Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Entity Store] Bugfix: Double nested arrays #197589

Merged
merged 3 commits into from
Oct 24, 2024
Merged

[Entity Store] Bugfix: Double nested arrays #197589

merged 3 commits into from
Oct 24, 2024

Conversation

hop-dev
Copy link
Contributor

@hop-dev hop-dev commented Oct 24, 2024
edited by kibanamachine
Loading

Summary

Entities were appearing in the entity store with double nested arrays like below.

The issue was that the arrays changed from List to Set type and the code only checked for lists. Using Collection has fixed this.

        "_index": ".entities.v1.latest.security_host_default",
        "_id": "c03w7AZsMkm_obWF2HZEirgAAAAAAAAA",
        "_score": 1,
        "_source": {
          "host": {
            "hostname": [
              [
                "small-host-1.example.small.com"
              ]
            ],
            "domain": [
              [
                "example.small.com"
              ]
            ],
            "ip": [
              [
                "192.168.1.1",
                "192.168.1.0",
                "192.168.1.3",
                "192.168.1.2",
                "192.168.1.9",
                "192.168.1.8",
                "192.168.1.5",
                "192.168.1.4",
                "192.168.1.7",
                "192.168.1.6"
              ]
            ],
            ```

<!--ONMERGE {"backportTargets":["8.16","8.x"]} ONMERGE-->

@hop-dev hop-dev self-assigned this Oct 24, 2024
@hop-dev hop-dev added v9.0.0 Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Entity Analytics Security Entity Analytics Team v8.16.0 backport:version Backport to applied version labels v8.17.0 bug Fixes for quality problems that affect the customer experience labels Oct 24, 2024
@hop-dev hop-dev marked this pull request as ready for review October 24, 2024 10:18
@hop-dev hop-dev requested a review from a team as a code owner October 24, 2024 10:18
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-entity-analytics (Team:Entity Analytics)

CAWilson94
CAWilson94 approved these changes Oct 24, 2024
View reviewed changes
Copy link
Contributor

@CAWilson94 CAWilson94 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, nice find.

@hop-dev
Copy link
Contributor Author

hop-dev commented Oct 24, 2024

@elasticmachine merge upstream

@hop-dev hop-dev added the release_note:skip Skip the PR/issue when compiling release notes label Oct 24, 2024
@elasticmachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

✅ unchanged

History

cc @hop-dev

@hop-dev hop-dev merged commit 855456b into elastic:main Oct 24, 2024
45 checks passed
@hop-dev hop-dev deleted the bugfix-double-nested-arrays branch October 24, 2024 16:05
@kibanamachine
Copy link
Contributor

Starting backport for target branches: 8.16, 8.x

https://github.com/elastic/kibana/actions/runs/11503130723

kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Oct 24, 2024
@hop-dev
[Entity Store] Bugfix: Double nested arrays (elastic#197589)
8c4837f 
## Summary

Entities were appearing in the entity store with double nested arrays
like below.

The issue was that the arrays changed from `List` to `Set` type and the
code only checked for lists. Using `Collection` has fixed this.

```
        "_index": ".entities.v1.latest.security_host_default",
        "_id": "c03w7AZsMkm_obWF2HZEirgAAAAAAAAA",
        "_score": 1,
        "_source": {
          "host": {
            "hostname": [
              [
                "small-host-1.example.small.com"
              ]
            ],
            "domain": [
              [
                "example.small.com"
              ]
            ],
            "ip": [
              [
                "192.168.1.1",
                "192.168.1.0",
                "192.168.1.3",
                "192.168.1.2",
                "192.168.1.9",
                "192.168.1.8",
                "192.168.1.5",
                "192.168.1.4",
                "192.168.1.7",
                "192.168.1.6"
              ]
            ],
            ```

---------

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
(cherry picked from commit 855456b)
@kibanamachine kibanamachine mentioned this pull request Oct 24, 2024
Merged
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Oct 24, 2024
@hop-dev
[Entity Store] Bugfix: Double nested arrays (elastic#197589)
4ebe36b 
## Summary

Entities were appearing in the entity store with double nested arrays
like below.

The issue was that the arrays changed from `List` to `Set` type and the
code only checked for lists. Using `Collection` has fixed this.

