Skip to content

Security analytics rules improvements#1388

Closed
rodrigofez wants to merge 14 commits intoopensearch-project:mainfrom
wazuh:enhancement/124-security-analytics-rules-improvement
Closed

Security analytics rules improvements#1388
rodrigofez wants to merge 14 commits intoopensearch-project:mainfrom
wazuh:enhancement/124-security-analytics-rules-improvement

Conversation

@rodrigofez
Copy link

@rodrigofez rodrigofez commented Mar 23, 2026

Description

  • Use field array for mitre and compliance sections in rule form.

Issues Resolved

Evidence

MITRE ATT&CK and Compliance form sections

image

Check List

  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

opensearch-trigger-bot bot and others added 14 commits January 30, 2026 11:30
@opensearch-trigger-bot @github-actions
Bumped lodash and lodash-es to 4.17.23. (opensearch-project#1372) (op…
55111de 
…ensearch-project#1373)

(cherry picked from commit a244a38)

Signed-off-by: Thomas Hurney <hurneyt@amazon.com>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
@yenienserrano @asteriscos
@Tostti @Desvelao @gonzaarancibia @guidomodarelli @felipegonzalezmv @Machi3mfl @rodrigofez @Ripdiegozz @FernandoCastilla @Adman23
Migrate main to 3.5.0.0 (#95)
3e281cd 
Signed-off-by: gonzaarancibia <gonzaloarancibia48@gmail.com>
Signed-off-by: Gonzalo Arancibia <72573241+gonzaarancibia@users.noreply.github.com>
Signed-off-by: Federico Rodriguez <federico.rodriguez@wazuh.com>
Signed-off-by: Ian Yenien Serrano <63758389+yenienserrano@users.noreply.github.com>
Signed-off-by: Fernando Castilla <164048568+FernandoCastilla@users.noreply.github.com>
Signed-off-by: Adam Navarro Megías <adam.navarro@wazuh.com>
Signed-off-by: Maximiliano Ibarra <6089438+Machi3mfl@users.noreply.github.com>
Signed-off-by: Diego García <82405377+Ripdiegozz@users.noreply.github.com>
Co-authored-by: Federico Rodriguez <federico.rodriguez@wazuh.com>
Co-authored-by: Nicolas Guevara <nicolas.guevara.pihen@gmail.com>
Co-authored-by: Antonio David Gutiérrez <antonio.gutierrez@wazuh.com>
Co-authored-by: Gonzalo Arancibia <72573241+gonzaarancibia@users.noreply.github.com>
Co-authored-by: Antonio <34042064+Desvelao@users.noreply.github.com>
Co-authored-by: Guido Modarelli <38738725+guidomodarelli@users.noreply.github.com>
Co-authored-by: Felipe Gonzalez <felipegonzalezmv@hotmail.com>
Co-authored-by: gonzaarancibia <gonzaloarancibia48@gmail.com>
Co-authored-by: Maximiliano Ibarra <maximiliano.ibarra@wazuh.com>
Co-authored-by: Rodrigo López <37187963+rodrigofez@users.noreply.github.com>
Co-authored-by: Rodrigo Lopez <rodrigo.lopez@wazuh.com>
Co-authored-by: Diego García <82405377+Ripdiegozz@users.noreply.github.com>
Co-authored-by: Maximiliano Ibarra <6089438+Machi3mfl@users.noreply.github.com>
Co-authored-by: Fernando Castilla <164048568+FernandoCastilla@users.noreply.github.com>
Co-authored-by: Adam Navarro Megías <145340543+Adman23@users.noreply.github.com>
@Desvelao @rodrigofez
@Adman23 @asteriscos
Port the remaining changes into main (#102)
631c0f3 
Signed-off-by: Adam Navarro Megías <adam.navarro@wazuh.com>
Co-authored-by: Rodrigo López <37187963+rodrigofez@users.noreply.github.com>
Co-authored-by: Adam Navarro Megías <145340543+Adman23@users.noreply.github.com>
Co-authored-by: Federico Rodriguez <federico.rodriguez@wazuh.com>
@Ripdiegozz
Add enrichment configuration to spaces (#106)
7945c88
@rodrigofez
Add filters tab to Overview (#108)
4502e8c
@yenienserrano @rodrigofez
Add Space Selector to Detector Creation/Edit Workflow (#111)
55c8815 
Co-authored-by: Rodrigo Lopez <rodrigo.lopez@wazuh.com>
Co-authored-by: Rodrigo López <37187963+rodrigofez@users.noreply.github.com>
@FernandoCastilla @Adman23
Enable Data Streams selection in the "Create Detector" form (#116)
dd95384 
Signed-off-by: Adam Navarro Megías <adam.navarro@wazuh.com>
Co-authored-by: Adam Navarro Megías <adam.navarro@wazuh.com>
@felipegonzalezmv @asteriscos
Normalize metadata (#118)
32ea54e 
Co-authored-by: Federico Rodriguez <federico.rodriguez@wazuh.com>
@Ripdiegozz @felipegonzalezmv @asteriscos
Adapt rules form to support sigma rules (#119)
b07aede 
Co-authored-by: Juan Felipe Gonzalez Ortiz <53414652+felipegonzalezmv@users.noreply.github.com>
Co-authored-by: Federico Rodriguez <federico.rodriguez@wazuh.com>
Co-authored-by: Juan Felipe Gonzalez <felipegonzalezmv@hotmail.com>
@Ripdiegozz @felipegonzalezmv @asteriscos
Integration loses its decoders when promoted from draft to test space (
b19309c 
…#120)

