-
Notifications
You must be signed in to change notification settings - Fork 8.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Signal scores are not mapped as float. #63343
Comments
Pinging @elastic/siem (Team:SIEM) |
@MadameSheema this is currently being worked for 7.9 by @marshallmain |
@jamesspi I'm testing out a possible fix for this issue. Do you have an example query I can test with that would be useful to run on |
Also, following up on the discussion in the security detections sync today to summarize and expand on the list of app features that break when changing the mapping of
|
Hey @marshallmain, mainly it would be queries like "sum of the risk score for host x over this time period", and, this will also give us the ability to run metrics based machine learning jobs - "this host typically never has a risk score of 100". Does that make sense? |
Kibana version: 7.6.2
Elasticsearch version: 7.6.2
Server OS version: ESS
Describe the bug: signal.rule.risk_score is mapped as text
Steps to reproduce:
Expected behavior: This should be mapped as float to allow users to run mathematical calculations, as well as conform to ECS.
Screenshots (if relevant):
The text was updated successfully, but these errors were encountered: