Skip to content

Security Detection Rule Updates #1361

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 16 commits into from
Oct 14, 2025
Merged

Security Detection Rule Updates #1361

merged 16 commits into from
Oct 14, 2025

Conversation

nick-benoit
Copy link
Contributor

@nick-benoit nick-benoit commented Oct 13, 2025
edited
Loading

  • Add support for threat
  • Gracefully support query not being set
  • Add esql specific validations to reject unsupported fields index and filters
  • Add computed to action frequency to handle kibana provided defaults
  • Add anomaly detection validation for required anomaly_threshold
  • Add support for timeline_id and timeline_title fields
  • Mark threat_query as computed to handle api provided default ""

Each change is self contained in a single commit, so it might be easier to review each separately.

Note: In general we want to move away from adding validations in models_* files I added some here due to time constraints. As part of the next milestone I plan to swap these out for validations at the schema level.

@nick-benoit nick-benoit force-pushed the security-detection-rule-updates branch from c7799a4 to 9937ac5 Compare October 13, 2025 18:54
@nick-benoit nick-benoit changed the title Security Detection Rule Updates (WIP) Security Detection Rule Updates Oct 13, 2025
@nick-benoit nick-benoit force-pushed the security-detection-rule-updates branch from be8d600 to d5f8971 Compare October 14, 2025 01:08
@nick-benoit nick-benoit requested a review from tobio October 14, 2025 02:50
@nick-benoit nick-benoit changed the title (WIP) Security Detection Rule Updates Security Detection Rule Updates Oct 14, 2025
@nick-benoit nick-benoit marked this pull request as ready for review October 14, 2025 02:55
tobio
tobio reviewed Oct 14, 2025
View reviewed changes
Copy link
Member

@tobio tobio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need a changelog entry as well.

internal/kibana/security_detection_rule/models_from_api_type_utils.go
}

// convertThreatToModel converts kbapi.SecurityDetectionsAPIThreatArray to Terraform model
func convertThreatToModel(ctx context.Context, apiThreats *kbapi.SecurityDetectionsAPIThreatArray) (types.List, diag.Diagnostics) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Gemini_Generated_Image_v2i0h9v2i0h9v2i0

nick-benoit and others added 8 commits October 13, 2025 21:05
@nick-benoit @tobio
Update internal/kibana/security_detection_rule/models_to_api_type_uti…
a679357 
…ls.go

Co-authored-by: Toby Brain <[email protected]>
@nick-benoit @tobio
Update internal/kibana/security_detection_rule/models_to_api_type_uti…
1d41849 
…ls.go

Co-authored-by: Toby Brain <[email protected]>
@nick-benoit @tobio
Update internal/kibana/security_detection_rule/models_to_api_type_uti…
b0d7855 
…ls.go

Co-authored-by: Toby Brain <[email protected]>
@nick-benoit @tobio
Update internal/kibana/security_detection_rule/models_to_api_type_uti…
2661016 
…ls.go

Co-authored-by: Toby Brain <[email protected]>
@nick-benoit @tobio
Update internal/kibana/security_detection_rule/models_esql.go
dbc2f7c 
Co-authored-by: Toby Brain <[email protected]>
@nick-benoit @tobio
Update internal/kibana/security_detection_rule/models_esql.go
ad42408 
Co-authored-by: Toby Brain <[email protected]>
@nick-benoit @tobio
Update internal/kibana/security_detection_rule/models_machine_learnin…
f1efd73 
…g.go

Co-authored-by: Toby Brain <[email protected]>
@nick-benoit
Update changelog
4e9621a
@nick-benoit
Copy link
Contributor Author

We need a changelog entry as well.

Added changelog: 4e9621a

@nick-benoit nick-benoit merged commit 8b7875c into main Oct 14, 2025
54 checks passed
@nick-benoit nick-benoit deleted the security-detection-rule-updates branch October 14, 2025 12:52
@nick-benoit nick-benoit mentioned this pull request Oct 14, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tobio tobio tobio approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nick-benoit @tobio