Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Alerts] Refactor alert document creation logic #119926

Closed
marshallmain opened this issue Nov 30, 2021 · 2 comments
Closed

[Security Solution][Alerts] Refactor alert document creation logic #119926

marshallmain opened this issue Nov 30, 2021 · 2 comments
Assignees
@marshallmain
Labels
8.2 candidate considered, but not committed, for 8.2 release refactoring Team:Detection Alerts Security Detection Alerts Area Team Team:Detections and Resp Security Detection Response Team technical debt Improvement of the software architecture and operational architecture

Comments

@marshallmain
Copy link
Contributor

The alert document creation process is currently very complex, taking fields from multiple sources (_source, fields API response, rule params) and at different points in the rule execution flow (the Security Solution logic creates the document initially, but later on the persistence rule type logic injects more fields automatically). We should look into ways to refactor and simplify this flow, making it easier to maintain and debug issues that may arise.
@marshallmain marshallmain added refactoring v8.0.0 Team:Detection Alerts Security Detection Alerts Area Team labels Nov 30, 2021
@marshallmain marshallmain added 8.2 candidate considered, but not committed, for 8.2 release and removed 8.1 candidate labels Feb 9, 2022
@MindyRS MindyRS added the Team:Detections and Resp Security Detection Response Team label Feb 23, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@peluja1012 peluja1012 added the technical debt Improvement of the software architecture and operational architecture label Mar 24, 2022
@marshallmain marshallmain self-assigned this Mar 29, 2022
@marshallmain
Copy link
Contributor Author

Addressed by #127218

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marshallmain marshallmain

Labels
8.2 candidate considered, but not committed, for 8.2 release refactoring Team:Detection Alerts Security Detection Alerts Area Team Team:Detections and Resp Security Detection Response Team technical debt Improvement of the software architecture and operational architecture
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@peluja1012 @MindyRS @elasticmachine @marshallmain