[Security Solution] Cleanup endpoint telemetry #71950
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
michaelolo24
force-pushed
the
optimize-endpoint-telemetry
branch
from
b502aa4 to
bba51b4
Compare
michaelolo24
force-pushed
the
optimize-endpoint-telemetry
branch
from
bba51b4 to
9175e9e
Compare
michaelolo24
commented
Jul 16, 2020
| @@ -69,13 +71,14 @@ export const getDefaultEndpointTelemetry = (): EndpointUsage => ({ | |||
| }); | |||
|
|
|||
| /** | |||
| * @description this fun | |||
| * @description this function updates the os telemetry. We use the fullName field as the key as it contains the name and version details. | |||
There was a problem hiding this comment.
@oatkiller fixed 😆
michaelolo24
commented
Jul 16, 2020
| type: AGENT_EVENT_SAVED_OBJECT_TYPE, | ||
| filter: `${AGENT_EVENT_SAVED_OBJECT_TYPE}.attributes.agent_id: ${agentId} and ${AGENT_EVENT_SAVED_OBJECT_TYPE}.attributes.message: "${FLEET_ENDPOINT_PACKAGE_CONSTANT}"`, |
There was a problem hiding this comment.
removed that initial agent.id check as it's redundant giving the search and searchFields parameters below
michaelolo24
commented
Jul 16, 2020
| @@ -29,9 +37,11 @@ export const getLatestFleetEndpointEvent = async ( | |||
| agentId: string | |||
| ) => | |||
| savedObjectsClient.find<AgentEventSOAttributes>({ | |||
| // Get the most recent endpoint event. | |||
There was a problem hiding this comment.
@oatkiller, after speaking with @rudolf yesterday, there doesn't seem to be a way we can really batch this. I.e. we cannot say "given a list of agent id's, give me the most recent event for each id".
Thinking about it more, we may be able to say, "give me every event for each of these agent id's using an or in the filter, but that would be a massive response to then filter". This will definitely need perf testing
michaelolo24
commented
Jul 16, 2020
| endpointTelemetry: EndpointUsage | ||
| ): Promise<EndpointUsage> => { | ||
| const updatedEndpointTelemetry = { ...endpointTelemetry }; | ||
| export const updateEndpointDailyActiveCount = ( |
There was a problem hiding this comment.
@oatkiller, moved the daily count logic here
michaelolo24
commented
Jul 16, 2020
| if (agentId) { | ||
| let agentEvents; | ||
| try { | ||
| const response = await getLatestFleetEndpointEvent(soClient, agentId); |
There was a problem hiding this comment.
Will gladly take any suggestions people may have on optimizing this, as currently there is the potential for us to make 10000 of these requests if there are that many agents.
michaelolo24
commented
Jul 16, 2020
| } else if (isAnActiveMalwareState && failedToEnable) { | ||
| updatedPoliciesTracker.malware.failure += 1; | ||
| } | ||
|
|
There was a problem hiding this comment.
Not currently tracking the situation where an endpoint failed to turn the policy off as it's unlikely / not a high priority. Also, since we're in FF, I'm not sure if I can add an additional field to telemetry, @afharo?
There was a problem hiding this comment.
since we're in FF, I'm not sure if I can add an additional field to telemetry, @afharo?
If it's a bug, I guess you can add it. If it isn't, you'll have to wait :)
michaelolo24
changed the title
michaelolo24
added
release_note:skip
|
Pinging @elastic/endpoint-data-visibility-team (Team:Endpoint Data Visibility) |
james-elastic
approved these changes
Jul 17, 2020
|
@elasticmachine merge upstream |
💚 Build SucceededBuild metrics
History
To update your PR or re-run it, just comment with: |
michaelolo24
added a commit
to michaelolo24/kibana
that referenced
this pull request
Jul 20, 2020
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
michaelolo24
added a commit
to michaelolo24/kibana
that referenced
this pull request
Jul 20, 2020
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
michaelolo24
added a commit
to michaelolo24/kibana
that referenced
this pull request
Jul 20, 2020
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Jul 20, 2020
* master: (60 commits) [SIEM][Detection Engine][Lists] Adds list permissions (elastic#72335) [SIEM][Detection Engine][Lists] Adds conflict versioning and io-ts improvements to lists (elastic#72337) [Resolver] no longer pass related event stats to process node component (elastic#72435) Revert "skip flaky suite (elastic#72146)" [Security Solution] Cleanup endpoint telemetry (elastic#71950) Unskip dashboard embeddable rendering tests (elastic#71824) [ENDPOINT] Added unerolling status for host. (elastic#72303) [Alerting][Connectors] Increase the size of the logos (elastic#72419) [SECURITY] [Timeline] Raw events not displayed (elastic#72387) [ML] Fixes display of regression stop stats if one is NaN (elastic#72412) [Ingest Pipelines] Processor Editor Move Tooltip (elastic#72239) Fix match phrase and not match phrase comparators (elastic#71850) [Plugin Generator] Generate tsconfig and useDefaultBehaviors (elastic#72040) [Security Solution][Timeline] Fix timeline styling and createFrom beh… (elastic#72152) [Resolver] Selector performance (elastic#72380) [Ingest Manager] Set `_meta` in the index.mappings (elastic#72026) [Ingest Manager] Do not bumb config revision during config creation (elastic#72270) [ML] Adding missing index pattern name to new job wizards (elastic#72400) [ML] improve annotation flyout performance (elastic#72299) [APM] Testing error rate API and restructuring folders (elastic#72257) ...
