Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solutions] Fixes the newer notification system throttle resets and enabling immediate execution on first detection of a signal #114214

Merged
merged 14 commits into from
Oct 16, 2021
Merged

[Security Solutions] Fixes the newer notification system throttle resets and enabling immediate execution on first detection of a signal #114214

merged 14 commits into from
Oct 16, 2021

Conversation

FrankHassanabad
Copy link
Contributor

@FrankHassanabad FrankHassanabad commented Oct 7, 2021
edited
Loading

Summary

Fixes:

  • Resets happening by adding the throttle to the else switches and error catching. We have to call throttle on every rule execution or we will cause a reset.
  • Fixes a case where we were not firing the signal immediately by pushing down the alerts detected. This can cause a reset or a delay of MTTD.
  • Adds unit tests for the conditions
  • Changes some of the logic to clean things up.

Checklist

@FrankHassanabad FrankHassanabad self-assigned this Oct 7, 2021
@FrankHassanabad FrankHassanabad added v8.0.0 v7.16.0 Feature:Rule Actions Security Solution Detection Rule Actions area release_note:skip Skip the PR/issue when compiling release notes auto-backport Deprecated - use backport:version if exact versions are needed labels Oct 7, 2021
@FrankHassanabad FrankHassanabad changed the title Fix throttle bug [Security Solutions] Fixes the newer notification system throttle resets and enabling immediate execution on first detection of a signal Oct 7, 2021
@FrankHassanabad FrankHassanabad marked this pull request as ready for review October 7, 2021 15:00
@FrankHassanabad FrankHassanabad requested a review from a team as a code owner October 7, 2021 15:00
@FrankHassanabad
Copy link
Contributor Author

@elasticmachine merge upstream

@kibanamachine
Copy link
Contributor

merge conflict between base and head

@FrankHassanabad
Copy link
Contributor Author

@elasticmachine merge upstream

yctercero
yctercero reviewed Oct 12, 2021
View reviewed changes
...solution/server/lib/detection_engine/notifications/schedule_throttle_notification_actions.ts
esClient: ElasticsearchClient;
alertInstance: AlertInstance;
notificationRuleParams: NotificationRuleTypeParams;
signals: unknown[];
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does SignalSearchResponse work here as a type?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

They're not exactly the same type from looking at things. It's legacy and confusing to have the unknown here. We might be able to change it later but I'm not going to for this PR for right now.

@yctercero
Copy link
Contributor

yctercero commented Oct 12, 2021
edited
Loading

It's looking great! I only tested with a custom query rule and it wasn't exhaustive. But did verify the following behaviors:

  • If there are signals found on rule enable or initial run, a notification is sent immediately
  • If set to hourly interval, only receive one notification within an hour, even if rule hits bulk error response
Some test data for sanity check:
Run 0 (activation) - 🔔 Notified - `NEWWWWW Rule test new generated 200 alerts - 2021-10-12T04:57:13.909Z` (says 200 because I had disabled/enabled the rule to test initial run notification, also note that the clock between my logger and what's showing up on slack notification differs)

Run 1 - No notification -
logs show 100 signals found, 2021-10-11T22:02:15.079-07:00

Run 2 - No notification -
logs show 100 signals found, 2021-10-11T22:07:20.112-07:00

Run 3 - No notification -
logs show 100 signals found, 2021-10-11T22:12:23.174-07:00

[...]

Run 7 - No notification -
logs show error bulk indexing, 2021-10-11T22:32:28.422-07:00

Run 8 - No notification -
logs show 100 signals found, 2021-10-11T22:37:33.129-07:00

[...]

Run 13 - 🔔 Notified -
NEWWWWW Rule test new generated 200 alerts - 2021-10-12T05:57:45.429Z

I am a bit confused about that second notification up there that notifies the user of 200 alerts. I would have thought it would be 1200 alerts (that remove the alerts counted in the initial notification, and the 100 not indexed during one run because of a bulk indexing error).

