Skip to content

[Security Rules] Update security rules package to v9.3.15#20014

Merged
shashank-elastic merged 2 commits into
backport-security_detection_engine-9.3from
detection-rules/9.3.15-a27627d49
Jul 7, 2026
Merged

[Security Rules] Update security rules package to v9.3.15#20014
shashank-elastic merged 2 commits into
backport-security_detection_engine-9.3from
detection-rules/9.3.15-a27627d49

Conversation

@tradebot-elastic

Copy link
Copy Markdown
Contributor

What does this PR do?

Update the Security Rules package to version 9.3.15.
Autogenerated from commit https://github.com/elastic/detection-rules/tree/a27627d499030d8736f97ab28a6c89a6e1d4e8cd

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • If I'm introducing a new feature, I have modified the Kibana version constraint in my package's manifest.yml file to point to the latest Elastic stack release (e.g. ^7.13.0).

Author's Checklist

  • Install the most recently release security rules in the Detection Engine
  • Install the package
  • Confirm the update is available in Kibana. Click "Update X rules" or "Install X rules"
  • Look at the changes made after the install and confirm they are consistent

How to test this PR locally

  • Perform the above checklist, and use package-storage to build EPR from source

Related issues

None

Screenshots

None

@shashank-elastic shashank-elastic added enhancement New feature or request Integration:security_detection_engine Prebuilt Security Detection Rules labels Jul 7, 2026
@shashank-elastic shashank-elastic marked this pull request as ready for review July 7, 2026 11:06
@shashank-elastic shashank-elastic requested a review from a team as a code owner July 7, 2026 11:06
@shashank-elastic shashank-elastic enabled auto-merge (squash) July 7, 2026 11:06
@infra-vault-gh-plugin-prod

infra-vault-gh-plugin-prod Bot commented Jul 7, 2026

Copy link
Copy Markdown

@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

TL;DR

The failing Buildkite jobs did not reach the security_detection_engine package tests. Both ECH deployment-create jobs and the cleanup job failed in QAF while writing/removing deployment state from its Elasticsearch-backed KV store with ConnectionTimeout: Connection timed out, so this looks like CI/deployment infrastructure rather than a PR code issue.

Remediation

  • Retry the failed Buildkite steps/build; the failures are consistent with a transient QAF/Elasticsearch registry connectivity problem.
  • If the retry fails the same way, route to the Buildkite/QAF infrastructure owners with the deployment names bk-stateful-ftr-1810-365b2f0341b9 and bk-stateful-ftr-1813-1509ce2d4caa plus the log excerpts below.
Investigation details

Root Cause

The PR diff only changes package release metadata:

  • packages/security_detection_engine/changelog.yml adds 9.3.15.
  • packages/security_detection_engine/manifest.yml changes the package version from 9.3.15-beta.1 to 9.3.15.

The failed jobs are deployment setup/cleanup commands from appex-qa-stateful-security-prebuilt-rules-ftr-oom-testing, and all three logs stop in QAF persistence code before package-specific validation can run.

Evidence

  • Build: https://buildkite.com/elastic/integrations/builds/45621
  • Failed jobs:
    • :elastic-cloud: Create deployment 'bk-stateful-ftr-1810-365b2f0341b9' (9.4.3)
    • :elastic-cloud::broom::sparkles: Remove deployment 'bk-stateful-ftr-1810-365b2f0341b9'
    • :elastic-cloud: Create deployment 'bk-stateful-ftr-1813-1509ce2d4caa' (9.3.7)

Key create-job excerpt:

/usr/local/lib/python3.11/site-packages/qaf/persistence/kvstore/elasticsearch.py:66 in persist_entry
❱ 66 │   self.es.index(index=self.register_index, id=entry_id, document=doc)
...
ConnectionTimeout: Connection timed out
🚨 Error: The command exited with status 1

Key cleanup-job excerpt:

/usr/local/lib/python3.11/site-packages/qaf/persistence/kvstore/elasticsearch.py:85 in remove_entry
❱ 85 │   self.es.delete(index=self.register_index, id=entry_id)
...
ConnectionTimeout: Connection timed out
🚨 Error: The command exited with status 1

Verification

Reviewed the Buildkite failure summary, all three provided job logs, the PR metadata/diff, and existing PR comments. I did not run local tests because the failure occurred during remote ECH deployment state registration/cleanup, before package test execution.


What is this? | From workflow: PR Buildkite Detective

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.

@shashank-elastic shashank-elastic merged commit 7dc0618 into backport-security_detection_engine-9.3 Jul 7, 2026
8 checks passed
@shashank-elastic shashank-elastic deleted the detection-rules/9.3.15-a27627d49 branch July 7, 2026 12:44
@elastic-vault-github-plugin-prod

Copy link
Copy Markdown

Package security_detection_engine - 9.3.15 containing this change is available at https://epr.elastic.co/package/security_detection_engine/9.3.15/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

enhancement New feature or request Integration:security_detection_engine Prebuilt Security Detection Rules

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants