[Security Solution][Detecttions] Indicator enrichment tweaks #92989
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We still need mappings and to fix integration tests, but this generates the correct data.
rylnd
added
v8.0.0
v7.12.0
Team:Detections and Resp
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
@elasticmachine merge upstream |
💛 Build succeeded, but was flaky
Test FailuresKibana Pipeline / general / adds correctly a filter to the global search bar.SearchBar adds correctly a filter to the global search barStack TraceMetrics [docs]Async chunks
Page load bundle
History
To update your PR or re-run it, just comment with: cc @rylnd |
rylnd
added a commit
to rylnd/kibana
that referenced
this pull request
Mar 1, 2021
…#92989) * Update copy of rule config * Encode threat index as part of our named query * Add index to named query, and enrich both id and index We still need mappings and to fix integration tests, but this generates the correct data. * Update integration tests with new enrichment fields Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
This was referenced Mar 1, 2021
rylnd
added a commit
to rylnd/kibana
that referenced
this pull request
Mar 1, 2021
…#92989) * Update copy of rule config * Encode threat index as part of our named query * Add index to named query, and enrich both id and index We still need mappings and to fix integration tests, but this generates the correct data. * Update integration tests with new enrichment fields Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
rylnd
added a commit
that referenced
this pull request
Mar 1, 2021
…#93120) * Update copy of rule config * Encode threat index as part of our named query * Add index to named query, and enrich both id and index We still need mappings and to fix integration tests, but this generates the correct data. * Update integration tests with new enrichment fields Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
rylnd
added a commit
that referenced
this pull request
Mar 1, 2021
…#93121) * Update copy of rule config * Encode threat index as part of our named query * Add index to named query, and enrich both id and index We still need mappings and to fix integration tests, but this generates the correct data. * Update integration tests with new enrichment fields Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
jloleysens
added a commit
that referenced
this pull request
Mar 3, 2021
… ilm/rollup-v2-action * 'ilm/rollup-v2-action' of github.com:elastic/kibana: (30 commits) Fix expanding document when using saved search data grid (#92999) [SECURITY SOLUTIONS] Bug case connector (#93104) [Security Solution] [Timeline] Bugfix to include unmapped fields in the timeline event details JSON (#92025) [Alerting][Docs] Changed alerting documentation to point to a single source of explaining the configurations. (#92942) [APM] Fix hidden search bar in error pages while loading (#84476) (#93139) [DOCS] Fixes links for machine learning alerts (#92744) [Security Solution][Detections] -Fixes rule edit flow bug with max_signals (#92748) [SecuritySolution][Case] Disable cases on detections in read-only mode (#93010) [Security Solution][Case][Bug] Prevent closing collection when pushing (#93095) [Security Solution][Detections][7.12] Critical Threshold Rule Fixes (#92667) Bump ems landing page to 7.12 (#93065) [App Search] Implement various Relevance Tuning states and form actions (#92644) [actions] for simplistic email servers, set rejectUnauthorized to false (#91760) [Security Solution][Case] Migrate category & subcategory fields of ServiceNow ITSM connector (#93092) Hide instances latency distribution chart (#92869) [Maps] fix MapboxDraw import from pointing to dist just pointing to folder (#93087) [Maps] fix results trimmed tooltip message doubles feature count for line and polygon features (#92932) [Security Solution][Detecttions] Indicator enrichment tweaks (#92989) [Maps] fix fit to data on heatmap not working (#92697) [Security Solution][Endpoint][Admin] Fixes policy sticky footer save test (#92919) ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Some minor tweaks for 7.12 indicator enrichment:
match.idandmatch.indexChecklist
Delete any items that are not applicable to this PR.
For maintainers