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Jul 20, 2020
* master: (26 commits) [SIEM][Detection Engine][Lists] Adds list permissions (elastic#72335) [SIEM][Detection Engine][Lists] Adds conflict versioning and io-ts improvements to lists (elastic#72337) [Resolver] no longer pass related event stats to process node component (elastic#72435) Revert "skip flaky suite (elastic#72146)" [Security Solution] Cleanup endpoint telemetry (elastic#71950) Unskip dashboard embeddable rendering tests (elastic#71824) [ENDPOINT] Added unerolling status for host. (elastic#72303) [Alerting][Connectors] Increase the size of the logos (elastic#72419) [SECURITY] [Timeline] Raw events not displayed (elastic#72387) [ML] Fixes display of regression stop stats if one is NaN (elastic#72412) [Ingest Pipelines] Processor Editor Move Tooltip (elastic#72239) Fix match phrase and not match phrase comparators (elastic#71850) [Plugin Generator] Generate tsconfig and useDefaultBehaviors (elastic#72040) [Security Solution][Timeline] Fix timeline styling and createFrom beh… (elastic#72152) [Resolver] Selector performance (elastic#72380) [Ingest Manager] Set `_meta` in the index.mappings (elastic#72026) [Ingest Manager] Do not bumb config revision during config creation (elastic#72270) [ML] Adding missing index pattern name to new job wizards (elastic#72400) [ML] improve annotation flyout performance (elastic#72299) [APM] Testing error rate API and restructuring folders (elastic#72257) ...
michaelolo24
added a commit
that referenced
this pull request
Jul 20, 2020
michaelolo24
added a commit
that referenced
this pull request
Jul 20, 2020
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Jul 21, 2020
…feature-privileges * alerting/consumer-based-rbac: (45 commits) fixed alerts test [SIEM][Detection Engine][Lists] Adds list permissions (elastic#72335) [SIEM][Detection Engine][Lists] Adds conflict versioning and io-ts improvements to lists (elastic#72337) [Resolver] no longer pass related event stats to process node component (elastic#72435) Revert "skip flaky suite (elastic#72146)" [Security Solution] Cleanup endpoint telemetry (elastic#71950) Unskip dashboard embeddable rendering tests (elastic#71824) [ENDPOINT] Added unerolling status for host. (elastic#72303) [Alerting][Connectors] Increase the size of the logos (elastic#72419) [SECURITY] [Timeline] Raw events not displayed (elastic#72387) [ML] Fixes display of regression stop stats if one is NaN (elastic#72412) [Ingest Pipelines] Processor Editor Move Tooltip (elastic#72239) Fix match phrase and not match phrase comparators (elastic#71850) [Plugin Generator] Generate tsconfig and useDefaultBehaviors (elastic#72040) [Security Solution][Timeline] Fix timeline styling and createFrom beh… (elastic#72152) allow user to disable alert even if they dont have privileges to the underlying action [Resolver] Selector performance (elastic#72380) [Ingest Manager] Set `_meta` in the index.mappings (elastic#72026) [Ingest Manager] Do not bumb config revision during config creation (elastic#72270) [ML] Adding missing index pattern name to new job wizards (elastic#72400) ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR is to improve the logic for endpoint usage telemetry.
savedObjectsrequests to only require the necessary details for our telemetryChecklist
For maintainers