-
Notifications
You must be signed in to change notification settings - Fork 8.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Security Solution][Detection Engine] adds alert suppression for New …
…Terms rule type (#178294) ## Summary - addresses elastic/security-team#8824 - adds alert suppression for new terms rule type - fixes `getOpenAlerts` test function, which returned closed alerts as well ### UI <img width="2294" alt="Screenshot 2024-04-02 at 12 53 26" src="https://github.com/elastic/kibana/assets/92328789/8398fba4-a06c-464b-87ef-1c5d5a18e37f"> <img width="1651" alt="Screenshot 2024-04-02 at 12 53 46" src="https://github.com/elastic/kibana/assets/92328789/971ec0da-c1d9-4c96-a4af-7cc8dfae52a4"> ### Checklist - [x] Functional changes are hidden behind a feature flag Feature flag `alertSuppressionForNewTermsRuleEnabled` - [x] Functional changes are covered with a test plan and automated tests. Test plan: elastic/security-team#9045 - [x] Stability of new and changed tests is verified using the [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner). Cypress ESS: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5547 Cypress Serverless: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5548 FTR ESS: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5596 FTR Serverless: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5597 - [ ] Comprehensive manual testing is done by two engineers: the PR author and one of the PR reviewers. Changes are tested in both ESS and Serverless. - [x] Mapping changes are accompanied by a technical design document. It can be a GitHub issue or an RFC explaining the changes. The design document is shared with and approved by the appropriate teams and individual stakeholders. Existing AlertSuppression schema field is used for New terms rule, the one that used for Query and IM rules. ```yml alert_suppression: $ref: './common_attributes.schema.yaml#/components/schemas/AlertSuppression' ``` where ```yml AlertSuppression: type: object properties: group_by: $ref: '#/components/schemas/AlertSuppressionGroupBy' duration: $ref: '#/components/schemas/AlertSuppressionDuration' missing_fields_strategy: $ref: '#/components/schemas/AlertSuppressionMissingFieldsStrategy' required: - group_by ``` - [x] Functional changes are communicated to the Docs team. A ticket or PR is opened in https://github.com/elastic/security-docs. The following information is included: any feature flags used, affected environments (Serverless, ESS, or both). elastic/security-docs#5030
- Loading branch information
Showing
65 changed files
with
4,069 additions
and
493 deletions.
There are no files selected for viewing
46 changes: 46 additions & 0 deletions
46
...erver/integration_tests/__snapshots__/serverless_upgrade_and_rollback_checks.test.ts.snap
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.