Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution][Alerts] Alert suppression per rule execution #142686

Merged
merged 89 commits into from
Nov 15, 2022
Merged
Changes from 1 commit
Commits
Show all changes
89 commits
Select commit Hold shift + click to select a range
41144fa
Initial commit
madirey Jul 27, 2022
781cf26
Merge branch 'main' of github.com:elastic/kibana into alert-per-entit…
madirey Jul 27, 2022
8e6aa9e
No value list exceptions for now
madirey Jul 28, 2022
3c9a1b5
Merge branch 'main' of github.com:elastic/kibana into alert-per-entit…
madirey Jul 28, 2022
de903ec
Gather alerts from groups for indexing
madirey Jul 28, 2022
00a817a
Merge branch 'main' of github.com:elastic/kibana into alert-per-entit…
madirey Jul 28, 2022
aa6dec8
Refine algorithm
madirey Jul 28, 2022
8eea5a8
Merge branch 'main' of github.com:elastic/kibana into alert-per-entit…
madirey Aug 1, 2022
2e01a48
Fix algorithm
madirey Aug 2, 2022
903fa61
Merge branch 'main' of github.com:elastic/kibana into alert-per-entit…
madirey Aug 2, 2022
a3bf7af
Clean up prototype
madirey Aug 3, 2022
7e10630
Merge branch 'main' of github.com:elastic/kibana into alert-per-entit…
madirey Aug 3, 2022
d2f356c
add comments
madirey Aug 4, 2022
20c4745
Merge branch 'main' of github.com:elastic/kibana into alert-per-entit…
madirey Aug 4, 2022
8b764b9
Merge branch 'main' of github.com:elastic/kibana into alert-per-entit…
madirey Aug 10, 2022
20e5c12
Merge branch 'main' of github.com:elastic/kibana into alert-per-entit…
madirey Aug 10, 2022
9206c6c
Refactor
madirey Aug 10, 2022
05fedc3
Refactor
madirey Aug 10, 2022
04b3a27
More refactoring
madirey Aug 10, 2022
95a96be
Merge branch 'main' of github.com:elastic/kibana into alert-per-entit…
madirey Aug 11, 2022
674776c
Some tests
madirey Aug 11, 2022
85c8cfc
Integration test
madirey Aug 11, 2022
bf17d52
Fixes
madirey Aug 11, 2022
e793e93
Add create/patch params
madirey Aug 11, 2022
dadc419
Merge branch 'main' of github.com:elastic/kibana into alert-per-entit…
madirey Aug 15, 2022
71f26c3
Type fixes
madirey Aug 15, 2022
efbe457
Integration test
madirey Aug 15, 2022
32bc5bc
Merge branch 'main' of github.com:elastic/kibana into alert-per-entit…
madirey Aug 15, 2022
81fb0e5
Initial commit - UI
madirey Aug 15, 2022
131a9fa
type fixes
madirey Aug 16, 2022
ab4bd0e
Merge branch 'main' of github.com:elastic/kibana into alert-per-entit…
madirey Aug 16, 2022
efc015b
UI fixes
madirey Aug 18, 2022
141d7e4
Merge branch 'main' of github.com:elastic/kibana into alert-per-entit…
madirey Aug 18, 2022
90d95c9
Merge branch 'main' of github.com:elastic/kibana into alert-per-entit…
madirey Aug 21, 2022
98c54be
cleanup
madirey Aug 22, 2022
a309d05
Merge branch 'main' of github.com:elastic/kibana into alert-per-entit…
madirey Aug 22, 2022
2fc1d10
cleanup
madirey Aug 22, 2022
6fb6416
Default
madirey Aug 23, 2022
73f5ff3
Feature flag
madirey Aug 24, 2022
cba60bf
Merge branch 'main' of github.com:elastic/kibana into alert-per-entit…
madirey Aug 24, 2022
105f364
comments
madirey Aug 24, 2022
7933ba4
Do more things
madirey Aug 24, 2022
1d852bc
WIP
marshallmain Sep 26, 2022
ff176f2
Merge branch 'main' of github.com:elastic/kibana into alert-throttling
marshallmain Sep 26, 2022
6cf5285
WIP
marshallmain Sep 27, 2022
a2c1629
First implementation of backend
marshallmain Sep 28, 2022
39a94b6
Investigate throttled alert in timeline, add field to UI
marshallmain Sep 30, 2022
f1c3ff6
[CI] Auto-commit changed files from 'node scripts/eslint --no-cache -…
kibanamachine Oct 4, 2022
6fa3d29
Update AAD throttling field names
marshallmain Oct 6, 2022
fc1caa6
Merge branch 'main' of github.com:elastic/kibana into alert-throttling
marshallmain Oct 24, 2022
241487d
Move alertGrouping schema to correct file
marshallmain Oct 24, 2022
438dfcc
Merge branch 'main' of github.com:elastic/kibana into alert-throttling
marshallmain Oct 24, 2022
02f3e53
Add some tests
marshallmain Oct 27, 2022
9f265e8
Add test snapshot
marshallmain Oct 27, 2022
669920b
Fix saved query rule type
marshallmain Oct 27, 2022
8a1275e
Add alert_grouping in remaining places
marshallmain Oct 27, 2022
c18b67b
Remove old grouping integration test
marshallmain Oct 27, 2022
395df7a
Fix another type
marshallmain Oct 27, 2022
f7e6817
Misc fixes
marshallmain Oct 29, 2022
f315467
Fix state returning from query executor
marshallmain Oct 29, 2022
75551bc
Merge branch 'main' into alert-throttling
marshallmain Oct 29, 2022
7f87e7b
Fix state return, alertTimestampOverride merge conflicts
marshallmain Oct 31, 2022
665142e
Merge branch 'main' into alert-throttling
marshallmain Nov 1, 2022
4350c77
Combine query and saved query files
marshallmain Nov 1, 2022
16bfd4f
Move alert throttle fields to rule registry
marshallmain Nov 1, 2022
d714131
Fix imports
marshallmain Nov 1, 2022
82c1bae
Fix more imports
marshallmain Nov 1, 2022
79e77e3
Update test
marshallmain Nov 1, 2022
93566e8
Merge branch 'main' into alert-throttling
marshallmain Nov 1, 2022
7452fd7
Change throttling references to suppression
marshallmain Nov 2, 2022
d4e4e6c
Add jsdoc comment
marshallmain Nov 2, 2022
dad1f69
Rename throttlign to suppression in more places
marshallmain Nov 7, 2022
0650f11
Update snapshot
marshallmain Nov 7, 2022
079e934
Fix rule suppression bucket state and add grouping fields limit
marshallmain Nov 8, 2022
1b45b4b
Add server side license check for alert suppression
marshallmain Nov 9, 2022
310146b
Merge branch 'main' into alert-throttling
marshallmain Nov 9, 2022
b84b679
Renaming suppression.count to suppression.docs_count
marshallmain Nov 9, 2022
9929a13
Subtract 1 from bucket count
marshallmain Nov 9, 2022
a0e2619
Merge branch 'main' into alert-throttling
marshallmain Nov 9, 2022
66fda9d
[CI] Auto-commit changed files from 'node scripts/eslint --no-cache -…
kibanamachine Nov 9, 2022
d757582
Add runtime license check for suppression
marshallmain Nov 10, 2022
2df10e9
Fix test snapshot
marshallmain Nov 14, 2022
65cc647
Rule create/edit/details licensing UX
marshallmain Nov 14, 2022
454d672
Revert "Add server side license check for alert suppression"
marshallmain Nov 14, 2022
3823357
Merge branch 'main' into alert-throttling
marshallmain Nov 14, 2022
f8b4250
Fix description step tests
marshallmain Nov 14, 2022
135944e
Limit group by fields to aggregatable fields
marshallmain Nov 14, 2022
534c896
Add layers icon in rule name, fix details
marshallmain Nov 15, 2022
5d88e35
Fix incorrect i18n names
marshallmain Nov 15, 2022
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Some tests
  • Loading branch information
madirey committed Aug 11, 2022
commit 674776c326ecf4bbdc93b08c22e210152055deb3
Original file line number Diff line number Diff line change
@@ -5,4 +5,44 @@
* 2.0.
*/

