Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[RFC] Threat Enrichment - Stage 2 #1460

Merged
merged 5 commits into from
Jun 24, 2021
Merged

[RFC] Threat Enrichment - Stage 2 #1460

merged 5 commits into from
Jun 24, 2021

Conversation

rylnd
Copy link
Contributor

@rylnd rylnd commented Jun 15, 2021
edited
Loading

As follow up to #1400, this is the stage 2 RFC for threat enrichment. I believe that most of the stage 2 work has already been done, but I'm happy to be told otherwise.

RFC Preview

TODO

  • If submitting schema/fields updates, have you generated new artifacts by running make and committed those changes?
  • Have you added an entry to the CHANGELOG.next.md?

@rylnd rylnd added the RFC label Jun 15, 2021
@rylnd
Copy link
Contributor Author

rylnd commented Jun 15, 2021

@ebeahan my first question for stage 2 is: should this PR promote the declared fields so that they are included as beta fields, or is that done once this is merged (a la #1438) ?

@ebeahan
Copy link
Member

ebeahan commented Jun 16, 2021

@rylnd We've found separating the RFC PR from the implementation PR is cleaner, and it lets us focus more on the content and details of the proposal vs. clogging up the RFC discussion with potential ECS build issues, testing, tooling challenges, etc.

@rylnd rylnd mentioned this pull request Jun 17, 2021
Open
devonakerr
devonakerr approved these changes Jun 24, 2021
View reviewed changes
Copy link

@devonakerr devonakerr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor updates reflecting the stage advancement of this RFC look good to me.

ebeahan
ebeahan approved these changes Jun 24, 2021
View reviewed changes
Copy link
Member

@ebeahan ebeahan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

Review Criteria for Stage 2

  • Opened pull request for this draft revising the existing proposal
  • Completed field definitions
  • Included a real world example source document
  • Identifies scope of impact of changes to ingestion mechanisms (e.g. beats/logstash), usage mechanisms (e.g. Kibana applications, detections), and the ECS project (e.g. docs, tooling)
  • Subject matter experts weighed in on technical utility of field definitions in the pull request

@ebeahan ebeahan merged commit 04c4c9c into elastic:master Jun 24, 2021
@ebeahan ebeahan mentioned this pull request Jun 24, 2021
Merged
@rylnd rylnd deleted the threat-enrichment-stage-2 branch June 24, 2021 21:48
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@ebeahan ebeahan ebeahan approved these changes

@devonakerr devonakerr devonakerr approved these changes

Assignees
No one assigned
Labels
RFC
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rylnd @ebeahan @devonakerr @djptek