diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts new file mode 100644 index 0000000000000..de1c87fcf619d --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen.ts @@ -0,0 +1,583 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +/* + * NOTICE: Do not edit this file manually. + * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. + * + * info: + * title: Perform Rule Upgrade API endpoint + * version: 2023-10-31 + */ + +import { z } from 'zod'; + +import { + RuleSignatureId, + RuleVersion, + RuleName, + RuleTagArray, + RuleDescription, + Severity, + SeverityMapping, + RiskScore, + RiskScoreMapping, + RuleReferenceArray, + RuleFalsePositiveArray, + ThreatArray, + InvestigationGuide, + SetupGuide, + RelatedIntegrationArray, + RequiredFieldArray, + MaxSignals, + BuildingBlockType, + RuleIntervalFrom, + RuleInterval, + RuleExceptionList, + RuleNameOverride, + TimestampOverride, + TimestampOverrideFallbackDisabled, + TimelineTemplateId, + TimelineTemplateTitle, + IndexPatternArray, + DataViewId, + RuleQuery, + QueryLanguage, + RuleFilterArray, + SavedQueryId, + KqlQueryLanguage, +} from '../../model/rule_schema/common_attributes.gen'; +import { + MachineLearningJobId, + AnomalyThreshold, +} from '../../model/rule_schema/specific_attributes/ml_attributes.gen'; +import { + ThreatQuery, + ThreatMapping, + ThreatIndex, + ThreatFilters, + ThreatIndicatorPath, +} from '../../model/rule_schema/specific_attributes/threat_match_attributes.gen'; +import { + NewTermsFields, + HistoryWindowStart, +} from '../../model/rule_schema/specific_attributes/new_terms_attributes.gen'; +import { RuleResponse } from '../../model/rule_schema/rule_schemas.gen'; +import { ErrorSchema } from '../../model/error_schema.gen'; + +export type PickVersionValues = z.infer; +export const PickVersionValues = z.enum(['BASE', 'CURRENT', 'TARGET', 'MERGED']); +export type PickVersionValuesEnum = typeof PickVersionValues.enum; +export const PickVersionValuesEnum = PickVersionValues.enum; + +export type RuleUpgradeSpecifier = z.infer; +export const RuleUpgradeSpecifier = z.object({ + rule_id: RuleSignatureId, + revision: z.number(), + version: RuleVersion, + pick_version: PickVersionValues.optional(), + /** + * Fields that can be customized during the upgrade workflow +as decided in: https://github.com/elastic/kibana/issues/186544 +Fields listed here, which are not specified in the request body, +will default to a `pick_version` of `MERGED`. + + */ + fields: z + .object({ + name: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: RuleName, + }), + ]) + .optional(), + tags: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: RuleTagArray, + }), + ]) + .optional(), + description: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: RuleDescription, + }), + ]) + .optional(), + severity: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: Severity, + }), + ]) + .optional(), + severity_mapping: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: SeverityMapping, + }), + ]) + .optional(), + risk_score: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: RiskScore, + }), + ]) + .optional(), + risk_score_mapping: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: RiskScoreMapping, + }), + ]) + .optional(), + references: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: RuleReferenceArray, + }), + ]) + .optional(), + false_positives: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: RuleFalsePositiveArray, + }), + ]) + .optional(), + threat: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: ThreatArray, + }), + ]) + .optional(), + note: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: InvestigationGuide, + }), + ]) + .optional(), + setup: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: SetupGuide, + }), + ]) + .optional(), + related_integrations: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: RelatedIntegrationArray, + }), + ]) + .optional(), + required_fields: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: RequiredFieldArray, + }), + ]) + .optional(), + max_signals: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: MaxSignals, + }), + ]) + .optional(), + building_block_type: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: BuildingBlockType, + }), + ]) + .optional(), + from: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: RuleIntervalFrom, + }), + ]) + .optional(), + interval: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: RuleInterval, + }), + ]) + .optional(), + exceptions_list: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: RuleExceptionList, + }), + ]) + .optional(), + rule_name_override: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: RuleNameOverride, + }), + ]) + .optional(), + timestamp_override: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: TimestampOverride, + }), + ]) + .optional(), + timestamp_override_fallback_disabled: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: TimestampOverrideFallbackDisabled, + }), + ]) + .optional(), + timeline_id: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: TimelineTemplateId, + }), + ]) + .optional(), + timeline_title: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: TimelineTemplateTitle, + }), + ]) + .optional(), + index: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: IndexPatternArray, + }), + ]) + .optional(), + data_view_id: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: DataViewId, + }), + ]) + .optional(), + query: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: RuleQuery, + }), + ]) + .optional(), + language: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: QueryLanguage, + }), + ]) + .optional(), + filters: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: RuleFilterArray, + }), + ]) + .optional(), + saved_id: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: SavedQueryId, + }), + ]) + .optional(), + machine_learning_job_id: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: MachineLearningJobId, + }), + ]) + .optional(), + anomaly_threshold: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: AnomalyThreshold, + }), + ]) + .optional(), + threat_query: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: ThreatQuery, + }), + ]) + .optional(), + threat_mapping: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: ThreatMapping, + }), + ]) + .optional(), + threat_index: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: ThreatIndex, + }), + ]) + .optional(), + threat_filters: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: ThreatFilters, + }), + ]) + .optional(), + threat_indicator_path: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: ThreatIndicatorPath, + }), + ]) + .optional(), + threat_language: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: KqlQueryLanguage, + }), + ]) + .optional(), + new_terms_fields: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: NewTermsFields, + }), + ]) + .optional(), + history_window_start: z + .union([ + z.object({ + pick_version: PickVersionValues, + }), + z.object({ + pick_version: z.literal('RESOLVED'), + resolved_value: HistoryWindowStart, + }), + ]) + .optional(), + }) + .optional(), +}); + +export type UpgradeSpecificRulesRequest = z.infer; +export const UpgradeSpecificRulesRequest = z.object({ + mode: z.literal('SPECIFIC_RULES'), + rules: z.array(RuleUpgradeSpecifier), + pick_version: PickVersionValues.optional(), +}); + +export type UpgradeAllRulesRequest = z.infer; +export const UpgradeAllRulesRequest = z.object({ + mode: z.literal('ALL_RULES'), + pick_version: PickVersionValues.optional(), +}); + +export type SkipRuleUpgradeReason = z.infer; +export const SkipRuleUpgradeReason = z.enum(['RULE_UP_TO_DATE', 'RULE_NOT_FOUND']); +export type SkipRuleUpgradeReasonEnum = typeof SkipRuleUpgradeReason.enum; +export const SkipRuleUpgradeReasonEnum = SkipRuleUpgradeReason.enum; + +export type SkippedRuleUpgrade = z.infer; +export const SkippedRuleUpgrade = z.object({ + rule_id: z.string(), + reason: SkipRuleUpgradeReason, +}); + +export type PerformRuleUpgradeResponseBody = z.infer; +export const PerformRuleUpgradeResponseBody = z.object({ + summary: z.object({ + total: z.number(), + succeeded: z.number(), + skipped: z.number(), + failed: z.number(), + }), + results: z.object({ + updated: z.array(RuleResponse), + skipped: z.array(SkippedRuleUpgrade), + }), + errors: z.array(ErrorSchema), +}); + +export type PerformRuleUpgradeRequestBody = z.infer; +export const PerformRuleUpgradeRequestBody = z.union([ + UpgradeAllRulesRequest, + UpgradeSpecificRulesRequest, +]); +export type PerformRuleUpgradeRequestBodyInput = z.input; + +export type PerformRuleUpgradeResponse = z.infer; +export const PerformRuleUpgradeResponse = PerformRuleUpgradeResponseBody; diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml new file mode 100644 index 0000000000000..a5b54657e0370 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.schema.yaml @@ -0,0 +1,874 @@ +openapi: 3.0.0 +info: + title: Perform Rule Upgrade API endpoint + version: '1' +paths: + /internal/detection_engine/prebuilt_rules/upgrade/_perform: + post: + x-labels: [ess, serverless] + x-codegen-enabled: true + operationId: PerformRuleUpgrade + summary: Perform rule upgrade + description: Upgrade prebuilt detection rules. + tags: + - Rules API + requestBody: + required: true + content: + application/json: + schema: + oneOf: + - $ref: '#/components/schemas/UpgradeAllRulesRequest' + - $ref: '#/components/schemas/UpgradeSpecificRulesRequest' + responses: + 200: + description: Indicates a successful call. + content: + application/json: + schema: + $ref: '#/components/schemas/PerformRuleUpgradeResponseBody' + +components: + schemas: + PickVersionValues: + type: string + description: | + The version of the rule (or a specific field within a rule) to use for the upgrade. + BASE - The version of a rule authored by Elastic as it is installed from the Prebuilt Security Detection Rules package, with no user customizations. + CURRENT - The version of a rule as it is currently installed on the system. Consists of the base version of the rule plus all user customizations. + TARGET - The updated version of a rule as it is distributed in the next version of the Prebuilt Security Detection Rules package. + MERGED - The output version of a rule (or any of its fields) as a three way merge of the base, current, and target versions. This option is not always possible: if the three way merge results in a conflict which can't be automatically solved, the update will be rejected. + enum: [BASE, CURRENT, TARGET, MERGED] + + RuleUpgradeSpecifier: + type: object + required: + - rule_id + - revision + - version + properties: + rule_id: + description: Rule's unique identifier. Should match the rule's signature ID returned from the Review Rule Upgrade API endpoint. + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleSignatureId' + revision: + description: Rule's current revision number. Should match the rule's revision number returned from the Review Rule Upgrade API endpoint. + type: number + version: + description: The number of the version to which the rule is being upgraded to. Should match the rule's version number returned from the Review Rule Upgrade API