Skip to content

add YAML schema and autocomplete snippet for detections #3612

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: develop
Choose a base branch
from
Open

add YAML schema and autocomplete snippet for detections #3612

wants to merge 3 commits into from
+387 −0

Conversation

husseih8
Copy link

Summary

Adds YAML schema and autocomplete snippets to simplify detection authoring and remove reliance on the baked in contentctl templates found when you run contentctl new.

Changes Included

  • Added detection.schema.json for detection rule validation.
  • Added detection-snippets.code-snippets to provide VSCode autocomplete.
  • Added settings.json for built-in YAML extension integration.
  • Added basic README guidance on enabling schema validation.

Why

  • Helps detection authors working in non-Windows environments (e.g., GCP, macOS) avoid contentctl hardcoding issues, which are found when you attempt to create a detection using contentctl new.
  • Reduces friction by providing in-editor autocomplete suggestions.

Notes

  • Files are under /docs/yaml-spec/schema.

@husseih8
feat: add YAML schema and autocomplete snippets for detection develop…
2d8827b 
…ment

-  .vscode/schemas/detection.schema.json for custom detection schema
- .vscode/settings.json for YAML schema validation
- Included detection-snippets.code-snippets for quick detection templates
- Improves consistency and ease of detection rule authoring within the repo
@husseih8 husseih8 changed the title feat: add YAML schema and autocomplete snippet for development add YAML schema and autocomplete snippet for development Jul 19, 2025
@husseih8 husseih8 changed the title add YAML schema and autocomplete snippet for development add YAML schema and autocomplete snippet for detections Jul 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@patel-bhavin patel-bhavin Awaiting requested review from patel-bhavin patel-bhavin is a code owner

@ljstella ljstella Awaiting requested review from ljstella ljstella is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@husseih8