Skip to content

Backlog/v12 rule after events#2325

Merged
AlexSanchez-bit merged 5 commits into
release/v12.0.0from
backlog/v12_rule_after_events
Jul 9, 2026
Merged

Backlog/v12 rule after events#2325
AlexSanchez-bit merged 5 commits into
release/v12.0.0from
backlog/v12_rule_after_events

Conversation

@AlexSanchez-bit

Copy link
Copy Markdown
Contributor

No description provided.

@AlexSanchez-bit AlexSanchez-bit linked an issue Jul 3, 2026 that may be closed by this pull request
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

🛑 AI review — Sensitive area, extra care recommended

This PR touches critical paths or introduces changes the model cannot judge with sufficient confidence. Review carefully before merging.

🛑 architecture (gemini-3-flash-lite) — high/critical — please review

Summary: Renaming 'afterEvents' to 'correlation' in API contracts and DB models without a migration plan or backward-compatible schema handling.

  • high backend/modules/eventprocessing/domain/correlation_rule.go:33 — Renaming/deprecating database columns without a migration script. This will break existing deployments that expect 'rule_after_events_def' to be populated.
  • high backend/modules/eventprocessing/dto/correlation_rule.go:42 — Breaking change to the public API contract. Removing 'AfterEventsDef' and adding 'CorrelationDef' forces a synchronized frontend/backend upgrade and breaks existing integrations.
  • medium frontend/src/features/alerting-rules/services/alerting-rules-http.service.ts:64 — While a fallback is provided in the frontend, the backend change is a breaking API contract modification. Ensure the legacy field is supported in the Go DTOs via JSON tags or custom unmarshaling to maintain full backward compatibility.

bugs (gemini-3-flash-lite) — clean

Summary: Renamed 'afterEvents' to 'correlation' across backend and frontend; logic remains consistent with legacy fallback support.

No findings.

🛑 security (gemini-3-flash-lite) — high/critical — please review

Summary: Refactoring of correlation rule logic and data structures, touching core event processing and persistence layers.

  • medium backend/modules/eventprocessing/usecase/correlation_rule.go:32 — The variable 'correlate' is introduced to handle the new 'CorrelationDef' field. Ensure that the validation and persistence logic correctly handles potential injection or malformed JSON payloads in this field, as it replaces the legacy 'AfterEventsDef' in security-critical rule processing.

🔴 go-deps — pending updates

🔍 Discovered 25 Go projects

📦 Dependencies with updates available:

  📁 ./agent/updater:
     - github.com/kardianos/service: v1.2.4 → v1.3.0

  📁 ./agent:
     - github.com/kardianos/service: v1.2.4 → v1.3.0
     - golang.org/x/sys: v0.46.0 → v0.47.0
     - google.golang.org/grpc: v1.81.1 → v1.82.0

  📁 ./collectors/as400:
     - github.com/kardianos/service: v1.2.4 → v1.3.0
     - google.golang.org/grpc: v1.81.1 → v1.82.0

  📁 ./collectors/utmstack:
     - github.com/kardianos/service: v1.2.4 → v1.3.0
     - google.golang.org/grpc: v1.81.1 → v1.82.0

  📁 ./collectors/forwarder:
     - github.com/kardianos/service: v1.2.4 → v1.3.0
     - google.golang.org/grpc: v1.81.1 → v1.82.0

  📁 ./installer:
     - github.com/cloudfoundry/gosigar: v1.3.122 → v1.3.123
     - github.com/kardianos/service: v1.2.4 → v1.3.0

  📁 ./backend:
     - cloud.google.com/go/pubsub: v1.50.2 → v1.50.4
     - github.com/aws/aws-sdk-go-v2/config: v1.32.25 → v1.32.29
     - github.com/aws/aws-sdk-go-v2/credentials: v1.19.24 → v1.19.28
     - github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs: v1.78.0 → v1.79.0
     - github.com/aws/aws-sdk-go-v2/service/sts: v1.43.3 → v1.44.0
     - golang.org/x/crypto: v0.53.0 → v0.54.0
     - google.golang.org/api: v0.286.0 → v0.287.1
     - google.golang.org/grpc: v1.81.1 → v1.82.0

  📁 ./plugins/inputs:
     - google.golang.org/grpc: v1.81.1 → v1.82.0

  📁 ./plugins/sophos:
     - golang.org/x/crypto: v0.53.0 → v0.54.0

  📁 ./plugins/gcp:
     - cloud.google.com/go/pubsub: v1.50.2 → v1.50.4
     - golang.org/x/crypto: v0.53.0 → v0.54.0
     - google.golang.org/api: v0.286.0 → v0.287.1

  📁 ./plugins/crowdstrike:
     - golang.org/x/crypto: v0.53.0 → v0.54.0

  📁 ./plugins/bitdefender:
     - golang.org/x/crypto: v0.53.0 → v0.54.0

  📁 ./plugins/azure:
     - golang.org/x/crypto: v0.53.0 → v0.54.0

  📁 ./plugins/aws:
     - github.com/aws/aws-sdk-go-v2: v1.42.0 → v1.42.1
     - github.com/aws/aws-sdk-go-v2/config: v1.32.25 → v1.32.29
     - github.com/aws/aws-sdk-go-v2/credentials: v1.19.24 → v1.19.28
     - github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs: v1.78.0 → v1.79.0
     - golang.org/x/crypto: v0.53.0 → v0.54.0

  📁 ./plugins/soc-ai:
     - golang.org/x/crypto: v0.53.0 → v0.54.0

  📁 ./plugins/feeds:
     - golang.org/x/sync: v0.21.0 → v0.22.0

  📁 ./plugins/o365:
     - golang.org/x/crypto: v0.53.0 → v0.54.0

  📁 ./agent-manager:
     - golang.org/x/sync: v0.21.0 → v0.22.0
     - google.golang.org/grpc: v1.81.1 → v1.82.0

❌ Please update dependencies before merging.

@utmstackprapprover utmstackprapprover Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes requested — AI review found blocking issues (high/critical, or engineer review required). See above.

@utmstackprapprover utmstackprapprover Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes requested — AI review found blocking issues (high/critical, or engineer review required). See above.

@utmstackprapprover utmstackprapprover Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes requested — AI review found blocking issues (high/critical, or engineer review required). See above.

@AlexSanchez-bit

Copy link
Copy Markdown
Contributor Author

client integration was updated to use correlation new field, deprecation is justa comment in legacy database schema (only used on startup load for retrocompatibility)

@AlexSanchez-bit AlexSanchez-bit merged commit 2094202 into release/v12.0.0 Jul 9, 2026
1 check passed
@AlexSanchez-bit AlexSanchez-bit deleted the backlog/v12_rule_after_events branch July 9, 2026 16:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

v12 custom rule wrong after event field

1 participant