Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[7.x] [Security] Alert Telemetry for the Security app (#77200) #79031

Merged
merged 1 commit into from
Oct 1, 2020

Conversation

tsg
Copy link
Contributor

@tsg tsg commented Sep 30, 2020

Backports the following commits to 7.x:

This adds a `TelemetryEventsSender` component that can be used to publish Endpoint alerts to our Telemetry service. The alerts are filtered by a set of allowed fields (for PII) and batched in a queue to be sent once per minute. There is a cap of 100 alerts per minute to be sent. The component respects the telemetry opt-in status and enriches the alerts with the cluster ID and name.

The Detection Engine is slightly modified to send endpoint telemetry events via the `TelemetryEventsSender`. Only the "custom query" rule type is modified because that's the only one that can create Endpoint Alerts.

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: Garrett Spong <spong@users.noreply.github.com>
@tsg tsg added the backport label Sep 30, 2020
@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

distributable file count

id value diff baseline
default 47573 +2 47571

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@tsg tsg merged commit b498778 into elastic:7.x Oct 1, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants