From 3f3ff683c9be28ffaa4bd4f6fc1c3667524635e8 Mon Sep 17 00:00:00 2001
From: Stefan Bischof <bipolis@bipolis.org>
Date: Fri, 6 Sep 2024 02:05:16 +0200
Subject: [PATCH 1/3] add license header (#2377)

---
 schemas/device.yml       | 16 ++++++++++++++++
 schemas/email.yml        | 17 +++++++++++++++++
 schemas/risk.yml         | 16 ++++++++++++++++
 schemas/subsets/main.yml | 16 ++++++++++++++++
 4 files changed, 65 insertions(+)

diff --git a/schemas/device.yml b/schemas/device.yml
index 9e9e7613d6..38fe123937 100644
--- a/schemas/device.yml
+++ b/schemas/device.yml
@@ -1,3 +1,19 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# 	http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
 ---
 - name: device
   title: Device
diff --git a/schemas/email.yml b/schemas/email.yml
index 1982edb7d9..82bfd5b219 100644
--- a/schemas/email.yml
+++ b/schemas/email.yml
@@ -1,3 +1,20 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# 	http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+---
 - name: email
   title: Email
   group: 2
diff --git a/schemas/risk.yml b/schemas/risk.yml
index b70640c473..84835f08e2 100644
--- a/schemas/risk.yml
+++ b/schemas/risk.yml
@@ -1,3 +1,19 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# 	http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
 ---
 - name: risk
   title: Risk information
diff --git a/schemas/subsets/main.yml b/schemas/subsets/main.yml
index ebefde9e2e..63b44449fc 100644
--- a/schemas/subsets/main.yml
+++ b/schemas/subsets/main.yml
@@ -1,3 +1,19 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# 	http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
 ---
 name: main
 fields:

From 93453f477a25b1f77a9106c7c822927c362f5ebb Mon Sep 17 00:00:00 2001
From: "elastic-renovate-prod[bot]"
 <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
Date: Fri, 6 Sep 2024 10:46:53 -0700
Subject: [PATCH 2/3] Update actions/setup-python digest to f677139 (#2374)

Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
Co-authored-by: Michael Wolf <michael.wolf@elastic.co>
---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index a804fb2b06..b618b7394b 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -8,7 +8,7 @@ jobs:
     name: Unit Tests
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
-      - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5
+      - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5
         with:
           python-version: '3.x'
       - run: git fetch --prune --unshallow --tags

From 029cf00ada5e63375fe9967632f80ba4cb20efeb Mon Sep 17 00:00:00 2001
From: Smriti <152067238+smriti0321@users.noreply.github.com>
Date: Tue, 10 Sep 2024 12:24:36 +0200
Subject: [PATCH 3/3] [RFC] Stage 0: Introducing new field in rule namespace
 (#2330)

* Update 0000-rfc-template.md

Updating the temaplate for RFC Stage 0 for adding 2 new rule fields: rule.tags and rule.remediation

* Update 0000-rfc-template.md

Incorporating review comments.

* Renaming the template file with recommended name

* Resolving conflicts

* Removing Tag Field

* Resolving comments from @trisch-me

* Moving file to rfcs/text folder as per @trisch-me comment. using next number in series.

* I saw number 44 was used in a recent RFC, using next number in series

---------

Co-authored-by: Eric Beahan <eric.beahan@elastic.co>
Co-authored-by: Alexandra Konrad <alexandra.konrad@elastic.co>
---
 .../0046-additional-rule-field.md}            | 44 +++++++------------
 1 file changed, 16 insertions(+), 28 deletions(-)
 rename rfcs/{0000-rfc-template.md => text/0046-additional-rule-field.md} (63%)

diff --git a/rfcs/0000-rfc-template.md b/rfcs/text/0046-additional-rule-field.md
similarity index 63%
rename from rfcs/0000-rfc-template.md
rename to rfcs/text/0046-additional-rule-field.md
index 1ac7c95052..f9354ce2f2 100644
--- a/rfcs/0000-rfc-template.md
+++ b/rfcs/text/0046-additional-rule-field.md
@@ -1,35 +1,27 @@
-# 0000: Name of RFC
+# 0000: Additional Rule Field
 <!-- Leave this ID at 0000. The ECS team will assign a unique, contiguous RFC number upon merging the initial stage of this RFC. -->
 
 - Stage: **0 (strawperson)** <!-- Update to reflect target stage. See https://elastic.github.io/ecs/stages.html -->
 - Date: **TBD** <!-- The ECS team sets this date at merge time. This is the date of the latest stage advancement. -->
 
-<!--
-As you work on your RFC, use the "Stage N" comments to guide you in what you should focus on, for the stage you're targeting.
-Feel free to remove these comments as you go along.
--->
+
 
 <!--
 Stage 0: Provide a high level summary of the premise of these changes. Briefly describe the nature, purpose, and impact of the changes. ~2-5 sentences.
 -->
+This RFC proposes addition of 1 new field (rule.remediation) in rule fieldset to the Elastic Common Schema (ECS). The goal of this field is to provide more context to the users in the rule fieldset, rule.remediation will be used to capture the remediation instructions associated with rules, it is generally provided by the benchmark or framework from which the rule is published. 
 
-<!--
-Stage 1: If the changes include field additions or modifications, please create a folder titled as the RFC number under rfcs/text/. This will be where proposed schema changes as standalone YAML files or extended example mappings and larger source documents will go as the RFC is iterated upon.
--->
 
-<!--
-Stage X: Provide a brief explanation of why the proposal is being marked as abandoned. This is useful context for anyone revisiting this proposal or considering similar changes later on.
--->
 
 ## Fields
 
-<!--
-Stage 1: Describe at a high level how this change affects fields. Include new or updated yml field definitions for all of the essential fields in this draft. While not exhaustive, the fields documented here should be comprehensive enough to deeply evaluate the technical considerations of this change. The goal here is to validate the technical details for all essential fields and to provide a basis for adding experimental field definitions to the schema. Use GitHub code blocks with yml syntax formatting, and add them to the corresponding RFC folder.
--->
+The `rule` fields being proposed are as follows:
+
+Field | Type | Example | Description/Usage
+-- | -- | -- | --
+rule.remediation | array | Enable encryption on all S3 buckets | Used to capture remediation instructions that come from the benchmark / framework the rule is from 
+
 
-<!--
-Stage 2: Add or update all remaining field definitions. The list should now be exhaustive. The goal here is to validate the technical details of all remaining fields and to provide a basis for releasing these field definitions as beta in the schema. Use GitHub code blocks with yml syntax formatting, and add them to the corresponding RFC folder.
--->
 
 ## Usage
 
@@ -79,25 +71,21 @@ Stage 3: Document resolutions for all existing concerns. Any new concerns should
 
 The following are the people that consulted on the contents of this RFC.
 
-* TBD | author
+* @smriti0321 | author
+* @tinnytintin10 | Product Manager
+* @oren-zohar | Engineering Manager
+* @orouz | Engineer
+* @trisch-me | Security ECS team
 
-<!--
-Who will be or has been consulted on the contents of this RFC? Identify authorship and sponsorship, and optionally identify the nature of involvement of others. Link to GitHub aliases where possible. This list will likely change or grow stage after stage.
 
-e.g.:
-
-* @Yasmina | author
-* @Monique | sponsor
-* @EunJung | subject matter expert
-* @JaneDoe | grammar, spelling, prose
-* @Mariana
--->
 
 
 ## References
 
 <!-- Insert any links appropriate to this RFC in this section. -->
 
+
+
 ### RFC Pull Requests
 
 <!-- An RFC should link to the PRs for each of it stage advancements. -->