[EDR Workflows] Automated Actions in more rule types (elastic#191874)

(cherry picked from commit 004631b)
kibanamachine · Sep 18, 2024 · fce9122 · fce9122
1 parent 5cdbd66
commit fce9122
Show file tree

Hide file tree

Showing 33 changed files with 737 additions and 85 deletions.
diff --git a/...erver/integration_tests/__snapshots__/serverless_upgrade_and_rollback_checks.test.ts.snap b/...erver/integration_tests/__snapshots__/serverless_upgrade_and_rollback_checks.test.ts.snap
diff --git a/...ugins/security_solution/common/api/detection_engine/model/rule_schema/rule_schemas.gen.ts b/...ugins/security_solution/common/api/detection_engine/model/rule_schema/rule_schemas.gen.ts
@@ -224,6 +224,7 @@ export const EqlOptionalFields = z.object({
   tiebreaker_field: TiebreakerField.optional(),
   timestamp_field: TimestampField.optional(),
   alert_suppression: AlertSuppression.optional(),
+  response_actions: z.array(ResponseAction).optional(),
 });
 
 export type EqlRuleCreateFields = z.infer<typeof EqlRuleCreateFields>;
@@ -521,6 +522,7 @@ export const NewTermsRuleOptionalFields = z.object({
   data_view_id: DataViewId.optional(),
   filters: RuleFilterArray.optional(),
   alert_suppression: AlertSuppression.optional(),
+  response_actions: z.array(ResponseAction).optional(),
 });
 
 export type NewTermsRuleDefaultableFields = z.infer<typeof NewTermsRuleDefaultableFields>;
@@ -574,6 +576,7 @@ export const EsqlRuleRequiredFields = z.object({
 export type EsqlRuleOptionalFields = z.infer<typeof EsqlRuleOptionalFields>;
 export const EsqlRuleOptionalFields = z.object({
   alert_suppression: AlertSuppression.optional(),
+  response_actions: z.array(ResponseAction).optional(),
 });
 
 export type EsqlRulePatchFields = z.infer<typeof EsqlRulePatchFields>;