Went ahead and did another round this time noting the logs and rule running every 10 minutes:
Run 0 (activation) - 🔔 Notified - `Testing total signals count. Rule test new generated 200 alerts - 2021-10-12T06:12:41.325Z` (says 200 because I had disabled/enabled the rule to test initial run notification).

"The notification throttle resultsLink created is: [...]. Notification throttle is querying the results using "from:" 1634015491959 "to": 1634019087830 "size": 100 "index": .siem-signals-default "ruleId": 31bc8759-d877-4e7b-8550-69cd76a7f6bc"
"The notification throttle query result size before deconflicting duplicates is: 0. The notification throttle passed in signals size before deconflicting duplicates is: 100. The deconflicted size and size of the signals sent into throttle notification is: 100."

Run 1 - No notification -

[2021-10-11T23:12:39.977-07:00][INFO ][plugins.securitySolution] Found 100 signals for notification. name: "test new" id: "5c3ee270-2b17-11ec-a3ef-f572d4f1f85c" rule id: "31bc8759-d877-4e7b-8550-69cd76a7f6bc" signals index: ".siem-signals-default"
"The notification throttle resultsLink created is: [...]. Notification throttle is querying the results using "from:" 1634015559977 "to": 1634019155647 "size": 100 "index": .siem-signals-default "ruleId": 31bc8759-d877-4e7b-8550-69cd76a7f6bc"
"The notification throttle query result size before deconflicting duplicates is: 100. The notification throttle passed in signals size before deconflicting duplicates is: 100. The deconflicted size and size of the signals sent into throttle notification is: 200."
[2021-10-11T23:12:41.322-07:00][INFO ][plugins.securitySolution] [+] Finished indexing 100 signals searched between date ranges [
{
"to": "2021-10-12T06:12:37.462Z",
"from": "2021-10-12T06:01:37.463Z",
"maxSignals": 100
}
] name: "test new" id: "5c3ee270-2b17-11ec-a3ef-f572d4f1f85c" rule id: "31bc8759-d877-4e7b-8550-69cd76a7f6bc" signals index: ".siem-signals-default"

Run 2 - No notification -

2021-10-11T23:22:41.130-07:00][INFO ][plugins.securitySolution] Found 100 signals for notification. name: "test new" id: "5c3ee270-2b17-11ec-a3ef-f572d4f1f85c" rule id: "31bc8759-d877-4e7b-8550-69cd76a7f6bc" signals index: ".siem-signals-default"
"The notification throttle resultsLink created is: [...]. Notification throttle is querying the results using "from:" 1634016161130 "to": 1634019755787 "size": 100 "index": .siem-signals-default "ruleId": 31bc8759-d877-4e7b-8550-69cd76a7f6bc"
"The notification throttle query result size before deconflicting duplicates is: 100. The notification throttle passed in signals size before deconflicting duplicates is: 100. The deconflicted size and size of the signals sent into throttle notification is: 200."
[2021-10-11T23:22:42.444-07:00][INFO ][plugins.securitySolution] [+] Finished indexing 100 signals searched between date ranges [
{
"to": "2021-10-12T06:22:38.156Z",
"from": "2021-10-12T06:11:38.156Z",
"maxSignals": 100
}
] name: "test new" id: "5c3ee270-2b17-11ec-a3ef-f572d4f1f85c" rule id: "31bc8759-d877-4e7b-8550-69cd76a7f6bc" signals index: ".siem-signals-default"

Run 3 - No notification -

[2021-10-11T23:32:40.278-07:00][INFO ][plugins.securitySolution] Found 100 signals for notification. name: "test new" id: "5c3ee270-2b17-11ec-a3ef-f572d4f1f85c" rule id: "31bc8759-d877-4e7b-8550-69cd76a7f6bc" signals index: ".siem-signals-default"
"The notification throttle resultsLink created is: [...]. Notification throttle is querying the results using "from:" 1634016760278 "to": 1634020355950 "size": 100 "index": .siem-signals-default "ruleId": 31bc8759-d877-4e7b-8550-69cd76a7f6bc"
"The notification throttle query result size before deconflicting duplicates is: 100. The notification throttle passed in signals size before deconflicting duplicates is: 100. The deconflicted size and size of the signals sent into throttle notification is: 200."
[2021-10-11T23:32:41.575-07:00][INFO ][plugins.securitySolution] [+] Finished indexing 100 signals searched between date ranges [
{
"to": "2021-10-12T06:32:38.054Z",
"from": "2021-10-12T06:21:38.054Z",
"maxSignals": 100
}
] name: "test new" id: "5c3ee270-2b17-11ec-a3ef-f572d4f1f85c" rule id: "31bc8759-d877-4e7b-8550-69cd76a7f6bc" signals index: ".siem-signals-default"

Run 4 - No notification -

[2021-10-11T23:42:43.405-07:00][INFO ][plugins.securitySolution] Found 100 signals for notification. name: "test new" id: "5c3ee270-2b17-11ec-a3ef-f572d4f1f85c" rule id: "31bc8759-d877-4e7b-8550-69cd76a7f6bc" signals index: ".siem-signals-default"
"The notification throttle resultsLink created is: [...]. Notification throttle is querying the results using "from:" 1634017363406 "to": 1634020959105 "size": 100 "index": .siem-signals-default "ruleId": 31bc8759-d877-4e7b-8550-69cd76a7f6bc"
"The notification throttle query result size before deconflicting duplicates is: 100. The notification throttle passed in signals size before deconflicting duplicates is: 100. The deconflicted size and size of the signals sent into throttle notification is: 200."
[2021-10-11T23:42:44.678-07:00][INFO ][plugins.securitySolution] [+] Finished indexing 100 signals searched between date ranges [
{
"to": "2021-10-12T06:42:41.161Z",
"from": "2021-10-12T06:31:41.161Z",
"maxSignals": 100
}
] name: "test new" id: "5c3ee270-2b17-11ec-a3ef-f572d4f1f85c" rule id: "31bc8759-d877-4e7b-8550-69cd76a7f6bc" signals index: ".siem-signals-default"

Run 5 - No notification -

[2021-10-11T23:52:44.560-07:00][INFO ][plugins.securitySolution] Found 100 signals for notification. name: "test new" id: "5c3ee270-2b17-11ec-a3ef-f572d4f1f85c" rule id: "31bc8759-d877-4e7b-8550-69cd76a7f6bc" signals index: ".siem-signals-default"
"The notification throttle resultsLink created is: [...]. Notification throttle is querying the results using "from:" 1634017964561 "to": 1634021559239 "size": 100 "index": .siem-signals-default "ruleId": 31bc8759-d877-4e7b-8550-69cd76a7f6bc"
"The notification throttle query result size before deconflicting duplicates is: 100. The notification throttle passed in signals size before deconflicting duplicates is: 100. The deconflicted size and size of the signals sent into throttle notification is: 200."
[2021-10-11T23:52:45.793-07:00][INFO ][plugins.securitySolution] [+] Finished indexing 100 signals searched between date ranges [
{
"to": "2021-10-12T06:52:41.505Z",
"from": "2021-10-12T06:41:41.505Z",
"maxSignals": 100
}
] name: "test new" id: "5c3ee270-2b17-11ec-a3ef-f572d4f1f85c" rule id: "31bc8759-d877-4e7b-8550-69cd76a7f6bc" signals index: ".siem-signals-default"

