Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Detection Engine][Exceptions] - Update docs for single and shared exceptions #4021

Open
wants to merge 45 commits into
base: main
Choose a base branch
from
Open

[Detection Engine][Exceptions] - Update docs for single and shared exceptions #4021

wants to merge 45 commits into from

Conversation

nastasha-solomon
Copy link
Contributor

@nastasha-solomon nastasha-solomon commented Oct 9, 2023
edited
Loading

Fixes #3491.

Previews:

  • Elastic Security APIs: Refreshed the description for the Detections API since it technically allows users to manage rule exceptions for individual rules
  • Detections API: Added endpoints for creating a default exception list and creating exception items for a single rule
  • Create a default exception list for a rule: New page that shows how to create an exception list for a single rule (a default exception list)
  • Create exceptions for individual rules: New page that shows how to create exception items that you can add to a default exception list
  • Create exception container | Request body: Added the rule_default value to the type parameter description. Users would enter this value if they wanted the exception container to hold single-rule exception lists (i.e., the default exception list for a rule).
  • Create exceptions used by multiple rules: Made several changes:
    • Updated the title and intro para to show that this endpoint should be used to create exception items that are shared between multiple rules.
    • Added note to the intro that allows users to find docs for creating single rule exception items and exception items created from lists.
    • Fixed or refreshed docs for the following request params: comments, namespace_type, os_types, tags, and list

@nastasha-solomon nastasha-solomon self-assigned this Oct 9, 2023
@github-actions
Copy link

github-actions bot commented Oct 9, 2023

Documentation previews:

nastasha-solomon and others added 16 commits October 13, 2023 14:16
@nastasha-solomon
Merge branch 'main' into issue-3491-exception-item-list
df3e171
@nastasha-solomon
Merge branch 'main' into issue-3491-exception-item-list
cf640b2
@nastasha-solomon
Update/create exception changes
cc62c0c
@nastasha-solomon
Update docs/detections/api/exceptions/api-create-rule-default-excepti…
692568f 
…on-list.asciidoc
@nastasha-solomon
Merge branch 'main' into issue-3491-exception-item-list
c51783a
@nastasha-solomon
Merge branch 'main' into issue-3491-exception-item-list
9c31311
@nastasha-solomon
Merge branch 'main' into issue-3491-exception-item-list
a41f72e
@nastasha-solomon
Merge branch 'main' into issue-3491-exception-item-list
7ec89a2
@nastasha-solomon
Merge branch 'main' into issue-3491-exception-item-list
a8cd5c5
@nastasha-solomon
Revising intro
d5a7b9a
@nastasha-solomon
Merge branch 'main' into issue-3491-exception-item-list
0503015
@nastasha-solomon
Adding new topic
db76cae
@nastasha-solomon
Merge branch 'main' into issue-3491-exception-item-list
d17654c
@nastasha-solomon
Fixing refs
ee215e5
@nastasha-solomon
Removed duplicate entry
f1a983c
@nastasha-solomon
Merge branch 'main' into issue-3491-exception-item-list
e6788ed
@nastasha-solomon
Copy link
Contributor Author

nastasha-solomon commented Apr 3, 2024
edited
Loading

Hey, @yctercero! These docs are ready for your review when you have a chance. As you're reviewing the docs, there are questions for you here about finding rule IDs and here about an example request. I was also hoping you could tell me whether the following endpoints could also be used to manage exception items added to rule default lists:

If they can, I might need to tweak their intros, plus the descriptions for the detections and exception APIs here.

@nastasha-solomon nastasha-solomon marked this pull request as ready for review April 3, 2024 21:33
@nastasha-solomon nastasha-solomon requested a review from a team as a code owner April 3, 2024 21:33
yctercero
yctercero reviewed Apr 12, 2024
View reviewed changes
docs/detections/api/exceptions/api-create-exception-item.asciidoc
* `process.entity_id`
* `process.parent.entity_id`
* `process.ancestry`
** `file.Ext.quarantine_path`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@caitlinbetz is this still accurate? I know we opened endpoint exceptions up to have less field restrictions, not sure if these still hold.

yctercero
yctercero reviewed Apr 14, 2024
View reviewed changes
docs/siem-apis.asciidoc Outdated Show resolved Hide resolved
@nastasha-solomon nastasha-solomon added Team: Detection Engine Effort: Large Issues that require significant planning, research, writing, and testing Priority: Medium Issues that have relevance, but aren't urgent Effort: Medium Issues that take moderate but not substantial time to complete and removed Effort: Large Issues that require significant planning, research, writing, and testing labels Aug 20, 2024
@nastasha-solomon nastasha-solomon changed the title [Detection Engine][Exceptions] - Document exception item list types API side [Detection Engine][Exceptions] - Update docs for single and shared exceptions Aug 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yctercero yctercero yctercero left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@nastasha-solomon nastasha-solomon

Labels
API Effort: Medium Issues that take moderate but not substantial time to complete Feature: Exceptions Priority: Medium Issues that have relevance, but aren't urgent Team: Detection Engine v8.7.0 v8.8.0 v8.9.0 v8.10.0 v8.11.0 v8.12.0 v8.13.0 v8.14.0 v8.15.0 v8.16.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Detection Engine][Exceptions] - Document exception item list types API side
3 participants
@nastasha-solomon @yctercero @jmikell821