[Security Solution][Detections] Ensure ML Detection Rules/Jobs function with introduction of Space Aware ML Jobs #82553
Assignees
Labels
chore
Feature:Detection Rules
Security Solution rules and Detection Engine
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
v7.11.0
Comments
spong
added
chore
Feature:Detection Rules
|
A few updates here: TL;DR: this all works, but I don't believe there's any UI to distinguish space-aware from -agnostic (aka global, '*' space) jobs, which is potentially confusing to the user.
Potential UX improvements
A global and a space-specific job in the Jobs table (expanded views are similarly identical): A global and a space-specific job in the ML Popover: |
|
@jgowdyelastic RE the above: is there a way to determine the space of the job in the ML UI that I've overlooked? |
|
Thanks @jgowdyelastic, I knew I'd seen that data somewhere! @spong here's what that looks like: 
|
|
Closing this issue as this functionality has been shipped and verified. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
With the introduction of Space Aware ML Jobs (#77916), there will be a few tweaks we'll need to do on the Detections side to ensure everything continues to function as intended. Since new jobs will be scoped to the current space when created, we'll need to update these requests to specify that the new jobs be scoped to the
*space to maintain the current behavior of ML Rules/Jobs between spaces.Additionally, since we're sticking to global ML Jobs for this release, ML may potentially add a warning to the ML Job/Spaces UI to warn users that they may break existing Detection Rules when changing the configured space for ML Jobs with the
securitygroup.The text was updated successfully, but these errors were encountered: