detection-rules icon indicating copy to clipboard operation
detection-rules copied to clipboard
verified publisher icon elastic

[Meta] Integration Validation Refactoring

Open eric-forte-elastic opened this issue 1 year ago • 6 comments

Related Issue

https://github.com/elastic/detection-rules/issues/3618

This is a decoupled issue from https://github.com/elastic/detection-rules/issues/3618 to reduce the complexity of the PR review and to more atomically test the changes. Additionally this captures the desire to refactor to make this process smoother while decoupling it from other approaches to solving BYOS.

Summary

We may need to refactor the integrations validation for increased performance and ease of maintenance. This issue is to track the 4 steps needed to address this concern.

Tasks

  • [ ] 1. Investigation: Does the integrations validation take a significant amount of the Rule Loader's computational time
  • [ ] 2. LOE determination: Is the return worth the effort, can it be done efficiently
  • [ ] 3. Refactor Design
  • [ ] 4. Implementation

Open issues

  • https://github.com/elastic/detection-rules/issues/2606
  • https://github.com/elastic/detection-rules/issues/2763

Steps/tasks 1-2 should take approximately half a sprint to complete, with the LOE cutoff for proceeding being 1 full sprint of refactoring work.

eric-forte-elastic avatar May 15 '24 15:05 eric-forte-elastic

Is this really related DAC or should this target main?

Mikaayenson avatar May 15 '24 22:05 Mikaayenson

Is this really related DAC or should this target main?

Good point! This should target main :+1:

eric-forte-elastic avatar May 16 '24 00:05 eric-forte-elastic

This might be a duplicate of (or should be added as part of #3556

brokensound77 avatar Jun 12 '24 16:06 brokensound77

We should make this measurable and time bound in the design of this (potentially even making this a meta itself).

  • What code refactors specifically for maintenance do we want to do
  • What specific performance refactors will we include.

IMO this is still very ambiguous, so we should design and decide on what do move forward on.

Mikaayenson avatar Jun 13 '24 17:06 Mikaayenson

We should make this measurable and time bound in the design of this (potentially even making this a meta itself).

  • What code refactors specifically for maintenance do we want to do
  • What specific performance refactors will we include.

IMO this is still very ambiguous, so we should design and decide on what do move forward on.

Updated to make this a meta and have time bound constraints for implementation.

eric-forte-elastic avatar Jun 13 '24 21:06 eric-forte-elastic

Update 10/9/24

Deprioritized in favor of Falco integration work PM request, moving to Q3.

eric-forte-elastic avatar Oct 09 '24 13:10 eric-forte-elastic

Closing in favor of https://github.com/elastic/detection-rules/issues/3556

Mikaayenson avatar Sep 05 '25 16:09 Mikaayenson