"timeline_title": {
483-
"type": [
484-
"string"
485-
]
472+
"type": "string"
486473
},
487474
"timestamp_field": {
488475
"min_compat": "8.0",
@@ -507,19 +494,15 @@
507494
"type": "string"
508495
},
509496
"version": {
510-
"type": [
511-
"integer"
512-
]
497+
"minimum": 1,
498+
"type": "integer"
513499
}
514500
},
515501
"required": [
516502
"author",
517503
"description",
518504
"language",
519-
"name",
520505
"query",
521-
"risk_score",
522-
"rule_id",
523506
"severity",
524507
"type"
525508
],

0 commit comments

Comments
 (0)