Skip to content

[FR] Make rules/ directory configurable #1342

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
rw-access opened this issue Jul 14, 2021 · 9 comments · Fixed by #3407
Closed

[FR] Make rules/ directory configurable #1342

rw-access opened this issue Jul 14, 2021 · 9 comments · Fixed by #3407
Assignees
@eric-forte-elastic
Labels
enhancement New feature or request python Internal python for the repository stale 60 days of inactivity

Comments

@rw-access
Copy link
Contributor

rw-access commented Jul 14, 2021
edited by brokensound77
Loading

related to #3298

Is your feature request related to a problem? Please describe.
If we could make the rules/ directory we could make this repository much more configurable, and allow our users and contributors to build their own set of rules, without having to deal with a messy fork. Instead, you could point python -m detection_rules at your own folder, which would contain a config, version lock and all of the TOML rules

Describe the solution you'd like
An environment variable is a good start, something like DETECTION_RULES_DIR=~/MyRules.toml. And we can move the version lock, packages.yml, etc. all inside that folder.

Describe alternatives you've considered

Additional context
Feature request for Git synchronization, which motivated this use case #362. When synchronizing, you could simply point to your own directory and everything would just magically sync from local <--> Kibana. We can detect conflicts as well.
@rw-access rw-access added enhancement New feature or request python Internal python for the repository labels Jul 14, 2021
@rw-access rw-access self-assigned this Jul 14, 2021
@botelastic
Copy link

botelastic bot commented Sep 12, 2021

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@botelastic botelastic bot added the stale 60 days of inactivity label Sep 12, 2021
@brokensound77 brokensound77 removed the stale 60 days of inactivity label Sep 14, 2021
@botelastic
Copy link

botelastic bot commented Nov 13, 2021

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@botelastic botelastic bot added the stale 60 days of inactivity label Nov 13, 2021
@botelastic
Copy link

botelastic bot commented Nov 20, 2021

This has been closed due to inactivity. If you feel this is an error, please re-open and include a justifying comment.

@botelastic botelastic bot closed this as completed Nov 20, 2021
@brokensound77 brokensound77 reopened this Nov 22, 2021
@botelastic botelastic bot removed the stale 60 days of inactivity label Nov 22, 2021
@botelastic
Copy link

botelastic bot commented Jan 21, 2022

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@botelastic botelastic bot added the stale 60 days of inactivity label Jan 21, 2022
@botelastic
Copy link

botelastic bot commented Jan 28, 2022

This has been closed due to inactivity. If you feel this is an error, please re-open and include a justifying comment.

@botelastic botelastic bot closed this as completed Jan 28, 2022
@brokensound77 brokensound77 reopened this Jan 28, 2022
@botelastic botelastic bot removed the stale 60 days of inactivity label Jan 28, 2022
@Mikaayenson
Copy link
Contributor

One approach we discussed was updating relative paths to a central config file within rulelib and importing the config file from rulelib in detection/endpoint rules repos to override any shared config params. This would cover the DETECTION_RULES_DIR use case.

@Mikaayenson Mikaayenson mentioned this issue Nov 30, 2023
Closed
@brokensound77 brokensound77 mentioned this issue Jan 28, 2024
Merged
@brokensound77
Copy link
Contributor

This was completed in #3407 - however, since it remains in a feature branch during testing, we can leave the issue open until merged to main (or deemed as not viable)

@botelastic
Copy link

botelastic bot commented Jul 1, 2024

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@botelastic botelastic bot added the stale 60 days of inactivity label Jul 1, 2024
@botelastic
Copy link

botelastic bot commented Jul 8, 2024

This has been closed due to inactivity. If you feel this is an error, please re-open and include a justifying comment.

@botelastic botelastic bot closed this as completed Jul 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eric-forte-elastic eric-forte-elastic

Labels
enhancement New feature or request python Internal python for the repository stale 60 days of inactivity
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[FR] Refactor to more seamlessly support multiple DAC approaches brokensound77/detection-rules
4 participants
@Mikaayenson @brokensound77 @rw-access @eric-forte-elastic