Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Security Solution] Siem signals -> alerts as data field and index al…
…iases (#106049) * Add aliases mapping signal fields to alerts as data fields * Add aliases mapping alerts as data fields to signal fields * Replace siem signals templates per space and add AAD index aliases to siem signals indices * Remove first version of new mapping json file * Convert existing legacy siem-signals templates to new ES templates * Catch 404 if siem signals templates were already updated * Enhance error message when index exists but is not write index for alias * Check if alias write index exists before creating new write index * More robust write target creation logic * Add RBAC required fields for AAD to siem signals indices * Fix index name in index mapping update * Throw errors if bulk retry fails or existing indices are not writeable * Add new template to routes even without experimental rule registry flag enabled * Check template version before updating template * First pass at modifying routes to handle inserting field aliases * Always insert field aliases when create_index_route is called * Update snapshot test * Remove template update logic from plugin setup * Use aliases_version field to detect if aliases need update * Fix bugs * oops update snapshot * Use internal user for PUT alias to fix perms issue * Update comment * Disable new resource creation if ruleRegistryEnabled * Only attempt to add aliases if siem-signals index already exists * Fix types, add aliases to aad indices, use package field names * Undo adding aliases to AAD indices * Remove unused import * Update test and snapshot oops * Filter out kibana.* fields from generated signals * Update cypress test to account for new fields in table * Properly handle space ids with dashes in them Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> # Conflicts: # x-pack/plugins/security_solution/cypress/ccs_integration/detection_alerts/alerts_details.spec.ts # x-pack/plugins/security_solution/cypress/integration/detection_alerts/alerts_details.spec.ts
- Loading branch information