-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Switches remaining rule types to use new Rule Preview API #116374
Changes from 30 commits
70e0bdb
5ef4af0
1965bb8
6e28d0f
963ed0d
0798046
dac95eb
e435c5d
889c057
929cd9e
f15835c
c4de39e
ec6d047
fc4bcde
9b12937
9fab7d2
5ec0fcb
28416b2
4f286f5
cb7ef5f
566e42c
e1e4094
e71b2e1
af31a21
33f97ec
5aaf91f
4145e8a
5b25b3f
9b3b2f3
a4e2aff
75fd94c
a60e3c7
5f62ed2
1505e01
0fa27da
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -39,7 +39,7 @@ export const DEFAULT_APP_TIME_RANGE = 'securitySolution:timeDefaults' as const; | |
export const DEFAULT_APP_REFRESH_INTERVAL = 'securitySolution:refreshIntervalDefaults' as const; | ||
export const DEFAULT_ALERTS_INDEX = '.alerts-security.alerts' as const; | ||
export const DEFAULT_SIGNALS_INDEX = '.siem-signals' as const; | ||
export const DEFAULT_PREVIEW_INDEX = '.siem-preview-signals' as const; | ||
export const DEFAULT_PREVIEW_INDEX = '.preview.alerts-security.alerts' as const; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. is it not possible to create these DEFAULT_ALERTS_INDEX and DEFAULT_PREVIEW_INDEX by using the logic from the rule registry server by supplying There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @ecezalp I'm not sure I follow; are you asking whether we can auto-create both of these indexes by some mechanism internal to the rule registry? E.g. // creates both the alerts index and the preview index
ruleRegistry.create('security'); ? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. What you're describing currently happens at runtime within a constructor in the rule registry plugin so there's no existing way to do that. I don't think it'd be a bad idea to do something like that down the line but for now, using this as the single source of truth for our needs seems like a solid approach |
||
export const DEFAULT_LISTS_INDEX = '.lists' as const; | ||
export const DEFAULT_ITEMS_INDEX = '.items' as const; | ||
// The DEFAULT_MAX_SIGNALS value exists also in `x-pack/plugins/cases/common/constants.ts` | ||
|
@@ -258,8 +258,6 @@ export const DETECTION_ENGINE_PREPACKAGED_RULES_STATUS_URL = | |
export const DETECTION_ENGINE_RULES_BULK_ACTION = | ||
`${DETECTION_ENGINE_RULES_URL}/_bulk_action` as const; | ||
export const DETECTION_ENGINE_RULES_PREVIEW = `${DETECTION_ENGINE_RULES_URL}/preview` as const; | ||
export const DETECTION_ENGINE_RULES_PREVIEW_INDEX_URL = | ||
`${DETECTION_ENGINE_RULES_PREVIEW}/index` as const; | ||
|
||
/** | ||
* Internal detection engine routes | ||
|
This file was deleted.
This file was deleted.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we could consider renaming the const to
INTERNAL_PREFIX
with the value ".internal" and use it on line 37 in rule_data_plugin_service/index_info.ts