Skip to content

[FR][DAC] Add exceptions importing from ndjson #3674

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Mikaayenson opened this issue May 14, 2024 · 3 comments · Fixed by #3869 or #3870
Closed

[FR][DAC] Add exceptions importing from ndjson #3674

Mikaayenson opened this issue May 14, 2024 · 3 comments · Fixed by #3869 or #3870
Assignees
@eric-forte-elastic
Labels
detections-as-code enhancement New feature or request

Comments

@Mikaayenson
Copy link
Contributor

Note: this work will target the DAC-feature branch

related to #3407

This is a consideration and not a commitment to work at this point. We should review the feasibility and supportability. If it is doable and not deemed maintainable, we can move the example code to the DAC reference for users to manually implement.

Currently in the DAC-feature branch, we can manage exception list using a TOML file structure. When rules are exported/imported into kibana, they are uploaded with the rules using the rules API. This is a one way approach that allows users to manage exception list for DAC.

If users want to preserve their existing exceptions (from Kibana) in VCS using a DAC approach, they would have to manually write the exceptions in our TOML format.

It would be great if we could export exceptions (only ones associated to a detection rule), and import into our TOML format.
@brokensound77 brokensound77 mentioned this issue Jun 12, 2024
Open
@eric-forte-elastic eric-forte-elastic changed the title [FR][DAC] Consideration: add exceptions importing from ndjson [FR][DAC]: add exceptions importing from ndjson Jun 13, 2024
@eric-forte-elastic eric-forte-elastic self-assigned this Jun 13, 2024
@eric-forte-elastic eric-forte-elastic changed the title [FR][DAC]: add exceptions importing from ndjson [FR][DAC]: Add exceptions importing from ndjson Jun 13, 2024
@eric-forte-elastic eric-forte-elastic changed the title [FR][DAC]: Add exceptions importing from ndjson [FR][DAC] Add exceptions importing from ndjson Jun 13, 2024
@eric-forte-elastic
Copy link
Contributor

Update 6/20/24

  • This issue is expected to be in review by July 1st.

@eric-forte-elastic eric-forte-elastic mentioned this issue Jul 3, 2024
Closed
@eric-forte-elastic eric-forte-elastic linked a pull request Jul 3, 2024 that will close this issue
[FR] [DAC] Add exceptions importing from ndjson #3862
Closed
@eric-forte-elastic eric-forte-elastic mentioned this issue Jul 7, 2024
Merged
@eric-forte-elastic eric-forte-elastic removed a link to a pull request Jul 7, 2024
[FR] [DAC] Add exceptions importing from ndjson #3862
Closed
@eric-forte-elastic eric-forte-elastic linked a pull request Jul 7, 2024 that will close this issue
[FR] [DAC] Import Exceptions from API Export and ndjson #3869
Merged
@eric-forte-elastic eric-forte-elastic mentioned this issue Jul 7, 2024
Merged
@eric-forte-elastic
Copy link
Contributor

Update 7/7/24

We are also considering as part of this issue adding support for directly importing and exporting exceptions lists from the CLI in the following PRs:

@eric-forte-elastic eric-forte-elastic linked a pull request Jul 7, 2024 that will close this issue
[FR] [DAC] Add Exceptions Import Support for Kibana and ndjson #3870
Merged
@eric-forte-elastic
Copy link
Contributor

PRs merged, issue development complete.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eric-forte-elastic eric-forte-elastic

Labels
detections-as-code enhancement New feature or request
Projects
None yet
Milestone
No milestone
2 participants
@Mikaayenson @eric-forte-elastic