Run 6 - No notification -

[2021-10-12T00:02:43.731-07:00][INFO ][plugins.securitySolution] Found 100 signals for notification. name: "test new" id: "5c3ee270-2b17-11ec-a3ef-f572d4f1f85c" rule id: "31bc8759-d877-4e7b-8550-69cd76a7f6bc" signals index: ".siem-signals-default"
"The notification throttle resultsLink created is: [...]. Notification throttle is querying the results using "from:" 1634018563731 "to": 1634022159395 "size": 100 "index": .siem-signals-default "ruleId": 31bc8759-d877-4e7b-8550-69cd76a7f6bc"
"The notification throttle query result size before deconflicting duplicates is: 100. The notification throttle passed in signals size before deconflicting duplicates is: 100. The deconflicted size and size of the signals sent into throttle notification is: 200."
[2021-10-12T00:02:44.903-07:00][INFO ][plugins.securitySolution] [+] Finished indexing 100 signals searched between date ranges [
{
"to": "2021-10-12T07:02:41.370Z",
"from": "2021-10-12T06:51:41.370Z",
"maxSignals": 100
}
] name: "test new" id: "5c3ee270-2b17-11ec-a3ef-f572d4f1f85c" rule id: "31bc8759-d877-4e7b-8550-69cd76a7f6bc" signals index: ".siem-signals-default"

Run 7 - 🔔 Notified -
Testing total signals count. Rule test new generated 200 alerts - 2021-10-12T07:12:48.493Z

[2021-10-12T00:12:46.945-07:00][INFO ][plugins.securitySolution] Found 100 signals for notification. name: "test new" id: "5c3ee270-2b17-11ec-a3ef-f572d4f1f85c" rule id: "31bc8759-d877-4e7b-8550-69cd76a7f6bc" signals index: ".siem-signals-default"
"The notification throttle resultsLink created is: [...]. Notification throttle is querying the results using "from:" 1634019166946 "to": 1634022762443 "size": 100 "index": .siem-signals-default "ruleId": 31bc8759-d877-4e7b-8550-69cd76a7f6bc"
"The notification throttle query result size before deconflicting duplicates is: 100. The notification throttle passed in signals size before deconflicting duplicates is: 100. The deconflicted size and size of the signals sent into throttle notification is: 200."
[2021-10-12T00:12:48.491-07:00][INFO ][plugins.securitySolution] [+] Finished indexing 100 signals searched between date ranges [
{
"to": "2021-10-12T07:12:44.326Z",
"from": "2021-10-12T07:01:44.327Z",
"maxSignals": 100
}
] name: "test new" id: "5c3ee270-2b17-11ec-a3ef-f572d4f1f85c" rule id: "31bc8759-d877-4e7b-8550-69cd76a7f6bc" signals index: ".siem-signals-default"

I'm thinking maybe it's in the dedupe? I'll take a closer look tomorrow.

@FrankHassanabad
Copy link
Contributor Author

@elasticmachine merge upstream

rylnd
rylnd reviewed Oct 13, 2021
View reviewed changes
Copy link
Contributor

@rylnd rylnd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just adding a few comments that I forgot to submit the other day; I can do another pass later if necessary.

...solution/server/lib/detection_engine/notifications/schedule_throttle_notification_actions.ts Outdated Show resolved Hide resolved
...solution/server/lib/detection_engine/notifications/schedule_throttle_notification_actions.ts Outdated Show resolved Hide resolved
@FrankHassanabad FrankHassanabad added the Team:Security Solution Platform Security Solution Platform Team label Oct 14, 2021
@FrankHassanabad
Copy link
Contributor Author

@elasticmachine merge upstream

@FrankHassanabad
Copy link
Contributor Author

@elasticmachine merge upstream

yctercero
yctercero approved these changes Oct 15, 2021
View reviewed changes
Copy link
Contributor

@yctercero yctercero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed fix. LGTM! Thanks so much 🚀

@FrankHassanabad
Copy link
Contributor Author

@elasticmachine merge upstream

@FrankHassanabad FrankHassanabad enabled auto-merge (squash) October 15, 2021 22:06
@kibanamachine
Copy link
Contributor

