Merge branch 'main' into gen_investigation_guides

Author: Mikaayenson

.github/workflows/add-guidelines.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out the repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Set environment variable for early exit control
         id: check_label
@@ -57,5 +57,5 @@ jobs:
         uses: mshick/add-pr-comment@v2
         with:
           message-path: ${{ env.GUIDELINES_FILE }}
-          repo-token: ${{ secrets.PROTECTIONS_MACHINE_TOKEN }}
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
           message-id: "guidelines-comment"

.github/workflows/attack-coverage-update.yml

@@ -39,7 +39,7 @@ jobs:
 
       - name: Update navigator gist files and docs/ATT&CK-coverage.md file.
         env:
-          GITHUB_TOKEN: "${{ secrets.NAVIGATOR_GIST_TOKEN }}"
+          GITHUB_TOKEN: "${{ secrets.WRITE_TRADEBOT_GIST_TOKEN }}"
         run: |
          python -m detection_rules dev update-navigator-gists "${{ github.event.inputs.update-coverage }}"
          git add docs/"ATT\&CK-coverage.md"

.github/workflows/backport.yml

@@ -65,16 +65,16 @@ jobs:
 
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
-          token: ${{ secrets.PROTECTIONS_MACHINE_TOKEN }}
+          token: ${{ secrets.WRITE_TRADEBOT_DETECTION_RULES_TOKEN }}
           ref: main
           fetch-depth: 100
 
       - name: Set github config
         run: |
-          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
-          git config --global user.name "github-actions[bot]"
+          git config --global user.email "178941316+tradebot-elastic@users.noreply.github.com"
+          git config --global user.name "tradebot-elastic"
 
       - name: Get branch histories
         run: |
@@ -161,6 +161,6 @@ jobs:
       - name: "Notify slack on failure"
         uses: craftech-io/slack-action@v1
         with:
-          slack_webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }}
+          slack_webhook_url: ${{ secrets.EXTERNAL_SLACK_DETECTION_RULES_URL }}
           status: failure
         if: failure()

.github/workflows/branch-status-checks.yml

@@ -22,7 +22,7 @@ jobs:
       with:
         url: "https://api.github.com/repos/elastic/detection-rules/actions/workflows/pythonpackage.yml/runs?per_page=1&branch=${{matrix.target_branch}}"
         method: 'GET'
-        bearerToken: ${{ secrets.READ_ORG_TOKEN }}
+        bearerToken: ${{ secrets.READ_ELASTIC_DETECTION_RULES_ORG_TOKEN }}
 
     - name: Check Backport Status
       uses: actions/github-script@v6

.github/workflows/community.yml

@@ -15,7 +15,7 @@ jobs:
         uses: actions/github-script@v6
         id: membership
         with:
-          github-token: ${{ secrets.READ_ORG_TOKEN }}
+          github-token: ${{ secrets.READ_ELASTIC_DETECTION_RULES_ORG_TOKEN }}
           result-encoding: string
           script: |
 

.github/workflows/get-target-branches.yml

@@ -14,7 +14,7 @@ jobs:
     outputs:
       matrix: ${{ steps.get-branch-list.outputs.matrix }}
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - name: Set up Python 3.12
         uses: actions/setup-python@v5

.github/workflows/kibana-mitre-update.yml

@@ -2,7 +2,7 @@ name: Check MITRE ATT&CK Version Updates Are Synced
 
 on:
   pull_request:
-    types: 
+    types:
       - opened
     paths:
       - 'detection_rules/etc/attack-v*.json.gz'
@@ -18,8 +18,8 @@ jobs:
         id: changed-attack-files
         uses: tj-actions/changed-files@v44
         with:
-          files: detection_rules/etc/attack-v*.json.gz 
- 
+          files: detection_rules/etc/attack-v*.json.gz
+
       - name: Extract version from file name
         id: extract_version
         if: steps.changed-attack-files.outputs.any_changed == 'true'
@@ -33,9 +33,9 @@ jobs:
         run: |
           ISSUE_TITLE="[Security Solution] Update MITRE ATT&CK to ${{ steps.extract_version.outputs.version }}"
           ISSUE_BODY="The detection rules MITRE ATT&CK version has been updated to ${{ steps.extract_version.outputs.version }} Please update the MITRE ATT&CK version in Kibana accordingly."
-          
+
           curl -X POST \
-            -H "Authorization: token ${{ secrets.READ_WRITE_KIBANA_TOKEN }}" \
+            -H "Authorization: token ${{ secrets.WRITE_KIBANA_DETECTION_RULES_TOKEN }}" \
             -H "Accept: application/vnd.github.v3+json" \
             https://api.github.com/repos/elastic/kibana/issues \
             -d '{
@@ -44,4 +44,4 @@ jobs:
             }'
 
         env:
-          GITHUB_TOKEN: ${{ secrets.READ_WRITE_KIBANA_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.WRITE_KIBANA_DETECTION_RULES_TOKEN }}

.github/workflows/lock-versions.yml

@@ -22,7 +22,7 @@ jobs:
             }
 
       - name: Checkout detection-rules
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 

.github/workflows/manual-backport.yml

@@ -19,15 +19,15 @@ jobs:
     steps:
 
       - name: Checkout detection-rules
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
-          token: ${{ secrets.PROTECTIONS_MACHINE_TOKEN }}
+          token: ${{ secrets.WRITE_TRADEBOT_DETECTION_RULES_TOKEN }}
           fetch-depth: 0
 
       - name: Set github config
         run: |
-          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
-          git config --global user.name "github-actions[bot]"
+          git config --global user.email "178941316+tradebot-elastic@users.noreply.github.com"
+          git config --global user.name "tradebot-elastic"
 
       - name: Get branch histories
         run: |
@@ -81,6 +81,6 @@ jobs:
       - name: "Notify slack on failure"
         uses: craftech-io/slack-action@v1
         with:
-          slack_webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }}
+          slack_webhook_url: ${{ secrets.READ_DETECTION_RULES_SLACK_WEBHOOK_TOKEN }}
           status: failure
         if: failure()

.github/workflows/pythonpackage.yml

@@ -15,11 +15,11 @@ jobs:
     - uses: actions/checkout@v4
       with:
         fetch-depth: 1
-    
+
     - name: Fetch main branch
       run: |
         git fetch origin main:refs/remotes/origin/main
- 
+
     - name: Set up Python 3.12
       uses: actions/setup-python@v5
       with:
@@ -64,6 +64,6 @@ jobs:
 
     - name: Update navigator gist files
       env:
-        GITHUB_TOKEN: "${{ secrets.NAVIGATOR_GIST_TOKEN }}"
+        GITHUB_TOKEN: "${{ secrets.WRITE_TRADEBOT_GIST_TOKEN }}"
       if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
       run: python -m detection_rules dev update-navigator-gists