// TODO
import type { estypes } from '@elastic/elasticsearch';
import { TIMESTAMP } from '@kbn/rule-data-utils';
import { buildGroupByFieldAggregation } from './build_group_by_field_aggregation';

describe('build_group_by_field_aggregation', () => {
it('Build Group-by-field aggregation', () => {
const groupByFields = ['host,name'];
const maxSignals = 100;
const sort: estypes.Sort = [
{
[TIMESTAMP]: {
order: 'desc',
unmapped_type: 'date',
},
},
];

const agg = buildGroupByFieldAggregation({
groupByFields,
maxSignals,
sort,
});
expect(agg).toEqual({
eventGroups: {
terms: {
field: groupByFields[0],
size: maxSignals,
min_doc_count: 1,
},
aggs: {
topHits: {
top_hits: {
sort,
size: maxSignals,
},
},
},
},
});
});
});

This file was deleted.

This file was deleted.

Original file line number Diff line number Diff line change
@@ -16,7 +16,7 @@ import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey';

import { getFilter } from '../get_filter';
import { searchAfterAndBulkCreate } from '../search_after_bulk_create';
import { groupAndBulkCreate } from '../group_and_bulk_create';
import { groupAndBulkCreate } from '../alert_grouping/group_and_bulk_create';
import type { RuleRangeTuple, BulkCreate, WrapHits } from '../types';
import type { ITelemetryEventsSender } from '../../../telemetry/sender';
import type {