endpoint. + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleVersion' + pick_version: + $ref: '#/components/schemas/PickVersionValues' + fields: + type: object + description: | + Fields that can be customized during the upgrade workflow + as decided in: https://github.com/elastic/kibana/issues/186544 + Fields listed here, which are not specified in the request body, + will default to a `pick_version` of `MERGED`. + properties: + name: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleName' + tags: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleTagArray' + description: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleDescription' + severity: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/Severity' + severity_mapping: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/SeverityMapping' + risk_score: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RiskScore' + risk_score_mapping: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RiskScoreMapping' + references: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleReferenceArray' + false_positives: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleFalsePositiveArray' + threat: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/ThreatArray' + note: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/InvestigationGuide' + setup: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/SetupGuide' + related_integrations: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RelatedIntegrationArray' + required_fields: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RequiredFieldArray' + max_signals: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/MaxSignals' + building_block_type: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/BuildingBlockType' + from: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleIntervalFrom' + interval: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleInterval' + exceptions_list: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleExceptionList' + rule_name_override: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleNameOverride' + timestamp_override: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimestampOverride' + timestamp_override_fallback_disabled: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimestampOverrideFallbackDisabled' + timeline_id: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimelineTemplateId' + timeline_title: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/TimelineTemplateTitle' + index: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/IndexPatternArray' + data_view_id: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/DataViewId' + query: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleQuery' + language: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/QueryLanguage' + filters: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/RuleFilterArray' + saved_id: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/SavedQueryId' + machine_learning_job_id: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/ml_attributes.schema.yaml#/components/schemas/MachineLearningJobId' + anomaly_threshold: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/ml_attributes.schema.yaml#/components/schemas/AnomalyThreshold' + threat_query: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatQuery' + threat_mapping: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatMapping' + threat_index: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatIndex' + threat_filters: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatFilters' + threat_indicator_path: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/threat_match_attributes.schema.yaml#/components/schemas/ThreatIndicatorPath' + threat_language: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/common_attributes.schema.yaml#/components/schemas/KqlQueryLanguage' + new_terms_fields: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/new_terms_attributes.schema.yaml#/components/schemas/NewTermsFields' + history_window_start: + oneOf: + - type: object + required: + - pick_version + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + - type: object + required: + - pick_version + - resolved_value + properties: + pick_version: + type: string + enum: [RESOLVED] + resolved_value: + $ref: '../../model/rule_schema/specific_attributes/new_terms_attributes.schema.yaml#/components/schemas/HistoryWindowStart' + + + + UpgradeSpecificRulesRequest: + type: object + required: + - mode + - rules + properties: + mode: + type: string + enum: [SPECIFIC_RULES] + rules: + type: array + items: + $ref: '#/components/schemas/RuleUpgradeSpecifier' + pick_version: + $ref: '#/components/schemas/PickVersionValues' + + UpgradeAllRulesRequest: + type: object + required: + - mode + properties: + mode: + type: string + enum: [ALL_RULES] + pick_version: + $ref: '#/components/schemas/PickVersionValues' + + SkipRuleUpgradeReason: + type: string + enum: [RULE_UP_TO_DATE, RULE_NOT_FOUND] + + SkippedRuleUpgrade: + type: object + required: + - rule_id + - reason + properties: + rule_id: + type: string + reason: + $ref: '#/components/schemas/SkipRuleUpgradeReason' + + PerformRuleUpgradeResponseBody: + type: object + required: + - summary + - results + - errors + properties: + summary: + type: object + required: + - total + - succeeded + - skipped + - failed + properties: + total: + type: number + succeeded: + type: number + skipped: + type: number + failed: + type: number + results: + type: object + required: + - updated + - skipped + properties: + updated: + type: array + items: + $ref: '../../model/rule_schema/rule_schemas.schema.yaml#/components/schemas/RuleResponse' + skipped: + type: array + items: + $ref: '#/components/schemas/SkippedRuleUpgrade' + errors: + type: array + items: + $ref: '../../model/error_schema.schema.yaml#/components/schemas/ErrorSchema' \ No newline at end of file diff --git a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml index 406cb3ac5c913..9f614b2d943b9 100644 --- a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml @@ -772,6 +772,28 @@ paths: summary: Import detection rules tags: - Import/Export API + /api/detection_engine/rules/prebuilt/_perform_upgrade: + post: + description: Upgrade prebuilt detection rules. + operationId: PerformRuleUpgrade + requestBody: + content: + application/json: + schema: + oneOf: + - $ref: '#/components/schemas/UpgradeAllRulesRequest' + - $ref: '#/components/schemas/UpgradeSpecificRulesRequest' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PerformRuleUpgradeResponseBody' + description: Indicates a successful call. + summary: Perform rule upgrade + tags: + - Rules API /api/detection_engine/rules/prepackaged: put: description: Install and update all Elastic prebuilt detection rules and Timelines. @@ -4175,6 +4197,54 @@ components: required: - action_type_id - params + PerformRuleUpgradeResponseBody: + type: object + properties: + errors: + items: + $ref: '#/components/schemas/ErrorSchema' + type: array + results: + type: object + properties: + skipped: + items: + $ref: '#/components/schemas/SkippedRuleUpgrade' + type: array + updated: + items: + $ref: '#/components/schemas/RuleResponse' + type: array + required: + - updated + - skipped + summary: + type: object + properties: + failed: + type: number + skipped: + type: number + succeeded: + type: number + total: + type: number + required: + - total + - succeeded + - skipped + - failed + required: + - summary + - results + - errors + PickVersionValues: + enum: + - BASE + - CURRENT + - TARGET + - MERGED + type: string PlatformErrorResponse: type: object properties: @@ -4213,6 +4283,13 @@ components: required: - command - config + QueryLanguage: + enum: + - kuery + - lucene + - eql + - esql + type: string QueryRule: allOf: - type: object @@ -5225,6 +5302,789 @@ components: - $ref: '#/components/schemas/EsqlRuleUpdateProps' discriminator: propertyName: type + RuleUpgradeSpecifier: + type: object + properties: + fields: + description: | + Fields that can be customized during the upgrade workflow + as decided in: https://github.com/elastic/kibana/issues/186544 + Fields listed here, which are not specified in the request body, + will default to a `pick_version` of `MERGED`. + type: object + properties: + anomaly_threshold: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/AnomalyThreshold' + required: + - pick_version + - resolved_value + building_block_type: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/BuildingBlockType' + required: + - pick_version + - resolved_value + data_view_id: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/DataViewId' + required: + - pick_version + - resolved_value + description: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/RuleDescription' + required: + - pick_version + - resolved_value + exceptions_list: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/RuleExceptionList' + required: + - pick_version + - resolved_value + false_positives: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/RuleFalsePositiveArray' + required: + - pick_version + - resolved_value + filters: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/RuleFilterArray' + required: + - pick_version + - resolved_value + from: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/RuleIntervalFrom' + required: + - pick_version + - resolved_value + history_window_start: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/HistoryWindowStart' + required: + - pick_version + - resolved_value + index: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/IndexPatternArray' + required: + - pick_version + - resolved_value + interval: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/RuleInterval' + required: + - pick_version + - resolved_value + language: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/QueryLanguage' + required: + - pick_version + - resolved_value + machine_learning_job_id: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/MachineLearningJobId' + required: + - pick_version + - resolved_value + max_signals: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/MaxSignals' + required: + - pick_version + - resolved_value + name: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/RuleName' + required: + - pick_version + - resolved_value + new_terms_fields: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/NewTermsFields' + required: + - pick_version + - resolved_value + note: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/InvestigationGuide' + required: + - pick_version + - resolved_value + query: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/RuleQuery' + required: + - pick_version + - resolved_value + references: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/RuleReferenceArray' + required: + - pick_version + - resolved_value + related_integrations: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/RelatedIntegrationArray' + required: + - pick_version + - resolved_value + required_fields: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/RequiredFieldArray' + required: + - pick_version + - resolved_value + risk_score: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/RiskScore' + required: + - pick_version + - resolved_value + risk_score_mapping: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/RiskScoreMapping' + required: + - pick_version + - resolved_value + rule_name_override: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/RuleNameOverride' + required: + - pick_version + - resolved_value + saved_id: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/SavedQueryId' + required: + - pick_version + - resolved_value + setup: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/SetupGuide' + required: + - pick_version + - resolved_value + severity: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/Severity' + required: + - pick_version + - resolved_value + severity_mapping: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/SeverityMapping' + required: + - pick_version + - resolved_value + tags: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/RuleTagArray' + required: + - pick_version + - resolved_value + threat: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/ThreatArray' + required: + - pick_version + - resolved_value + threat_filters: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/ThreatFilters' + required: + - pick_version + - resolved_value + threat_index: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/ThreatIndex' + required: + - pick_version + - resolved_value + threat_indicator_path: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/ThreatIndicatorPath' + required: + - pick_version + - resolved_value + threat_language: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/KqlQueryLanguage' + required: + - pick_version + - resolved_value + threat_mapping: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/ThreatMapping' + required: + - pick_version + - resolved_value + threat_query: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/ThreatQuery' + required: + - pick_version + - resolved_value + timeline_id: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/TimelineTemplateId' + required: + - pick_version + - resolved_value + timeline_title: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/TimelineTemplateTitle' + required: + - pick_version + - resolved_value + timestamp_override: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/TimestampOverride' + required: + - pick_version + - resolved_value + timestamp_override_fallback_disabled: + oneOf: + - type: object + properties: + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - pick_version + - type: object + properties: + pick_version: + enum: + - RESOLVED + type: string + resolved_value: + $ref: '#/components/schemas/TimestampOverrideFallbackDisabled' + required: + - pick_version + - resolved_value + pick_version: + $ref: '#/components/schemas/PickVersionValues' + revision: + type: number + rule_id: + $ref: '#/components/schemas/RuleSignatureId' + version: + $ref: '#/components/schemas/RuleVersion' + required: + - rule_id + - revision + - version RuleVersion: description: The rule's version number. minimum: 1 @@ -5777,6 +6637,21 @@ components: type: string required: - index + SkippedRuleUpgrade: + type: object + properties: + reason: + $ref: '#/components/schemas/SkipRuleUpgradeReason' + rule_id: + type: string + required: + - rule_id + - reason + SkipRuleUpgradeReason: + enum: + - RULE_UP_TO_DATE + - RULE_NOT_FOUND + type: string SortOrder: enum: - asc @@ -6901,6 +7776,33 @@ components: TimestampOverrideFallbackDisabled: description: Disables the fallback to the event's @timestamp field type: boolean + UpgradeAllRulesRequest: + type: object + properties: + mode: + enum: + - ALL_RULES + type: string + pick_version: + $ref: '#/components/schemas/PickVersionValues' + required: + - mode + UpgradeSpecificRulesRequest: + type: object + properties: + mode: + enum: + - SPECIFIC_RULES + type: string + pick_version: + $ref: '#/components/schemas/PickVersionValues' + rules: + items: + $ref: '#/components/schemas/RuleUpgradeSpecifier' + type: array + required: + - mode + - rules UUID: description: A universally unique identifier format: uuid diff --git a/x-pack/test/api_integration/services/security_solution_api.gen.ts b/x-pack/test/api_integration/services/security_solution_api.gen.ts index bd66aa39f2f2a..db2c2cfd8b0ea 100644 --- a/x-pack/test/api_integration/services/security_solution_api.gen.ts +++ b/x-pack/test/api_integration/services/security_solution_api.gen.ts @@ -73,6 +73,7 @@ import { PerformBulkActionRequestQueryInput, PerformBulkActionRequestBodyInput, } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.gen'; +import { PerformRuleUpgradeRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.gen'; import { PreviewRiskScoreRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/risk_engine/preview_route.gen'; import { ReadRuleRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/read_rule/read_rule_route.gen'; import { RulePreviewRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_preview/rule_preview.gen'; @@ -560,6 +561,17 @@ detection engine rules. .send(props.body as object) .query(props.query); }, + /** + * Upgrade prebuilt detection rules. + */ + performRuleUpgrade(props: PerformRuleUpgradeProps) { + return supertest + .post('/api/detection_engine/rules/prebuilt/_perform_upgrade') + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, /** * Calculates and returns a list of Risk Scores, sorted by identifier_type and risk score. */ @@ -800,6 +812,9 @@ export interface PerformBulkActionProps { query: PerformBulkActionRequestQueryInput; body: PerformBulkActionRequestBodyInput; } +export interface PerformRuleUpgradeProps { + body: PerformRuleUpgradeRequestBodyInput; +} export interface PreviewRiskScoreProps { body: PreviewRiskScoreRequestBodyInput; }