```
        "_index": ".entities.v1.latest.security_host_default",
        "_id": "c03w7AZsMkm_obWF2HZEirgAAAAAAAAA",
        "_score": 1,
        "_source": {
          "host": {
            "hostname": [
              [
                "small-host-1.example.small.com"
              ]
            ],
            "domain": [
              [
                "example.small.com"
              ]
            ],
            "ip": [
              [
                "192.168.1.1",
                "192.168.1.0",
                "192.168.1.3",
                "192.168.1.2",
                "192.168.1.9",
                "192.168.1.8",
                "192.168.1.5",
                "192.168.1.4",
                "192.168.1.7",
                "192.168.1.6"
              ]
            ],
            ```

---------

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
(cherry picked from commit 855456b)
@kibanamachine kibanamachine mentioned this pull request Oct 24, 2024
Merged
@kibanamachine
Copy link
Contributor

💚 All backports created successfully

Status Branch Result
8.16
8.x

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

kibanamachine added a commit that referenced this pull request Oct 24, 2024
@kibanamachine @hop-dev
[8.16] [Entity Store] Bugfix: Double nested arrays (#197589) (#197682)
a3c1646 
# Backport

This will backport the following commits from `main` to `8.16`:
- [[Entity Store] Bugfix: Double nested arrays
(#197589)](#197589)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Mark
Hopkin","email":"mark.hopkin@elastic.co"},"sourceCommit":{"committedDate":"2024-10-24T16:05:09Z","message":"[Entity
Store] Bugfix: Double nested arrays (#197589)\n\n##
Summary\r\n\r\nEntities were appearing in the entity store with double
nested arrays\r\nlike below.\r\n\r\nThe issue was that the arrays
changed from `List` to `Set` type and the\r\ncode only checked for
lists. Using `Collection` has fixed this.\r\n\r\n```\r\n \"_index\":
\".entities.v1.latest.security_host_default\",\r\n \"_id\":
\"c03w7AZsMkm_obWF2HZEirgAAAAAAAAA\",\r\n \"_score\": 1,\r\n
\"_source\": {\r\n \"host\": {\r\n \"hostname\": [\r\n [\r\n
\"small-host-1.example.small.com\"\r\n ]\r\n ],\r\n \"domain\": [\r\n
[\r\n \"example.small.com\"\r\n ]\r\n ],\r\n \"ip\": [\r\n [\r\n
\"192.168.1.1\",\r\n \"192.168.1.0\",\r\n \"192.168.1.3\",\r\n
\"192.168.1.2\",\r\n \"192.168.1.9\",\r\n \"192.168.1.8\",\r\n
\"192.168.1.5\",\r\n \"192.168.1.4\",\r\n \"192.168.1.7\",\r\n
\"192.168.1.6\"\r\n ]\r\n ],\r\n
```\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"855456b3bf26204c9a32008a1bc538d9c63b5190","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","v9.0.0","Team:
SecuritySolution","Team:Entity
Analytics","v8.16.0","backport:version","v8.17.0"],"title":"[Entity
Store] Bugfix: Double nested
arrays","number":197589,"url":"https://github.com/elastic/kibana/pull/197589","mergeCommit":{"message":"[Entity
Store] Bugfix: Double nested arrays (#197589)\n\n##
Summary\r\n\r\nEntities were appearing in the entity store with double
nested arrays\r\nlike below.\r\n\r\nThe issue was that the arrays
changed from `List` to `Set` type and the\r\ncode only checked for
lists. Using `Collection` has fixed this.\r\n\r\n```\r\n \"_index\":
\".entities.v1.latest.security_host_default\",\r\n \"_id\":
\"c03w7AZsMkm_obWF2HZEirgAAAAAAAAA\",\r\n \"_score\": 1,\r\n
\"_source\": {\r\n \"host\": {\r\n \"hostname\": [\r\n [\r\n
\"small-host-1.example.small.com\"\r\n ]\r\n ],\r\n \"domain\": [\r\n
[\r\n \"example.small.com\"\r\n ]\r\n ],\r\n \"ip\": [\r\n [\r\n
\"192.168.1.1\",\r\n \"192.168.1.0\",\r\n \"192.168.1.3\",\r\n
\"192.168.1.2\",\r\n \"192.168.1.9\",\r\n \"192.168.1.8\",\r\n
\"192.168.1.5\",\r\n \"192.168.1.4\",\r\n \"192.168.1.7\",\r\n
\"192.168.1.6\"\r\n ]\r\n ],\r\n
```\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"855456b3bf26204c9a32008a1bc538d9c63b5190"}},"sourceBranch":"main","suggestedTargetBranches":["8.16","8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/197589","number":197589,"mergeCommit":{"message":"[Entity
Store] Bugfix: Double nested arrays (#197589)\n\n##
Summary\r\n\r\nEntities were appearing in the entity store with double
nested arrays\r\nlike below.\r\n\r\nThe issue was that the arrays
changed from `List` to `Set` type and the\r\ncode only checked for
lists. Using `Collection` has fixed this.\r\n\r\n```\r\n \"_index\":
\".entities.v1.latest.security_host_default\",\r\n \"_id\":
\"c03w7AZsMkm_obWF2HZEirgAAAAAAAAA\",\r\n \"_score\": 1,\r\n
\"_source\": {\r\n \"host\": {\r\n \"hostname\": [\r\n [\r\n
\"small-host-1.example.small.com\"\r\n ]\r\n ],\r\n \"domain\": [\r\n
[\r\n \"example.small.com\"\r\n ]\r\n ],\r\n \"ip\": [\r\n [\r\n
\"192.168.1.1\",\r\n \"192.168.1.0\",\r\n \"192.168.1.3\",\r\n
\"192.168.1.2\",\r\n \"192.168.1.9\",\r\n \"192.168.1.8\",\r\n
\"192.168.1.5\",\r\n \"192.168.1.4\",\r\n \"192.168.1.7\",\r\n
\"192.168.1.6\"\r\n ]\r\n ],\r\n
```\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"855456b3bf26204c9a32008a1bc538d9c63b5190"}},{"branch":"8.16","label":"v8.16.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.x","label":"v8.17.0","branchLabelMappingKey":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Mark Hopkin <mark.hopkin@elastic.co>
kibanamachine added a commit that referenced this pull request Oct 24, 2024
@kibanamachine @hop-dev
[8.x] [Entity Store] Bugfix: Double nested arrays (#197589) (#197683)
0f4ec5d 
# Backport

This will backport the following commits from `main` to `8.x`:
- [[Entity Store] Bugfix: Double nested arrays
(#197589)](#197589)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Mark
Hopkin","email":"mark.hopkin@elastic.co"},"sourceCommit":{"committedDate":"2024-10-24T16:05:09Z","message":"[Entity
Store] Bugfix: Double nested arrays (#197589)\n\n##
Summary\r\n\r\nEntities were appearing in the entity store with double
nested arrays\r\nlike below.\r\n\r\nThe issue was that the arrays
changed from `List` to `Set` type and the\r\ncode only checked for
lists. Using `Collection` has fixed this.\r\n\r\n```\r\n \"_index\":
\".entities.v1.latest.security_host_default\",\r\n \"_id\":
\"c03w7AZsMkm_obWF2HZEirgAAAAAAAAA\",\r\n \"_score\": 1,\r\n
\"_source\": {\r\n \"host\": {\r\n \"hostname\": [\r\n [\r\n
\"small-host-1.example.small.com\"\r\n ]\r\n ],\r\n \"domain\": [\r\n
[\r\n \"example.small.com\"\r\n ]\r\n ],\r\n \"ip\": [\r\n [\r\n
\"192.168.1.1\",\r\n \"192.168.1.0\",\r\n \"192.168.1.3\",\r\n
\"192.168.1.2\",\r\n \"192.168.1.9\",\r\n \"192.168.1.8\",\r\n
\"192.168.1.5\",\r\n \"192.168.1.4\",\r\n \"192.168.1.7\",\r\n
\"192.168.1.6\"\r\n ]\r\n ],\r\n