💛 Build succeeded, but was flaky

Test Failures

Kibana Pipeline / general / X-Pack API Integration Tests.x-pack/test/api_integration/apis/search/session·ts.apis search search session touched time updates when you poll on an search

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has not failed recently on tracked branches

[00:00:00]     │
[00:00:00]       └-: apis
[00:00:00]         └-> "before all" hook in "apis"
[00:00:00]         └-: search
[00:00:00]           └-> "before all" hook in "search"
[00:00:03]           └-: search session
[00:00:03]             └-> "before all" hook for "should fail to extend a nonexistent session"
[00:00:03]             └-> should fail to extend a nonexistent session
[00:00:03]               └-> "before each" hook: global before each for "should fail to extend a nonexistent session"
[00:00:03]               │ proc [kibana] [2021-10-15T22:53:25.005+00:00][ERROR][plugins.dataEnhanced.data_enhanced] [object Object]
[00:00:03]               └- ✓ pass  (68ms)
[00:00:03]             └-> should sync search ids into not persisted session
[00:00:03]               └-> "before each" hook: global before each for "should sync search ids into not persisted session"
[00:00:03]               │ debg Waiting up to 5000ms for searches persisted into session...
[00:00:03]               │ proc [kibana] [2021-10-15T22:53:25.149+00:00][ERROR][plugins.dataEnhanced.data_enhanced] [object Object]
[00:00:03]               │ debg --- retry.waitForWithTimeout error: expected 200 "OK", got 404 "Not Found"
[00:00:03]               │ proc [kibana] [2021-10-15T22:53:25.718+00:00][ERROR][plugins.dataEnhanced.data_enhanced] [object Object]
[00:00:03]               │ debg --- retry.waitForWithTimeout failed again with the same message...
[00:00:04]               │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_8.0.0_001/VlDEGl_iS26fn3bpAa8iCA] update_mapping [_doc]
[00:00:04]               └- ✓ pass  (1.2s)
[00:00:04]             └-> should complete session when searches complete
[00:00:04]               └-> "before each" hook: global before each for "should complete session when searches complete"
[00:00:04]               │ debg Waiting up to 5000ms for searches persisted into session...
[00:00:04]               │ debg --- retry.waitForWithTimeout error: expected [] to contain 'Fmk4bDVaanl6UTJpU3pzazNjcWpyTncbWlJ0bFRXalRRSC00MkhvZUZIeXl0QToyMjQ2'
[00:00:05]               │ debg --- retry.waitForWithTimeout failed again with the same message...
[00:00:06]               │ info [o.e.c.m.MetadataMappingService] [node-01] [.ds-.logs-deprecation.elasticsearch-default-2021.10.15-000001/TmMkEB_pRIydyZRjShdTwQ] update_mapping [_doc]
[00:00:08]               │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_8.0.0_001/VlDEGl_iS26fn3bpAa8iCA] update_mapping [_doc]
[00:00:16]               │ debg Waiting up to 5000ms for searches eventually complete and session gets into the complete state...
[00:00:16]               └- ✓ pass  (11.6s)
[00:00:16]             └-> touched time updates when you poll on an search
[00:00:16]               └-> "before each" hook: global before each for "touched time updates when you poll on an search"
[00:00:16]               │ debg Waiting up to 20000ms for search session created...
[00:00:16]               │ proc [kibana] [2021-10-15T22:53:37.987+00:00][ERROR][plugins.dataEnhanced.data_enhanced] [object Object]
[00:00:16]               │ proc [kibana] [2021-10-15T22:53:38.551+00:00][ERROR][plugins.dataEnhanced.data_enhanced] [object Object]
[00:00:20]               └- ✖ fail: apis search search session touched time updates when you poll on an search
[00:00:20]               │      Error: expected '2021-10-15T22:53:38.964Z' to be below 2021-10-15T22:53:38.964Z
[00:00:20]               │       at Assertion.assert (/dev/shm/workspace/parallel/23/kibana/node_modules/@kbn/expect/expect.js:100:11)
[00:00:20]               │       at Assertion.lessThan.Assertion.below (/dev/shm/workspace/parallel/23/kibana/node_modules/@kbn/expect/expect.js:336:8)
[00:00:20]               │       at Function.lessThan (/dev/shm/workspace/parallel/23/kibana/node_modules/@kbn/expect/expect.js:531:15)
[00:00:20]               │       at Context.<anonymous> (test/api_integration/apis/search/session.ts:438:65)
[00:00:20]               │       at runMicrotasks (<anonymous>)
[00:00:20]               │       at processTicksAndRejections (internal/process/task_queues.js:95:5)
[00:00:20]               │       at Object.apply (/dev/shm/workspace/parallel/23/kibana/node_modules/@kbn/test/target_node/functional_test_runner/lib/mocha/wrap_function.js:87:16)
[00:00:20]               │ 
[00:00:20]               │

