Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FR][DAC] Consideration: add exceptions importing from ndjson #3674

Open
Mikaayenson opened this issue May 14, 2024 · 0 comments
Open

[FR][DAC] Consideration: add exceptions importing from ndjson #3674

Mikaayenson opened this issue May 14, 2024 · 0 comments
Labels
detections-as-code enhancement New feature or request

Comments

@Mikaayenson
Copy link
Collaborator

Note: this work will target the DAC-feature branch

related to #3407

This is a consideration and not a commitment to work at this point. We should review the feasibility and supportability. If it is doable and not deemed maintainable, we can move the example code to the DAC reference for users to manually implement.

Currently in the DAC-feature branch, we can manage exception list using a TOML file structure. When rules are exported/imported into kibana, they are uploaded with the rules using the rules API. This is a one way approach that allows users to manage exception list for DAC.

If users want to preserve their existing exceptions (from Kibana) in VCS using a DAC approach, they would have to manually write the exceptions in our TOML format.

It would be great if we could export exceptions (only ones associated to a detection rule), and import into our TOML format.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
detections-as-code enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Mikaayenson