[Rule Tuning] Remove timestamp_override for endgame-* promotion rules #951
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rw-access
reviewed
Feb 17, 2021
| "sha256": "d4b0108faa80fc35468cc5cfbbaf48b4db4dad7d1373cf48388752568eb83c98", | ||
| "version": 5 | ||
| "sha256": "adcd895329cc4d1c41bc4bf8b75404c838823731713fa11f3d3b671dd24cc31d", | ||
| "version": 4 |
There was a problem hiding this comment.
so this one went backwards to 4 because the rule was un-changed, because it was endgame.
this took me a second but makes sense
There was a problem hiding this comment.
also @paulewing should this rule be renamed to - Elastic Endgame?
rw-access
approved these changes
Feb 17, 2021
bm11100
approved these changes
Feb 17, 2021
spong
approved these changes
Feb 17, 2021
1 task
brokensound77
added a commit
that referenced
this pull request
Feb 17, 2021
* lock versions for rule changes in v7.11.0 (#947) * [Rule Tuning] 7.11.2: Add timestamp_override to all query and non-sequence EQL rules (#948) * [Rule Tuning] Add timestamp_override field to 7.11.0 rules * Lock versions for 7.11.2 rules * [Rule Tuning] Remove timestamp_override for endgame-* promotion rules (#951)
spong
pushed a commit
to elastic/kibana
that referenced
this pull request
Feb 18, 2021
#91771) ## Summary Pulls updates from elastic/detection-rules#951. This basically reverts the changes made in #91553 for _only_ the endgame promotion rules ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Feb 18, 2021
elastic#91771) ## Summary Pulls updates from elastic/detection-rules#951. This basically reverts the changes made in elastic#91553 for _only_ the endgame promotion rules ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md)
kibanamachine
added a commit
to elastic/kibana
that referenced
this pull request
Feb 18, 2021
#91771) (#91784) ## Summary Pulls updates from elastic/detection-rules#951. This basically reverts the changes made in #91553 for _only_ the endgame promotion rules ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md) Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issues
related to elastic/kibana#91597
Summary
Removed the
timestamp_overridefield from allendgame-*promotion rules, because the field is not mapped.I also very carefully reset the hashes and versions of these files to their previous state, so as not to double bump (since these have not yet been released). The more eyes on this the merrier (a good reference point - the last lock before the previous changes)
The
updated_datewas also fixed with the correct year (but this is inconsequential to the rules in Kibana as that field is used only locally at this point)