Skip to content

add YAML schema and autocomplete snippet for detections #3612

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: develop
Choose a base branch
from
Open

add YAML schema and autocomplete snippet for detections #3612

wants to merge 7 commits into from

Conversation

devhhu
Copy link

@devhhu devhhu commented Jul 18, 2025

Summary

Adds YAML schema and autocomplete snippets to simplify detection authoring and remove reliance on the baked in contentctl templates found when you run contentctl new.

Changes Included

  • Added detection.schema.json for detection rule validation.
  • Added detection-snippets.code-snippets to provide VSCode autocomplete.
  • Added settings.json for built-in YAML extension integration.
  • Added basic README guidance on enabling schema validation.

Why

  • Helps detection authors working in non-Windows environments (e.g., GCP, macOS) avoid contentctl hardcoding issues, which are found when you attempt to create a detection using contentctl new.
  • Reduces friction by providing in-editor autocomplete suggestions.

Notes

  • Files are under /docs/yaml-spec/schema.

@devhhu
feat: add YAML schema and autocomplete snippets for detection develop…
2d8827b 
…ment

-  .vscode/schemas/detection.schema.json for custom detection schema
- .vscode/settings.json for YAML schema validation
- Included detection-snippets.code-snippets for quick detection templates
- Improves consistency and ease of detection rule authoring within the repo
@devhhu devhhu changed the title feat: add YAML schema and autocomplete snippet for development add YAML schema and autocomplete snippet for development Jul 19, 2025
@devhhu devhhu changed the title add YAML schema and autocomplete snippet for development add YAML schema and autocomplete snippet for detections Jul 19, 2025
@devhhu
Copy link
Author

devhhu commented Jul 24, 2025

Hey team! Just a quick note:

This PR doesn’t change anything in the core content - it just adds some optional docs and some editor tips (YAML schema + VSCode autocomplete). We’ve started using it internally and found it super helpful for making detections more easily, especially outside the default workflow.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@patel-bhavin patel-bhavin Awaiting requested review from patel-bhavin patel-bhavin is a code owner

@ljstella ljstella Awaiting requested review from ljstella ljstella is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@devhhu