Signed-off-by: Diego García <82405377+Ripdiegozz@users.noreply.github.com>
Co-authored-by: Juan Felipe Gonzalez Ortiz <53414652+felipegonzalezmv@users.noreply.github.com>
Co-authored-by: Federico Rodriguez <federico.rodriguez@wazuh.com>
Co-authored-by: Juan Felipe Gonzalez <felipegonzalezmv@hotmail.com>
@rodrigofez
Change agent metadata property to metadata in log test endpoint (#115)
91f10cc
@Machi3mfl @rodrigofez @asteriscos
Add integration field and services related (#107)
0317f04 
Co-authored-by: Rodrigo Lopez <rodrigo.lopez@wazuh.com>
Co-authored-by: Federico Rodriguez <federico.rodriguez@wazuh.com>
@rodrigofez
[BUG] Fix rearrange integration form (#123)
33744b2
@rodrigofez
refactor: field array instead of editor for mitre and compliance sect…
a919219 
…ions
@rodrigofez rodrigofez closed this Mar 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@amsiglan amsiglan Awaiting requested review from amsiglan amsiglan will be requested when the pull request is marked ready for review amsiglan is a code owner

@AWSHurneyt AWSHurneyt Awaiting requested review from AWSHurneyt AWSHurneyt will be requested when the pull request is marked ready for review AWSHurneyt is a code owner

@getsaurabh02 getsaurabh02 Awaiting requested review from getsaurabh02 getsaurabh02 will be requested when the pull request is marked ready for review getsaurabh02 is a code owner

@lezzago lezzago Awaiting requested review from lezzago lezzago will be requested when the pull request is marked ready for review lezzago is a code owner

@praveensameneni praveensameneni Awaiting requested review from praveensameneni praveensameneni will be requested when the pull request is marked ready for review praveensameneni is a code owner

@sbcd90 sbcd90 Awaiting requested review from sbcd90 sbcd90 will be requested when the pull request is marked ready for review sbcd90 is a code owner

@eirsep eirsep Awaiting requested review from eirsep eirsep will be requested when the pull request is marked ready for review eirsep is a code owner

@riysaxen-amzn riysaxen-amzn Awaiting requested review from riysaxen-amzn riysaxen-amzn will be requested when the pull request is marked ready for review riysaxen-amzn is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@rodrigofez @yenienserrano @Desvelao @Ripdiegozz @FernandoCastilla @felipegonzalezmv @Machi3mfl