Skip to content

[RFC] Stage 1: Introducing new field in ECS Rule fields#2386

Closed
smriti0321 wants to merge 16 commits intoelastic:mainfrom
smriti0321:rule-fields
Closed

[RFC] Stage 1: Introducing new field in ECS Rule fields#2386
smriti0321 wants to merge 16 commits intoelastic:mainfrom
smriti0321:rule-fields

Conversation

@smriti0321
Copy link
Copy Markdown
Contributor

@smriti0321 smriti0321 commented Sep 20, 2024

  • Have you signed the contributor license agreement? Yes
  • Have you followed the contributor guidelines? Yes
  • For proposing substantial changes or additions to the schema, have you reviewed the RFC process? Yes
  • If submitting code/script changes, have you verified all tests pass locally using make test?
  • If submitting schema/fields updates, have you generated new artifacts by running make and committed those changes?
  • Is your pull request against main? Unless there is a good reason otherwise, we prefer pull requests against main and will backport as needed.
  • Have you added an entry to the CHANGELOG.next.md?

smriti0321 and others added 13 commits April 5, 2024 12:31
@smriti0321 smriti0321 requested a review from a team as a code owner September 20, 2024 11:10
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Nov 20, 2024

Hi!

We just realized that we haven't looked into this PR in a while. We're
sorry!

We're labeling this PR as Stale to make it hit our filters and
make sure we get back to it as soon as possible. In the meantime, it'd
be extremely helpful if you could take a look at it as well and confirm its
relevance. A simple comment with a nice emoji will be enough :+1.

Thank you for your contribution!

@github-actions github-actions Bot added the stale Stale issues and pull requests label Nov 20, 2024
@smriti0321 smriti0321 removed the stale Stale issues and pull requests label Nov 20, 2024
@mjwolf mjwolf added the RFC label Nov 26, 2024
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jan 26, 2025

Hi!

We just realized that we haven't looked into this PR in a while. We're
sorry!

We're labeling this PR as Stale to make it hit our filters and
make sure we get back to it as soon as possible. In the meantime, it'd
be extremely helpful if you could take a look at it as well and confirm its
relevance. A simple comment with a nice emoji will be enough :+1.

Thank you for your contribution!

@github-actions github-actions Bot added the stale Stale issues and pull requests label Jan 26, 2025
mjwolf
mjwolf reviewed Feb 12, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@mjwolf mjwolf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@smriti0321, could you also update https://github.com/elastic/ecs/blob/main/rfcs/text/0046-additional-rule-field.md to add some examples of usage, source data and the other criteria from here: https://elastic.github.io/ecs/stages.html

Comment thread rfcs/text/0046/rule.yml Outdated
fields:
- name: remediation
level: extended
type: wildcard
Copy link
Copy Markdown
Contributor

@mjwolf mjwolf Feb 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would remediations usually be human-readable? In that case, using text type could be better than wildcard: https://www.elastic.co/guide/en/elasticsearch/reference/current/keyword.html#wildcard-field-type

Copy link
Copy Markdown
Contributor Author

@smriti0321 smriti0321 Feb 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mjwolf I have created a PR (#2448) for the suggested changes in https://github.com/elastic/ecs/blob/main/rfcs/text/0046-additional-rule-field.md. Please let me know if thats the right way.

@github-actions github-actions Bot removed the stale Stale issues and pull requests label Feb 13, 2025
smriti0321 added a commit that referenced this pull request Feb 14, 2025
@smriti0321
Update 0046-additional-rule-field.md
bfae1d2 
As per comment (#2386 (review)) on Stage 1 of this RFC. Adding the usage, source data and scope of impact
@smriti0321 smriti0321 mentioned this pull request Feb 14, 2025
Closed
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 16, 2025

Hi!

We just realized that we haven't looked into this PR in a while. We're
sorry!

We're labeling this PR as Stale to make it hit our filters and
make sure we get back to it as soon as possible. In the meantime, it'd
be extremely helpful if you could take a look at it as well and confirm its
relevance. A simple comment with a nice emoji will be enough :+1.

Thank you for your contribution!

@github-actions github-actions Bot added the stale Stale issues and pull requests label Apr 16, 2025
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 20, 2026

This PR has been automatically closed due to inactivity. If you'd like to
continue working on this, feel free to re-open the PR or create a new one.

Thank you for your contribution!

@github-actions github-actions Bot closed this Mar 20, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mjwolf mjwolf mjwolf left review comments

@trisch-me trisch-me Awaiting requested review from trisch-me

@ebeahan ebeahan Awaiting requested review from ebeahan

Assignees

No one assigned

Labels

RFC stale Stale issues and pull requests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@smriti0321 @mjwolf @ebeahan @trisch-me