Skip to content

Commit 93ac471

Browse files
shashank-elasticshashank-elastic
authored
Monthly Schema Updates (#5046)
1 parent 61af3e8 commit 93ac471

File tree

84 files changed

+573
-330
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

84 files changed

+573
-330
lines changed

detection_rules/etc/api_schemas/master/master.base.json

Lines changed: 42 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -83,15 +83,15 @@
8383
]
8484
},
8585
"interval": {
86-
"pattern": "^\\d+[mshd]$",
87-
"type": "string"
86+
"type": [
87+
"string"
88+
]
8889
},
8990
"investigation_fields": {
9091
"additionalProperties": false,
9192
"properties": {
9293
"field_names": {
9394
"items": {
94-
"minLength": 1,
9595
"type": "string"
9696
},
9797
"type": "array"
@@ -108,8 +108,9 @@
108108
]
109109
},
110110
"max_signals": {
111-
"minimum": 1,
112-
"type": "integer"
111+
"type": [
112+
"integer"
113+
]
113114
},
114115
"meta": {
115116
"additionalProperties": {
@@ -146,11 +147,22 @@
146147
"items": {
147148
"additionalProperties": false,
148149
"properties": {
150+
"integration": {
151+
"type": [
152+
"string"
153+
]
154+
},
149155
"package": {
150-
"minLength": 1,
156+
"type": "string"
157+
},
158+
"version": {
151159
"type": "string"
152160
}
153161
},
162+
"required": [
163+
"package",
164+
"version"
165+
],
154166
"type": "object"
155167
},
156168
"min_compat": "8.3",
@@ -166,12 +178,16 @@
166178
"type": "boolean"
167179
},
168180
"name": {
169-
"minLength": 1,
181+
"type": "string"
182+
},
183+
"type": {
170184
"type": "string"
171185
}
172186
},
173187
"required": [
174-
"ecs"
188+
"ecs",
189+
"name",
190+
"type"
175191
],
176192
"type": "object"
177193
},
@@ -187,8 +203,6 @@
187203
]
188204
},
189205
"risk_score": {
190-
"maximum": 100,
191-
"minimum": 1,
192206
"type": "integer"
193207
},
194208
"risk_score_mapping": {
@@ -222,7 +236,6 @@
222236
]
223237
},
224238
"rule_id": {
225-
"pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$",
226239
"type": "string"
227240
},
228241
"rule_name_override": {
@@ -310,13 +323,13 @@
310323
"type": "string"
311324
},
312325
"reference": {
313-
"pattern": "^https://attack.mitre.org/tactics/TA[0-9]+/$",
314326
"type": "string"
315327
}
316328
},
317329
"required": [
318330
"id",
319-
"name"
331+
"name",
332+
"reference"
320333
],
321334
"type": "object"
322335
},
@@ -331,7 +344,6 @@
331344
"type": "string"
332345
},
333346
"reference": {
334-
"pattern": "^https://attack.mitre.org/techniques/T[0-9]+/$",
335347
"type": "string"
336348
},
337349
"subtechnique": {
@@ -345,13 +357,13 @@
345357
"type": "string"
346358
},
347359
"reference": {
348-
"pattern": "^https://attack.mitre.org/techniques/T[0-9]+/[0-9]+/$",
349360
"type": "string"
350361
}
351362
},
352363
"required": [
353364
"id",
354-
"name"
365+
"name",
366+
"reference"
355367
],
356368
"type": "object"
357369
},
@@ -362,7 +374,8 @@
362374
},
363375
"required": [
364376
"id",
365-
"name"
377+
"name",
378+
"reference"
366379
],
367380
"type": "object"
368381
},
@@ -387,10 +400,14 @@
387400
]
388401
},
389402
"timeline_id": {
390-
"type": "string"
403+
"type": [
404+
"string"
405+
]
391406
},
392407
"timeline_title": {
393-
"type": "string"
408+
"type": [
409+
"string"
410+
]
394411
},
395412
"timestamp_override": {
396413
"type": [
@@ -417,13 +434,17 @@
417434
"type": "string"
418435
},
419436
"version": {
420-
"minimum": 1,
421-
"type": "integer"
437+
"type": [
438+
"integer"
439+
]
422440
}
423441
},
424442
"required": [
425443
"author",
426444
"description",
445+
"name",
446+
"risk_score",
447+
"rule_id",
427448
"severity",
428449
"type"
429450
],

detection_rules/etc/api_schemas/master/master.eql.json

Lines changed: 48 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -35,33 +35,29 @@
3535
"type": "string"
3636
},
3737
"value": {
38-
"minimum": 1,
3938
"type": "integer"
4039
}
4140
},
4241
"required": [
43-
"unit"
42+
"unit",
43+
"value"
4444
],
4545
"type": "object"
4646
},
4747
"group_by": {
4848
"items": {
49-
"minLength": 1,
5049
"type": "string"
5150
},
52-
"maxItems": 3,
53-
"minItems": 1,
5451
"type": "array"
5552
},
5653
"missing_fields_strategy": {
57-
"enum": [
58-
"suppress",
59-
"doNotSuppress"
60-
],
61-
"enumNames": [],
6254
"type": "string"
6355
}
6456
},
57+
"required": [
58+
"group_by",
59+
"missing_fields_strategy"
60+
],
6561
"type": "object"
6662
},
6763
"author": {
@@ -147,15 +143,15 @@
147143
]
148144
},
149145
"interval": {
150-
"pattern": "^\\d+[mshd]$",
151-
"type": "string"
146+
"type": [
147+
"string"
148+
]
152149
},
153150
"investigation_fields": {
154151
"additionalProperties": false,
155152
"properties": {
156153
"field_names": {
157154
"items": {
158-
"minLength": 1,
159155
"type": "string"
160156
},
161157
"type": "array"
@@ -178,8 +174,9 @@
178174
]
179175
},
180176
"max_signals": {
181-
"minimum": 1,
182-
"type": "integer"
177+
"type": [
178+
"integer"
179+
]
183180
},
184181
"meta": {
185182
"additionalProperties": {
@@ -219,11 +216,22 @@
219216
"items": {
220217
"additionalProperties": false,
221218
"properties": {
219+
"integration": {
220+
"type": [
221+
"string"
222+
]
223+
},
222224
"package": {
223-
"minLength": 1,
225+
"type": "string"
226+
},
227+
"version": {
224228
"type": "string"
225229
}
226230
},
231+
"required": [
232+
"package",
233+
"version"
234+
],
227235
"type": "object"
228236
},
229237
"min_compat": "8.3",
@@ -239,12 +247,16 @@
239247
"type": "boolean"
240248
},
241249
"name": {
242-
"minLength": 1,
250+
"type": "string"
251+
},
252+
"type": {
243253
"type": "string"
244254
}
245255
},
246256
"required": [
247-
"ecs"
257+
"ecs",
258+
"name",
259+
"type"
248260
],
249261
"type": "object"
250262
},
@@ -260,8 +272,6 @@
260272
]
261273
},
262274
"risk_score": {
263-
"maximum": 100,
264-
"minimum": 1,
265275
"type": "integer"
266276
},
267277
"risk_score_mapping": {
@@ -295,7 +305,6 @@
295305
]
296306
},
297307
"rule_id": {
298-
"pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$",
299308
"type": "string"
300309
},
301310
"rule_name_override": {
@@ -383,13 +392,13 @@
383392
"type": "string"
384393
},
385394
"reference": {
386-
"pattern": "^https://attack.mitre.org/tactics/TA[0-9]+/$",
387395
"type": "string"
388396
}
389397
},
390398
"required": [
391399
"id",
392-
"name"
400+
"name",
401+
"reference"
393402
],
394403
"type": "object"
395404
},
@@ -404,7 +413,6 @@
404413
"type": "string"
405414
},
406415
"reference": {
407-
"pattern": "^https://attack.mitre.org/techniques/T[0-9]+/$",
408416
"type": "string"
409417
},
410418
"subtechnique": {
@@ -418,13 +426,13 @@
418426
"type": "string"
419427
},
420428
"reference": {
421-
"pattern": "^https://attack.mitre.org/techniques/T[0-9]+/[0-9]+/$",
422429
"type": "string"
423430
}
424431
},
425432
"required": [
426433
"id",
427-
"name"
434+
"name",
435+
"reference"
428436
],
429437
"type": "object"
430438
},
@@ -435,7 +443,8 @@
435443
},
436444
"required": [
437445
"id",
438-
"name"
446+
"name",
447+
"reference"
439448
],
440449
"type": "object"
441450
},
@@ -466,10 +475,14 @@
466475
]
467476
},
468477
"timeline_id": {
469-
"type": "string"
478+
"type": [
479+
"string"
480+
]
470481
},
471482
"timeline_title": {
472-
"type": "string"
483+
"type": [
484+
"string"
485+
]
473486
},
474487
"timestamp_field": {
475488
"min_compat": "8.0",
@@ -494,15 +507,19 @@
494507
"type": "string"
495508
},
496509
"version": {
497-
"minimum": 1,
498-
"type": "integer"
510+
"type": [
511+
"integer"
512+
]
499513
}
500514
},
501515
"required": [
502516
"author",
503517
"description",
504518
"language",
519+
"name",
505520
"query",
521+
"risk_score",
522+
"rule_id",
506523
"severity",
507524
"type"
508525
],

0 commit comments

Comments
 (0)