-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SIEMDPOINT] Move endpoint to siem #66907
Conversation
Pinging @elastic/endpoint-management (Team:Endpoint Management) |
Pinging @elastic/endpoint-data-visibility-team (Team:Endpoint Data Visibility) |
Pinging @elastic/siem (Team:SIEM) |
Pinging @elastic/endpoint-response (Team:Endpoint Response) |
Action Items / Debrief Here's some stuff from notes I took while working w/ @XavierM on this: Action items:Re-enable and fix testsWe kept as many tests enabled as we could. Unfortunately we did disable some. We should try and re-enable tests as soon as possible. In some cases, we may need to integrate a feature more before testing. Consolidate ‘StartDeps’.The dependencies that Endpoint needed from NP aren’t exactly the same as the ones SIEM needed. SIEM and Endpoint each had a type for these deps. We added the values that Endpoint needed to the SIEM type (and implementation.) But many places still refer to the Endpoint type. Should we have 1 type plugin-wide? Should each ‘supplugin’ define its own type? TBD UI ‘links’ are implemented in a different way in SIEM vs Endpoint.On the Endpoint side @paul-tavares implemented a way to link to places in Kibana / other routes. Let’s compare that w/ what SIEM has and consider consolidating approaches. Consider formalizing (and finishing) the 'Subplugin' idea@XavierM proposed the idea of ‘subplugins’ which divide functionality within a plugin. This was semi-implemented in the ‘public’ code, but its not there for the server side. We should define this pattern, and if we like it, argue for adopting it plugin-wide. Come to agreement on eslint rules that aren’t part of the Kibana standard.When development started on the endpoint plugin, we were advised not to deviate from the Kibana standard lint rules. The idea is that code that’s valid anywhere in Kibana should be valid everywhere. This should allow us to, for example, copy Endpoint code into SIEM w/o changing it. The SIEM team has some custom lint rules. When the Endpoint code was moved into SIEM, Xavier changed the code to meet SIEM eslint rules. Let’s discuss as a team (and perhaps w/ the Kibana arch group) these lint rules. If we deviate from Kibana in a way that affects all code in the plugin, then we should agree on those rules as a team. Explain certain Endpoint code concepts to the SIEM teamThe Endpoint code has some novel patterns. In some cases, these warrant an explanation to the SIEM team (and maybe some more docs.)
Continue adding doc comments to exports.This makes the code much easier to read and understand. IDEs can show these docs on hover. Let's make it easy to read and understand our code. Document the technical roadmap for Resolver, specifically as it relates to 'Is it an Embeddable?'The last time the broader team heard details about the technical roadmap of Resolver, 'embeddable' was said many times. Let's explain to the team what our current vision for resolver is. |
55d0615
to
1c628a1
Compare
3dd2d8f
to
8f7f736
Compare
3f532f5
to
61738b0
Compare
@elasticmachine merge upstream |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Security integration test changes (x-pack/test/api_integration/apis/security/privileges.ts
, x-pack/test/api_integration/apis/security/privileges_basic.ts
) LGTM.
/** | ||
* Host Endpoint Configuration | ||
*/ | ||
endpointResultListDefaultFirstPageIndex: schema.number({ defaultValue: 0 }), | ||
endpointResultListDefaultPageSize: schema.number({ defaultValue: 10 }), | ||
|
||
/** | ||
* Alert Endpoint Configuration | ||
*/ | ||
alertResultListDefaultDateRange: schema.object({ | ||
from: schema.string({ defaultValue: 'now-15m' }), | ||
to: schema.string({ defaultValue: 'now' }), | ||
}), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: I happened to look for the docs for these settings, and discovered that there aren't any docs for these settings (or other existing siem
plugin settings). If there's not already an open issue for it, perhaps one should be opened to ensure that docs are added for these settings.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you @jportner, I think we are going to revisit some of that and see if we still need it and if so we will document it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@XavierM @jportner Here's an existing github issue concerning the removal of these options: https://github.com/elastic/endpoint-app-team/issues/176
💚 Build SucceededHistory
To update your PR or re-run it, just comment with: |
WOOOOO |
* adds the stuff * keeps moving stuff * finishes moving the stuff * moves tests * fix type * try moving it all at once. BROKEN * move endpoint to siem * fix package coming from endpoint * missing scripts + change url * fix eslint * temporary disable functional testing for endpoint * fix api integration types * allow api integration test + comment functional test * fix internationalization * fix internationalization II * fix jest test * fix x-pack test * fix i18n * fix api integration * fix circular dependency * add new dependency to cypress test Co-authored-by: Davis Plumlee <davis.plumlee@elastic.co> Co-authored-by: oatkiller <robert.austin@elastic.co> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* [SIEMDPOINT] Move endpoint to siem (#66907) * adds the stuff * keeps moving stuff * finishes moving the stuff * moves tests * fix type * try moving it all at once. BROKEN * move endpoint to siem * fix package coming from endpoint * missing scripts + change url * fix eslint * temporary disable functional testing for endpoint * fix api integration types * allow api integration test + comment functional test * fix internationalization * fix internationalization II * fix jest test * fix x-pack test * fix i18n * fix api integration * fix circular dependency * add new dependency to cypress test Co-authored-by: Davis Plumlee <davis.plumlee@elastic.co> Co-authored-by: oatkiller <robert.austin@elastic.co> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> * miss import in cherry-pick Co-authored-by: Davis Plumlee <davis.plumlee@elastic.co> Co-authored-by: oatkiller <robert.austin@elastic.co> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* master: (33 commits) [Saved Objects] adds support for including hidden types in saved objects client (elastic#66879) [Discover] Deangularize timechart header (elastic#66532) [Discover] Improve and unskip a11y context view test (elastic#66959) [SIEM] Refactor Timeline.timelineType draft to Timeline.status draft (elastic#66864) docs: update RUM documentation link (elastic#67042) [QA] fixup coverage ingestion tests. (elastic#66905) [Metrics UI] Add support for multiple groupings to Metrics Explorer (and Alerts) (elastic#66503) [Metrics UI] Add sorting for name and value to Inventory View (elastic#66644) [Metrics UI] Change Metric Threshold Alert charts to use bar charts (elastic#66672) [Uptime] Use React.lazy for alert type registration (elastic#66829) [Reporting] Consolidate API Integration Test configs (elastic#66637) Allow histogram fields in average and sum aggregations (elastic#66891) Fix saved object share link (elastic#66771) move role reset into the top level after clause (elastic#66971) Automate the labels for any PRs affecting files for the Ingest Management team (elastic#67022) [SIEMDPOINT] Move endpoint to siem (elastic#66907) server.uuid so is not used (elastic#66963) Revert "[ci/stats] fix git metadata collection (elastic#66840)" [Uptime] Unmount uptime app properly (elastic#66950) [Visualize] Bar chart: Show missing values on chart setting (elastic#66375) ...
Pinging @elastic/security-solution (Team: SecuritySolution) |
Summary
Move endpoint to siem
Add in kibana dev config
New routes: