RFC Draft start

sdesalas · sdesalas · commit 18906f201b1c · 2025-10-31T12:02:52.000+01:00
diff --git a/x-pack/solutions/security/plugins/security_solution/docs/rfcs/detection_response/saved_object_versioning_capability.md b/x-pack/solutions/security/plugins/security_solution/docs/rfcs/detection_response/saved_object_versioning_capability.md
@@ -0,0 +1,39 @@
+# RFC: Saved Object versioning capability
+
+- **Author(s)**: @sdesalas
+- **Status**: Draft
+- **Created**: August 31 Oct 2025
+- **Product Initiatives**: https://github.com/elastic/security-team/issues/12431 (internal)
+- **Product Requirements Document**: (tba)
+- **Reviewers**: @elastic/security-detection-rule-management, @marshallmain
+
+---
+
+- [1. Summary](#1-summary)
+- [2. Motivation](#2-motivation)
+- [3. Architecture](#3-architecture)
+- [4. Testing](#4-testing)
+- [5. Detailed design](#5-detailed-design)
+- [6. Technical impact](#6-technical-impact)
+- [7. Drawbacks](#7-drawbacks)
+- [8. Alternatives](#8-alternatives)
+- [9. Adoption strategy](#9-adoption-strategy)
+- [10. How we teach this](#10-how-we-teach-this)
+- [11. Unresolved questions](#11-unresolved-questions)
+- [12. Resolved questions](#12-resolved-questions)
+
+## 1. Summary
+
+This RFC proposes changes to the [Saved Objects service](https://www.elastic.co/docs/extend/kibana/saved-objects-service) in order to support _optional_ versioning and change tracking capabilities in order to meet security product requirements.
+
+## 2. Motivation
+
+Security departments need to comply with an ever increasing set of standards and regulations ([DORA](https://www.eiopa.europa.eu/digital-operational-resilience-act-dora_en), [ISO 27001](https://www.iso.org/standard/27001)).
+
+As such, users of our security platform are expecting a modern and robust change management process when it comes to managing their detection rules and related entities such as rule exceptions, which are currently stored in Kibana as Saved Objects ([1](https://github.com/elastic/enhancements/issues/18841), [2](https://github.com/elastic/enhancements/issues/14407), [3](https://github.com/elastic/enhancements/issues/22381), [4](https://github.com/elastic/enhancements/issues/17559), [5](https://github.com/elastic/enhancements/issues/14655)).
+
+Specifically, users need to be able to show the state of the rule at the specific point in time. They need to be able to review historical changes made to rules, including those that have been deleted. And they also expect the ability revert to previous state of the rule as needed. They need this for compliance reasons, to understand why the changes were made, as well as to troubleshoot and ensure their correct behaviour. 
+
+This is currently one of lead SIEM topics in terms of value and impact to our users. 
+
+
