diff --git a/x-pack/plugins/security_solution/common/experimental_features.ts b/x-pack/plugins/security_solution/common/experimental_features.ts index b6a0724faebed..4fd1b00ae3bee 100644 --- a/x-pack/plugins/security_solution/common/experimental_features.ts +++ b/x-pack/plugins/security_solution/common/experimental_features.ts @@ -21,6 +21,7 @@ export const allowedExperimentalValues = Object.freeze({ uebaEnabled: false, disableIsolationUIPendingStatuses: false, riskyHostsEnabled: false, + pendingActionResponsesWithAck: true, }); type ExperimentalConfigKeys = Array; diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/actions/status.ts b/x-pack/plugins/security_solution/server/endpoint/routes/actions/status.ts index 4ba03bf220c21..32c709aef2b87 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/status.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/status.ts @@ -50,7 +50,8 @@ export const actionStatusRequestHandler = function ( const response = await getPendingActionCounts( esClient, endpointContext.service.getEndpointMetadataService(), - agentIDs + agentIDs, + endpointContext.experimentalFeatures.pendingActionResponsesWithAck ); return res.ok({ diff --git a/x-pack/plugins/security_solution/server/endpoint/services/actions.ts b/x-pack/plugins/security_solution/server/endpoint/services/actions.ts index 5dcaca6c2c4cc..118249480a019 100644 --- a/x-pack/plugins/security_solution/server/endpoint/services/actions.ts +++ b/x-pack/plugins/security_solution/server/endpoint/services/actions.ts @@ -186,7 +186,8 @@ export const getPendingActionCounts = async ( esClient: ElasticsearchClient, metadataService: EndpointMetadataService, /** The Fleet Agent IDs to be checked */ - agentIDs: string[] + agentIDs: string[], + isPendingActionResponsesWithAckEnabled: boolean ): Promise => { // retrieve the unexpired actions for the given hosts const recentActions = await esClient @@ -239,7 +240,8 @@ export const getPendingActionCounts = async ( }); const pendingActions: EndpointAction[] = recentActions.filter((action) => { - return ackResponseActionIdList.includes(action.action_id) // if has ack + return isPendingActionResponsesWithAckEnabled && + ackResponseActionIdList.includes(action.action_id) // if has ack ? hasNoEndpointResponse({ action, agentId, indexedActionIds }) // then find responses in new index : hasNoFleetResponse({ // else use the legacy way diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/helpers.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/helpers.ts index fbc51aa0360ce..918d3aadfd6e8 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/helpers.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/helpers.ts @@ -209,7 +209,8 @@ export const getHostEndpoint = async ( ? getPendingActionCounts( esClient.asInternalUser, endpointContext.service.getEndpointMetadataService(), - [fleetAgentId] + [fleetAgentId], + endpointContext.experimentalFeatures.pendingActionResponsesWithAck ) .then((results) => { return results[0].pending_actions;