Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[8.x] [Security Solution][Detection Engine] adds legacy siem signals telemetry (#202671) #203744

Merged
merged 1 commit into from
Dec 11, 2024
Merged

[8.x] [Security Solution][Detection Engine] adds legacy siem signals telemetry (#202671) #203744

merged 1 commit into from
Dec 11, 2024

Conversation

kibanamachine
Copy link
Contributor

Backport

This will backport the following commits from main to 8.x:

Questions ?

Please refer to the Backport tool documentation

@vitaliidm
[Security Solution][Detection Engine] adds legacy siem signals teleme…
4740371 
…try (elastic#202671)

## Summary

- partly addresses elastic#195523
- adds snapshot telemetry that shows number of legacy siem signals and
number of spaces they are in
- while working on PR, discovered and fixed few issues in APIs
- get migration status API did not work correctly with new `.alerts-*`
indices, listing them as outdated
- finalize migration API did account for spaces, when adding alias to
migrated index
- remove migration API failed due to lack of permissions to removed
migration task from `.tasks` index

### How to test

#### How to create legacy siem index?

run script that used for FTR tests

```bash
node scripts/es_archiver --kibana-url=http://elastic:changeme@localhost:5601 --es-url=http://elastic:changeme@localhost:9200 load x-pack/test/functional/es_archives/signals/legacy_signals_index

```
These would create legacy siem indices. But be aware, it might break
Kibana .alerts indices creation. But sufficient for testing

#### How to test snapshot telemetry

Snapshot
For snapshot telemetry use
[API](https://docs.elastic.dev/telemetry/collection/snapshot-telemetry#telemetry-usage-payload-api)
call
OR
Check snapshots in Kibana adv settings -> Global Settings Tab -> Usage
collection section -> Click on cluster data example link -> Check
`legacy_siem_signals ` fields in flyout

<details>
<summary> Snapshot telemetry </summary>

<img width="2549" alt="Screenshot 2024-12-03 at 13 08 03"
src="https://github.com/user-attachments/assets/28ffe983-01c7-4435-a82a-9a968d32d5e0">

 </details>

---------

Co-authored-by: Ryland Herrick <ryalnd@gmail.com>
(cherry picked from commit 8821e03)
@kibanamachine kibanamachine enabled auto-merge (squash) December 11, 2024 10:08
@kibanamachine kibanamachine mentioned this pull request Dec 11, 2024
Merged
@kibanamachine kibanamachine merged commit cb68426 into elastic:8.x Dec 11, 2024
11 checks passed
@elasticmachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id before after diff
@kbn/securitysolution-es-utils 76 77 +1
Unknown metric groups

API count

id before after diff
@kbn/securitysolution-es-utils 87 88 +1

ESLint disabled line counts

id before after diff
securitySolution 560 564 +4

Total ESLint disabled count

id before after diff
securitySolution 644 648 +4

cc @vitaliidm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

@vitaliidm vitaliidm

Labels
backport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kibanamachine @elasticmachine @vitaliidm