Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Entity Analytics] Adding changes for event.ingested in riskScore and assetCriticality #203975

Open
wants to merge 20 commits into
base: main
Choose a base branch
from
Open

[Entity Analytics] Adding changes for event.ingested in riskScore and assetCriticality #203975

wants to merge 20 commits into from

Conversation

abhishekbhatia1710
Copy link
Contributor

@abhishekbhatia1710 abhishekbhatia1710 commented Dec 12, 2024
edited
Loading

Summary

This pull request introduces changes to the asset criticality and risk score data clients to utilize a new ingest pipeline for adding event timestamps. The changes include the addition of utility functions for creating and retrieving the ingest pipeline, updates to the field mappings, and modifications to the data clients to integrate the new pipeline.

Ingest Pipeline Integration:

Asset Criticality Data Client:

Risk Score Data Client:

Field Mapping Updates:

Checklist

Check the PR satisfies following conditions.

Reviewers should verify this PR satisfies this list as well.

  • Unit or functional tests were updated or added to match the most common scenarios
  • Flaky Test Runner was used on any tests changed
  • The PR description includes the appropriate Release Notes section, and the correct release_note:* label is applied per the guidelines

@abhishekbhatia1710 abhishekbhatia1710 added backport:skip This commit does not require backporting release_note:feature Makes this part of the condensed release notes Team:Entity Analytics Security Entity Analytics Team 8.18 candidate labels Dec 12, 2024
@abhishekbhatia1710 abhishekbhatia1710 self-assigned this Dec 12, 2024
@abhishekbhatia1710 abhishekbhatia1710 requested a review from a team as a code owner December 12, 2024 09:44
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-entity-analytics (Team:Entity Analytics)

@abhishekbhatia1710 abhishekbhatia1710 changed the title Adding changes for event.ingested in riskScore and assetCriticality [Entity Analytics] Adding changes for event.ingested in riskScore and assetCriticality Dec 12, 2024
hop-dev
hop-dev requested changes Dec 19, 2024
View reviewed changes
Copy link
Contributor

@hop-dev hop-dev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please see my comment on the ingest pipeline field

@abhishekbhatia1710
Copy link
Contributor Author

@elasticmachine merge upstream

@elasticmachine
Copy link
Contributor

merge conflict between base and head

abhishekbhatia1710 and others added 12 commits December 23, 2024 14:17
@abhishekbhatia1710
Merge remote-tracking branch 'origin/main' into ea-11288-add-eventIng…
852662a 
…ested-RiskScoreAndAssetCriticality
@abhishekbhatia1710
Fixing types
4879ff5
@abhishekbhatia1710
Merge branch 'main' into ea-11288-add-eventIngested-RiskScoreAndAsset…
5fbbb18 
…Criticality
@abhishekbhatia1710
Merge branch 'ea-11288-add-eventIngested-RiskScoreAndAssetCriticality…
48e4755 
…' of https://github.com/abhishekbhatia1710/kibana into ea-11288-add-eventIngested-RiskScoreAndAssetCriticality
@abhishekbhatia1710
Merge branch 'main' into ea-11288-add-eventIngested-RiskScoreAndAsset…
3aec284 
…Criticality
@abhishekbhatia1710
Fixing the merge error
3d97c73
@kibanamachine
[CI] Auto-commit changed files from 'node scripts/eslint --no-cache -…
b1fafeb 
…-fix'
@abhishekbhatia1710
Merge branch 'ea-11288-add-eventIngested-RiskScoreAndAssetCriticality…
083bf05 
…' of https://github.com/abhishekbhatia1710/kibana into ea-11288-add-eventIngested-RiskScoreAndAssetCriticality
@abhishekbhatia1710
Merge branch 'main' into ea-11288-add-eventIngested-RiskScoreAndAsset…
774a69d 
…Criticality
@abhishekbhatia1710
Renaming AssetCriticalityEcsMigrationClient to AssetCriticalityMigrat…
194e71f 
…ionClient
@abhishekbhatia1710
Merge branch 'ea-11288-add-eventIngested-RiskScoreAndAssetCriticality…
1d783f4 
…' of https://github.com/abhishekbhatia1710/kibana into ea-11288-add-eventIngested-RiskScoreAndAssetCriticality
@abhishekbhatia1710
Changes for functional tests
dd3de34
hop-dev
hop-dev requested changes Jan 7, 2025
View reviewed changes
...curity/plugins/security_solution/server/lib/entity_analytics/utils/create_ingest_pipeline.ts Outdated Show resolved Hide resolved
...y/plugins/security_solution/server/lib/entity_analytics/risk_score/risk_score_data_client.ts Outdated Show resolved Hide resolved
...lution/server/lib/entity_analytics/migrations/risk_score_copy_timestamp_to_event_ingested.ts Outdated

taskManager.registerTaskDefinitions({
[TASK_TYPE]: {
title: `Copy @timestamp value to events.ingested`,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
title: `Copy @timestamp value to events.ingested`,
title: `Copy Asset Criticality @timestamp value to events.ingested`,

...y/plugins/security_solution/server/lib/entity_analytics/risk_score/risk_score_data_client.ts Outdated Show resolved Hide resolved
@abhishekbhatia1710
Changes for functional tests
894870b
@abhishekbhatia1710
Addressing review comments :
f6c5eda 
- removing the error.message block
- Renaming methods
- Removing scroll
@elasticmachine
Copy link
Contributor

elasticmachine commented Jan 8, 2025
edited
Loading

💔 Build Failed

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #26 / Entity Analytics - Risk Engine @ess @serverless @skipInServerlessMKI asset_criticality Asset Criticality APIs initialisation of resources should have index installed on status api call
  • [job] [logs] FTR Configs #53 / Entity Analytics - Risk Engine @ess @serverless @skipInServerlessMKI asset_criticality Asset Criticality APIs initialisation of resources should have index installed on status api call
  • [job] [logs] FTR Configs #53 / Entity Analytics - Risk Engine @ess @serverless @skipInServerlessMKI asset_criticality Asset Criticality APIs initialisation of resources should have index installed on status api call
  • [job] [logs] FTR Configs #26 / Entity Analytics - Risk Engine @ess @serverless @skipInServerlessMKI asset_criticality Asset Criticality APIs initialisation of resources should have index installed on status api call

Metrics [docs]

✅ unchanged

History

cc @abhishekbhatia1710

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hop-dev hop-dev Awaiting requested review from hop-dev

Requested changes must be addressed to merge this pull request.

Assignees

@abhishekbhatia1710 abhishekbhatia1710

Labels
8.18 candidate backport:skip This commit does not require backporting release_note:feature Makes this part of the condensed release notes Team:Entity Analytics Security Entity Analytics Team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@abhishekbhatia1710 @elasticmachine @hop-dev @kibanamachine