Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[8.x] [SecuritySolution] Service Entity Store (#202344) #203521

Merged
merged 1 commit into from
Dec 10, 2024
Merged

[8.x] [SecuritySolution] Service Entity Store (#202344) #203521

merged 1 commit into from
Dec 10, 2024

Conversation

machadoum
Copy link
Member

Backport

This will backport the following commits from main to 8.x:

Questions ?

Please refer to the Backport tool documentation

@machadoum
[SecuritySolution] Service Entity Store (elastic#202344)
40110f2 
## Summary

### Service Definition:

https://github.com/elastic/kibana/pull/202344/files#diff-42c7dd345e0500c97f85824904a70a11162827ea8f8df6982082a9047ca04ff1

### Acceptance Criteria
- [x] Upon installation of the entity store, the Service entity
definition should be created by default
- [x] The Service definition will be installed in the exact same way as
the User and Host definitions
- [x] The unique identifier for service entities will be `service.name`
- [x] The fields captured for service entities should match the field
mapping spreadsheet (see Implementation Notes below)

### Stored Entity
```json
{
          "@timestamp": "2024-12-02T10:43:13.856Z",
          "event": {
            "ingested": "2024-12-02T10:51:28.987428Z"
          },
          "entity": {
            "name": "test123 name",
            "id": "test123 name",
            "source": "logs-blito",
            "type": "service"
          },
          "service": {
            "node": {
              "roles": [
                "test123 node roles"
              ],
              "name": [
                "test123 node name"
              ]
            },
            "environment": [
              "test123 environment"
            ],
            "address": [
              "test123 address"
            ],
            "name": "test123 name",
            "id": [
              "test123 id"
            ],
            "state": [
              "test123 state"
            ],
            "ephemeral_id": [
              "test123 ephemeral_id"
            ],
            "type": [
              "test123 type"
            ],
            "version": [
              "test123 version"
            ]
          }
}
```

### How to test it?

* Start Kibana
<details>
  <summary>Create mappings</summary>

```
PUT /logs-test
{
  "mappings": {
    "properties": {
      "service.name": {
        "type": "keyword"
      },
      "service.address": {
        "type": "keyword"
      },
      "service.environment": {
        "type": "keyword"
      },
      "service.ephemeral_id": {
        "type": "keyword"
      },
      "service.id": {
        "type": "keyword"
      },
      "service.node.name": {
        "type": "keyword"
      },
      "service.node.roles": {
        "type": "keyword"
      },
      "service.state": {
        "type": "keyword"
      },
      "service.type": {
        "type": "keyword"
      },
      "service.version": {
        "type": "keyword"
      },
      "@timestamp": {
        "type": "date"
      }
    }
  }
}
````
</details>

<details>
  <summary>Create document</summary>

```
PUT /logs-test
POST logs-test/_doc
{
  "service": {
    "name": "test123 name",
    "address": "test123 address",
    "environment": "test123 environment",
    "ephemeral_id": "test123 ephemeral_id",
    "id": "test123 id",
    "node.roles": "test123 node roles",
    "node.name": "test123 node name",
    "state": "test123 state",
    "type": "test123 type",
    "version": "test123 version"
  },
  "@timestamp": "2024-12-02T10:43:13.856Z"
}

````
</details>

* Init the entity store
* Wait...
* Query the service index `GET
.entities.v1.latest.security_service_default/_search`

### Open Questions
* Can we merge this PR without first updating all other features that
will use service entities?
* If we merge it, the service engine will be installed together with
other entities, but it won't provide any functionality
* Do we need an experimental flag?

---------

Co-authored-by: kibanamachine <[email protected]>
(cherry picked from commit fdedae0)

# Conflicts:
#	oas_docs/output/kibana.serverless.yaml
#	x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_store_data_client.ts
#	x-pack/plugins/security_solution/server/request_context_factory.ts
@machadoum machadoum enabled auto-merge (squash) December 10, 2024 09:13
@machadoum machadoum mentioned this pull request Dec 10, 2024
Merged
4 tasks
@elasticmachine
Copy link
Contributor

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #40 / Rules Management - Prebuilt Rules - Prebuilt Rules Management @ess @serverless @skipInServerlessMKI install_prebuilt_rules_from_real_package should install prebuilt rules from the package storage

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 13.4MB 13.4MB +135.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
securitySolution 86.6KB 86.6KB +29.0B

@machadoum machadoum merged commit 219736a into elastic:8.x Dec 10, 2024
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@CAWilson94 CAWilson94 CAWilson94 approved these changes

@kibanamachine kibanamachine Awaiting requested review from kibanamachine kibanamachine is a code owner

Assignees
No one assigned
Labels
backport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@machadoum @elasticmachine @CAWilson94