Stack Trace

Error: expected '2021-10-15T22:53:38.964Z' to be below 2021-10-15T22:53:38.964Z
    at Assertion.assert (/dev/shm/workspace/parallel/23/kibana/node_modules/@kbn/expect/expect.js:100:11)
    at Assertion.lessThan.Assertion.below (/dev/shm/workspace/parallel/23/kibana/node_modules/@kbn/expect/expect.js:336:8)
    at Function.lessThan (/dev/shm/workspace/parallel/23/kibana/node_modules/@kbn/expect/expect.js:531:15)
    at Context.<anonymous> (test/api_integration/apis/search/session.ts:438:65)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (internal/process/task_queues.js:95:5)
    at Object.apply (/dev/shm/workspace/parallel/23/kibana/node_modules/@kbn/test/target_node/functional_test_runner/lib/mocha/wrap_function.js:87:16)

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @FrankHassanabad

@FrankHassanabad FrankHassanabad merged commit 55235c6 into elastic:master Oct 16, 2021
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Oct 16, 2021
@FrankHassanabad @kibanamachine
[Security Solutions] Fixes the newer notification system throttle res…
66093a7 
…ets and enabling immediate execution on first detection of a signal (elastic#114214)

## Summary

Fixes:
* Resets happening by adding the throttle to the else switches and error catching. We have to call throttle on every rule execution or we will cause a reset.
* Fixes a case where we were not firing the signal immediately by pushing down the alerts detected. This can cause a reset or a delay of MTTD. 
* Adds unit tests for the conditions
* Changes some of the logic to clean things up.

### Checklist

- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
@kibanamachine kibanamachine mentioned this pull request Oct 16, 2021
Merged
@kibanamachine
Copy link
Contributor

💚 Backport successful

Status Branch Result
7.x

This backport PR will be merged automatically after passing CI.

@FrankHassanabad FrankHassanabad deleted the fix-throttle-bug branch October 16, 2021 00:42
kibanamachine added a commit that referenced this pull request Oct 16, 2021
@kibanamachine @FrankHassanabad
[Security Solutions] Fixes the newer notification system throttle res…
1b18fd8 
…ets and enabling immediate execution on first detection of a signal (#114214) (#115292)

## Summary

Fixes:
* Resets happening by adding the throttle to the else switches and error catching. We have to call throttle on every rule execution or we will cause a reset.
* Fixes a case where we were not firing the signal immediately by pushing down the alerts detected. This can cause a reset or a delay of MTTD. 
* Adds unit tests for the conditions
* Changes some of the logic to clean things up.

