Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Detection Engine] adds preview logged requests for new terms, threshold, query, ML rule types #203320

Open
wants to merge 43 commits into
base: main
Choose a base branch
from
Open

[Security Solution][Detection Engine] adds preview logged requests for new terms, threshold, query, ML rule types #203320

wants to merge 43 commits into from
+1,418 −177

Conversation

vitaliidm
Copy link
Contributor

@vitaliidm vitaliidm commented Dec 6, 2024
edited
Loading

Summary

  • partially addresses [Security Solution][Detection Engine] add request logging on preview for the rest of rule types #202545 (except of IM rule type)
  • extends logged requests preview for:
    • New terms
    • Query
    • ML
    • Threshold
  • For Threshold, Query, New terms rule type introduced Page view, where each loop of rule execution is presented as a separate page
  • Only first 2 search queries requests of each type are logged for performance reasons(rule can have very a large and multiple requests). That's why property request was made not mandatory in rule_preview.schema.yaml

DEMO

Screen.Recording.2025-01-22.at.18.33.10.mov

@vitaliidm vitaliidm self-assigned this Dec 6, 2024
@vitaliidm vitaliidm added v9.0.0 Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. release_note:feature Makes this part of the condensed release notes Team:Detection Engine Security Solution Detection Engine Area backport:version Backport to applied version labels v8.18.0 labels Dec 6, 2024
@vitaliidm
[Security Solution][Detection Engine] refactoring and type fixing
c7eb832
@vitaliidm
[Security Solution][Detection Engine] fix FTR test
328987e
@vitaliidm
[Security Solution][Detection Engine] add unit tests
3eabaed
@vitaliidm
Merge branch 'main' into de_8_18/adds-logged-requests
6ed36ce
@vitaliidm
[Security Solution][Detection Engine] fix i18n
2f6651f
@vitaliidm
Merge branch 'de_8_18/adds-logged-requests' of https://github.com/vit…
6014a0f 
…aliidm/kibana into de_8_18/adds-logged-requests
@vitaliidm
Merge branch 'main' into de_8_18/adds-logged-requests
6cfc5bd
@vitaliidm
[Security Solution][Detection Engine] add ML rule type
97c506b
@vitaliidm
Merge branch 'de_8_18/adds-logged-requests' of https://github.com/vit…
47276ee 
…aliidm/kibana into de_8_18/adds-logged-requests
@vitaliidm
Merge branch 'main' into de_8_18/adds-logged-requests
a3cbc8f
@vitaliidm
Merge branch 'main' into de_8_18/adds-logged-requests
35ba770 
# Conflicts:
#	x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_types/utils/logged_requests/log_search_request.test.ts
#	x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_types/utils/logged_requests/log_search_request.ts
@vitaliidm
[Security Solution][Detection Engine] fix types
bb32143
@vitaliidm
[Security Solution][Detection Engine] fix tests
8ae45c0
@vitaliidm
Merge branch 'main' into de_8_18/adds-logged-requests
30591cf
@vitaliidm
[Security Solution][Detection Engine] ass query
d395a29
@vitaliidm
Merge branch 'de_8_18/adds-logged-requests' of https://github.com/vit…
fb12a68 
…aliidm/kibana into de_8_18/adds-logged-requests
@vitaliidm
[Security Solution][Detection Engine] add translations
677b6a5
@vitaliidm
[Security Solution][Detection Engine] fixes logger
e0a2bba
@vitaliidm
Merge branch 'main' into de_8_18/adds-logged-requests
3ac03c4
@vitaliidm
[Security Solution][Detection Engine] refactoring
084a47e
@vitaliidm
Merge branch 'de_8_18/adds-logged-requests' of https://github.com/vit…
7639413 
…aliidm/kibana into de_8_18/adds-logged-requests
vitaliidm and others added 14 commits January 20, 2025 18:10
@vitaliidm
Merge branch 'main' into de_8_18/adds-logged-requests
83dc6c2
@kibanamachine
[CI] Auto-commit changed files from 'yarn openapi:bundle'
6f0743c
@vitaliidm
query rule paging
112be84
@vitaliidm
Merge branch 'de_8_18/adds-logged-requests' of https://github.com/vit…
a4b6080 
…aliidm/kibana into de_8_18/adds-logged-requests
@vitaliidm
[Security Solution][Detection Engine] threshold rule
92a1c85
@vitaliidm
[Security Solution][Detection Engine] FUNCTIONAL CHANGES
b020a2c
@vitaliidm
refactoring
448f038
@kibanamachine
[CI] Auto-commit changed files from 'make api-docs'
36d667d
@vitaliidm
[Security Solution][Detection Engine] add unit tests
26a87a5
@vitaliidm
Merge branch 'de_8_18/adds-logged-requests' of https://github.com/vit…
ecd7774 
…aliidm/kibana into de_8_18/adds-logged-requests
@vitaliidm
Merge branch 'main' into de_8_18/adds-logged-requests
e14f30b
@vitaliidm
fix tests
82dc3da
@vitaliidm
Merge branch 'de_8_18/adds-logged-requests' of https://github.com/vit…
b6445b3 
…aliidm/kibana into de_8_18/adds-logged-requests
@vitaliidm
[Security Solution][Detection Engine] fix more tests
abf429c
@elasticmachine
Copy link
Contributor

elasticmachine commented Jan 22, 2025
edited
Loading

💔 Build Failed

Failed CI Steps

Test Failures

  • [job] [logs] Serverless Detection Engine - Security Solution Cypress Tests #1 / Detection rules, preview does not support preview logged requests does not show preview logged requests checkbox fro Indicator Match rule does not show preview logged requests checkbox fro Indicator Match rule
  • [job] [logs] Detection Engine - Security Solution Cypress Tests #3 / Detection rules, preview does not support preview logged requests does not show preview logged requests checkbox fro Indicator Match rule does not show preview logged requests checkbox fro Indicator Match rule

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 6602 6604 +2

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 21.3MB 21.3MB +1.6KB
Unknown metric groups

ESLint disabled line counts

id before after diff
securitySolution 573 575 +2

Total ESLint disabled count

id before after diff
securitySolution 656 658 +2

History

cc @vitaliidm

@vitaliidm vitaliidm changed the title [Security Solution][Detection Engine] adds preview logged requests for the rest of rules [Security Solution][Detection Engine] adds preview logged requests for new terms, threshold, query, ML rule types Jan 23, 2025
@vitaliidm vitaliidm marked this pull request as ready for review January 23, 2025 12:14
@vitaliidm vitaliidm requested review from a team as code owners January 23, 2025 12:14
@vitaliidm vitaliidm requested review from rylnd and dplumlee January 23, 2025 12:14
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-engine (Team:Detection Engine)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rylnd rylnd Awaiting requested review from rylnd rylnd is a code owner automatically assigned from elastic/security-detection-engine

@dplumlee dplumlee Awaiting requested review from dplumlee dplumlee is a code owner automatically assigned from elastic/security-detection-rule-management

At least 1 approving review is required to merge this pull request.

Assignees

@vitaliidm vitaliidm

Labels
backport:version Backport to applied version labels release_note:feature Makes this part of the condensed release notes Team:Detection Engine Security Solution Detection Engine Area Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.18.0 v9.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@vitaliidm @elasticmachine @kibanamachine