Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solutions][Alerting] Investigate overriding default rule timeout value #113966

Open
ymao1 opened this issue Oct 5, 2021 · 3 comments
Open

[Security Solutions][Alerting] Investigate overriding default rule timeout value #113966

ymao1 opened this issue Oct 5, 2021 · 3 comments
Labels
Team:Detections and Resp Security Detection Response Team

Comments

@ymao1
Copy link
Contributor

ymao1 commented Oct 5, 2021

With this PR, the alerting framework is now allowing individual rule types to override the default alerting task timeout of 5m. (Note that this default value is now also configurable via the kibana.yml config. The framework will be gathering telemetry on rule execution durations before deciding whether to extend the default alerting timeout value but in the meantime, individual rule types should consider whether they want to provide a longer override value.

Things to consider:

  • does this rule type have a history of poor performance (prior SDHs)
  • is there a use case for this rule type to run against frozen indices

Note that we do have an issue open to potentially allow individual rules to override the timeout but for now we are just enabling at the rule type level.
@botelastic botelastic bot added the needs-team Issues missing a team label label Oct 5, 2021
@ymao1
Copy link
Contributor Author

ymao1 commented Oct 6, 2021

When implementing this, it might be nice to have these values by configurable in the kibana.yml or advanced settings so they can be changed between releases if necessary

@stratoula stratoula added the Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) label Nov 2, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

@botelastic botelastic bot removed the needs-team Issues missing a team label label Nov 2, 2021
@mikecote mikecote added Team:Detections and Resp Security Detection Response Team and removed Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) labels Nov 2, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Team:Detections and Resp Security Detection Response Team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mikecote @ymao1 @elasticmachine @stratoula