### Checklist

- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios

Co-authored-by: Frank Hassanabad <frank.hassanabad@elastic.co>
jloleysens added a commit to jloleysens/kibana that referenced this pull request Oct 18, 2021
@jloleysens
Merge branch 'master' of github.com:elastic/kibana into reporting/poc…
6b639dd 
…-migrate-away-from-injected-css-js

* 'master' of github.com:elastic/kibana: (237 commits)
  [Uptime] Added uptime query inspector panel (elastic#115170)
  [Osquery] Add packs (elastic#107345)
  [App Search] Allow for query parameter to indicate ingestion mechanism for new engines (elastic#115188)
  [Alerting] Active alerts do not recover after re-enabling a rule (elastic#111671)
  skip flaky tests.  elastic#115308, elastic#115313
  [Breaking] Remove deprecated `enabled` settings from plugins. (elastic#113495)
  skip flaky suite.  elastic#107057
  skip flaky tests. elastic#89052, elastic#113418, elastic#115304
  skip flaky test. elastic#113892
  Bump node to 16.11.1 (elastic#110684)
  [Security Solution] Restores Alerts table local storage persistence and the Remove Column action (elastic#114742)
  skip flaky suite.  elastic#115130
  one line remove assert (elastic#115127)
  Fixes migration bug where I was deleting attributes (elastic#115098)
  [Security Solutions] Fixes the newer notification system throttle resets and enabling immediate execution on first detection of a signal  (elastic#114214)
  [build] Dockerfile update (elastic#115237)
  Fixes Cypress flake cypress test (elastic#115270)
  Disable APM e2e tests
  log an invalid type for SO (elastic#115175)
  [Fleet] Don't auto upgrade policies for AUTO_UPDATE packages (elastic#115199)
  ...

# Conflicts:
#	src/plugins/dashboard/public/application/dashboard_app.tsx
#	src/plugins/dashboard/public/types.ts
#	x-pack/plugins/reporting/server/lib/layouts/print_layout.ts
jloleysens added a commit to jloleysens/kibana that referenced this pull request Oct 18, 2021
@jloleysens
Merge branch 'master' of github.com:elastic/kibana into reporting/add…
36426c6 
…-link-to-kibana-app

* 'master' of github.com:elastic/kibana: (287 commits)
  [Security Solution][Endpoint] Change `trustedAppByPolicyEnabled` flag to `true` by default (elastic#115264)
  [APM] generator: support error events and application metrics (elastic#115311)
  [kibanaUtils] Don't import full `semver` client side (elastic#114986)
  [RAC] Link inventory alerts to the right inventory view (elastic#113553)
  [Uptime] Added uptime query inspector panel (elastic#115170)
  [Osquery] Add packs (elastic#107345)
  [App Search] Allow for query parameter to indicate ingestion mechanism for new engines (elastic#115188)
  [Alerting] Active alerts do not recover after re-enabling a rule (elastic#111671)
  skip flaky tests.  elastic#115308, elastic#115313
  [Breaking] Remove deprecated `enabled` settings from plugins. (elastic#113495)
  skip flaky suite.  elastic#107057
  skip flaky tests. elastic#89052, elastic#113418, elastic#115304
  skip flaky test. elastic#113892
  Bump node to 16.11.1 (elastic#110684)
  [Security Solution] Restores Alerts table local storage persistence and the Remove Column action (elastic#114742)
  skip flaky suite.  elastic#115130
  one line remove assert (elastic#115127)
  Fixes migration bug where I was deleting attributes (elastic#115098)
  [Security Solutions] Fixes the newer notification system throttle resets and enabling immediate execution on first detection of a signal  (elastic#114214)
  [build] Dockerfile update (elastic#115237)
  ...

# Conflicts:
#	x-pack/plugins/reporting/public/management/__snapshots__/report_listing.test.tsx.snap
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rylnd rylnd rylnd left review comments

@yctercero yctercero yctercero approved these changes

@dhurley14 dhurley14 Awaiting requested review from dhurley14

Assignees

@FrankHassanabad FrankHassanabad

Labels
auto-backport Deprecated - use backport:version if exact versions are needed Feature:Rule Actions Security Solution Detection Rule Actions area release_note:skip Skip the PR/issue when compiling release notes Team:Security Solution Platform Security Solution Platform Team v7.16.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@FrankHassanabad @kibanamachine @yctercero @rylnd