```\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"855456b3bf26204c9a32008a1bc538d9c63b5190","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","v9.0.0","Team:
SecuritySolution","Team:Entity
Analytics","v8.16.0","backport:version","v8.17.0"],"title":"[Entity
Store] Bugfix: Double nested
arrays","number":197589,"url":"https://github.com/elastic/kibana/pull/197589","mergeCommit":{"message":"[Entity
Store] Bugfix: Double nested arrays (#197589)\n\n##
Summary\r\n\r\nEntities were appearing in the entity store with double
nested arrays\r\nlike below.\r\n\r\nThe issue was that the arrays
changed from `List` to `Set` type and the\r\ncode only checked for
lists. Using `Collection` has fixed this.\r\n\r\n```\r\n \"_index\":
\".entities.v1.latest.security_host_default\",\r\n \"_id\":
\"c03w7AZsMkm_obWF2HZEirgAAAAAAAAA\",\r\n \"_score\": 1,\r\n
\"_source\": {\r\n \"host\": {\r\n \"hostname\": [\r\n [\r\n
\"small-host-1.example.small.com\"\r\n ]\r\n ],\r\n \"domain\": [\r\n
[\r\n \"example.small.com\"\r\n ]\r\n ],\r\n \"ip\": [\r\n [\r\n
\"192.168.1.1\",\r\n \"192.168.1.0\",\r\n \"192.168.1.3\",\r\n
\"192.168.1.2\",\r\n \"192.168.1.9\",\r\n \"192.168.1.8\",\r\n
\"192.168.1.5\",\r\n \"192.168.1.4\",\r\n \"192.168.1.7\",\r\n
\"192.168.1.6\"\r\n ]\r\n ],\r\n
```\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"855456b3bf26204c9a32008a1bc538d9c63b5190"}},"sourceBranch":"main","suggestedTargetBranches":["8.16","8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/197589","number":197589,"mergeCommit":{"message":"[Entity
Store] Bugfix: Double nested arrays (#197589)\n\n##
Summary\r\n\r\nEntities were appearing in the entity store with double
nested arrays\r\nlike below.\r\n\r\nThe issue was that the arrays
changed from `List` to `Set` type and the\r\ncode only checked for
lists. Using `Collection` has fixed this.\r\n\r\n```\r\n \"_index\":
\".entities.v1.latest.security_host_default\",\r\n \"_id\":
\"c03w7AZsMkm_obWF2HZEirgAAAAAAAAA\",\r\n \"_score\": 1,\r\n
\"_source\": {\r\n \"host\": {\r\n \"hostname\": [\r\n [\r\n
\"small-host-1.example.small.com\"\r\n ]\r\n ],\r\n \"domain\": [\r\n
[\r\n \"example.small.com\"\r\n ]\r\n ],\r\n \"ip\": [\r\n [\r\n
\"192.168.1.1\",\r\n \"192.168.1.0\",\r\n \"192.168.1.3\",\r\n
\"192.168.1.2\",\r\n \"192.168.1.9\",\r\n \"192.168.1.8\",\r\n
\"192.168.1.5\",\r\n \"192.168.1.4\",\r\n \"192.168.1.7\",\r\n
\"192.168.1.6\"\r\n ]\r\n ],\r\n
```\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"855456b3bf26204c9a32008a1bc538d9c63b5190"}},{"branch":"8.16","label":"v8.16.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.x","label":"v8.17.0","branchLabelMappingKey":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Mark Hopkin <mark.hopkin@elastic.co>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@CAWilson94 CAWilson94 CAWilson94 approved these changes

@machadoum machadoum machadoum approved these changes

Assignees

@hop-dev hop-dev

Labels
backport:version Backport to applied version labels bug Fixes for quality problems that affect the customer experience release_note:skip Skip the PR/issue when compiling release notes Team:Entity Analytics Security Entity Analytics Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.16.0 v8.17.0 v9.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@hop-dev @elasticmachine @kibanamachine @machadoum @CAWilson94