Merge branch 'main' into 2700-bug-missing-spaces-between-logic-operators-does-not-raise-error

Author: eric-forte-elastic

.github/CODEOWNERS

@@ -1,15 +1,15 @@
 # detection-rules code owners
 # POC: Elastic Security Intelligence and Analytics Team
 
-tests/**/*.py     @brokensound77 @mikaayenson @eric-forte-elastic
-detection_rules/  @brokensound77 @mikaayenson @eric-forte-elastic
-tests/            @brokensound77 @mikaayenson @eric-forte-elastic
-lib/              @brokensound77 @mikaayenson @eric-forte-elastic
-rta/              @brokensound77 @mikaayenson @eric-forte-elastic
+tests/**/*.py     @mikaayenson @eric-forte-elastic @terrancedejesus
+detection_rules/  @mikaayenson @eric-forte-elastic @terrancedejesus
+tests/            @mikaayenson @eric-forte-elastic @terrancedejesus
+lib/              @mikaayenson @eric-forte-elastic @terrancedejesus
+rta/              @mikaayenson @eric-forte-elastic @terrancedejesus
+hunting/          @mikaayenson @eric-forte-elastic @terrancedejesus
 
 # skip rta-mapping to avoid the spam
-detection_rules/etc/packages.yaml  @brokensound77 @mikaayenson @eric-forte-elastic
-detection_rules/etc/*.json        @brokensound77 @mikaayenson @eric-forte-elastic
-detection_rules/etc/*.json        @brokensound77 @mikaayenson @eric-forte-elastic
-detection_rules/etc/*/*           @brokensound77 @mikaayenson @eric-forte-elastic
-
+detection_rules/etc/packages.yaml @mikaayenson @eric-forte-elastic @terrancedejesus
+detection_rules/etc/*.json        @mikaayenson @eric-forte-elastic @terrancedejesus
+detection_rules/etc/*.json        @mikaayenson @eric-forte-elastic @terrancedejesus
+detection_rules/etc/*/*           @mikaayenson @eric-forte-elastic @terrancedejesus

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,59 @@
+name: Bug Report
+description: Report a bug for the Python/testing components of detection-rules
+title: "[Bug] "
+labels: ["bug", "Team: TRADE"]
+assignees: []
+projects: ["elastic/1268"]
+
+body:
+  - type: textarea
+    id: bug_description
+    attributes:
+      label: Describe the Bug
+      description: "A clear and concise description of what the bug is."
+      placeholder: "Describe the bug..."
+
+  - type: textarea
+    id: reproduce_steps
+    attributes:
+      label: To Reproduce
+      description: "Steps to reproduce the behavior:"
+      placeholder: "1. Go to '...'\n2. Click on '....'\n3. Scroll down to '....'\n4. See error"
+
+  - type: textarea
+    id: expected_behavior
+    attributes:
+      label: Expected Behavior
+      description: "A clear and concise description of what you expected to happen."
+      placeholder: "Expected behavior..."
+
+  - type: textarea
+    id: screenshots
+    attributes:
+      label: Screenshots
+      description: "If applicable, add screenshots to help explain your problem."
+      placeholder: "Upload screenshots..."
+
+  - type: dropdown
+    id: os
+    attributes:
+      label: Desktop - OS
+      options:
+      - Windows
+      - macOS
+      - Linux
+      - other - explain
+
+  - type: input
+    id: version
+    attributes:
+      label: Desktop - Version
+      description: "The version of the operating system."
+      placeholder: "e.g., 10, 11, Big Sur, Ubuntu 20.04"
+
+  - type: textarea
+    id: additional_context
+    attributes:
+      label: Additional Context
+      description: "Add any other context or explanations about the problem here."
+      placeholder: "Additional context..."

.github/ISSUE_TEMPLATE/bug_report.yaml

@@ -0,0 +1,45 @@
+name: Feature Request
+description: 'Suggest an idea for this repository (Note: this does not include rule logic).'
+title: "[FR] "
+labels: ["enhancement", "Team: TRADE"]
+assignees: []
+projects: ["elastic/1268"]
+
+body:
+  - type: dropdown
+    id: feature
+    attributes:
+      label: Repository Feature
+      options:
+      - Core Repo - (rule management, validation, testing, lib, cicd, etc.)
+      - Detections-as-Code (DaC) - (primarily custom rule management)
+      - Hunting Library - (hunt query and markdown generation)
+      - other - explain
+
+  - type: textarea
+    id: problem_description
+    attributes:
+      label: Problem Description
+      description: "Is your feature request related to a problem? Please describe it clearly and concisely. Ex. I'm always frustrated when [...]"
+      placeholder: "Describe the problem..."
+
+  - type: textarea
+    id: desired_solution
+    attributes:
+      label: Desired Solution
+      description: "A clear and concise description of what you want to happen."
+      placeholder: "Describe the solution you want..."
+
+  - type: textarea
+    id: considered_alternatives
+    attributes:
+      label: Considered Alternatives
+      description: "A clear and concise description of any alternative solutions or features you've considered."
+      placeholder: "Describe any alternatives you've considered..."
+
+  - type: textarea
+    id: additional_context
+    attributes:
+      label: Additional Context
+      description: "Add any other context, explanations or screenshots about the feature request here."
+      placeholder: "Additional context, explanations, or screenshots..."

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,43 @@
+name: Tune Existing Hunt
+description: Suggestion for logic changes to an existing hunt
+title: "[Hunt Tuning] Name of Hunt"
+labels: ["Hunt: Tuning", "Team: TRADE"]
+assignees: []
+projects: ["elastic/1268"]
+
+body:
+  - type: input
+    id: hunt_link
+    attributes:
+      label: Link to hunt
+      description: "Provide a link to the hunt being recommended."
+      placeholder: "https://github.com/elastic/detection-hunts/tree/main/hunting/..."
+
+  - type: dropdown
+    id: tuning_type
+    attributes:
+      label: Hunt Tuning Type
+      options:
+      - False Positives - Reducing benign events mistakenly identified as threats.
+      - False Negatives - Enhancing detection of true threats that were previously missed.
+      - Performance - Optimizing resource consumption and execution time of detection hunts.
+      - Contextual Tuning - Customizing hunts based on specific environment factors.
+      - Threshold Adjustments - Modifying sensitivity by changing alert triggering thresholds.
+      - Behavioral Tuning - Refining hunts to better detect deviations from typical behavior.
+      - Temporal Tuning - Adjusting hunts based on time-based patterns.
+      - Severity Tuning - Adjusting priority or severity levels of alerts.
+      - Data Quality - Ensuring integrity and quality of data used by detection hunts.
+
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: "Provide a detailed description of the suggested changes."
+      placeholder: "Detailed description..."
+
+  - type: textarea
+    id: example_data
+    attributes:
+      label: Example Data
+      description: "If the query is to be changed, include example JSON data or a screenshot."
+      placeholder: "Example JSON data or screenshot..."

.github/ISSUE_TEMPLATE/feature_request.yaml

@@ -0,0 +1,93 @@
+name: New Hunt
+description: Suggestions and ideas for new hunts
+title: "[New hunt] Name of hunt"
+labels: ["Hunt: New", "Team: TRADE"]
+assignees: []
+projects: ["elastic/1268"]
+
+body:
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: "Provide a detailed description of the activity to be detected."
+      placeholder: "Detailed description..."
+
+  - type: dropdown
+    id: target_huntset
+    attributes:
+      label: Target Huntset
+      description: "Select the target rulset."
+      options:
+        - apm
+        - cross-platform
+        - aws
+        - aws_bedrock
+        - azure
+        - azure_openai
+        - beaconing
+        - cloud_defend
+        - cyberparkpas
+        - ded
+        - dga
+        - endpoint
+        - fim
+        - gcp
+        - github
+        - google_workspace
+        - kubernetes
+        - lmd
+        - o365
+        - okta
+        - problemchild
+        - linux
+        - macos
+        - ml
+        - network
+        - promotions
+        - threat_intel
+        - windows
+        - other
+
+  - type: dropdown
+    id: hunt_type
+    attributes:
+      label: Target hunt Type
+      description: "Select the target type."
+      options:
+        - Custom (KQL or Lucene)
+        - Machine Learning
+        - Threshold
+        - Event Correlation (EQL)
+        - Indicator Match
+        - New Terms
+        - ES|QL
+        - OSQuery
+
+  - type: textarea
+    id: query
+    attributes:
+      label: Query
+      description: "Provide the query for the hunt (optional)."
+      placeholder: "Query..."
+
+  - type: textarea
+    id: related_issues_prs
+    attributes:
+      label: Related issues or PRs
+      description: "Link any related issues or PRs (optional)."
+      placeholder: "Related issues or PRs..."
+
+  - type: textarea
+    id: references
+    attributes:
+      label: References
+      description: "List any references (optional)."
+      placeholder: "References..."
+
+  - type: textarea
+    id: example_data
+    attributes:
+      label: Redacted Example Data
+      description: "Provide a redacted example JSON data from the actual activity."
+      placeholder: "Example JSON data..."