Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't trigger summary actions when there are no alerts to report #156421

Merged
merged 1 commit into from
May 3, 2023

Conversation

ersin-erdal
Copy link
Contributor

@ersin-erdal ersin-erdal commented May 2, 2023

Resolves: #155708

Currently we always trigger summary actions on custom interval even if there are no alerts to report.
This PR changes this behaviour to skip summary actions when there are no alerts.

To verify

Create a Security Rule with a summary action that is on custom interval (Summary of alerts -> Custom Frequency)
Add an alerts filter to filter out all the alerts (e.g. by using host name that doesn't exist)
Expect the summary action not to be triggered.

@ersin-erdal ersin-erdal added release_note:fix Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) v8.8.0 v8.9.0 labels May 2, 2023
@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Unknown metric groups

ESLint disabled line counts

id before after diff
enterpriseSearch 19 21 +2
securitySolution 399 402 +3
total +5

Total ESLint disabled count

id before after diff
enterpriseSearch 20 22 +2
securitySolution 479 482 +3
total +5

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@ersin-erdal ersin-erdal marked this pull request as ready for review May 2, 2023 18:59
@ersin-erdal ersin-erdal requested a review from a team as a code owner May 2, 2023 18:59
@elasticmachine
Copy link
Contributor

Pinging @elastic/response-ops (Team:ResponseOps)

Copy link
Contributor

@doakalexi doakalexi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@ersin-erdal ersin-erdal merged commit 506806f into elastic:main May 3, 2023
@ersin-erdal ersin-erdal deleted the 155708-filter-summary-alerts branch May 3, 2023 19:15
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request May 3, 2023
…stic#156421)

Resolves: elastic#155708

Currently we always trigger summary actions on custom interval even if
there are no alerts to report.
This PR changes this behaviour to skip summary actions when there are no
alerts.

## To verify
Create a Security Rule with a summary action that is on custom interval
(`Summary of alerts` -> `Custom Frequency`)
Add an alerts filter to filter out all the alerts (e.g. by using host
name that doesn't exist)
Expect the summary action not to be triggered.

(cherry picked from commit 506806f)
@kibanamachine
Copy link
Contributor

💚 All backports created successfully

Status Branch Result
8.8

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

kibanamachine added a commit that referenced this pull request May 3, 2023
#156421) (#156617)

# Backport

This will backport the following commits from `main` to `8.8`:
- [Don't trigger summary actions when there are no alerts to report
(#156421)](#156421)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Ersin
Erdal","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-05-03T19:15:01Z","message":"Don't
trigger summary actions when there are no alerts to report
(#156421)\n\nResolves: #155708\r\n\r\nCurrently we always trigger
summary actions on custom interval even if\r\nthere are no alerts to
report.\r\nThis PR changes this behaviour to skip summary actions when
there are no\r\nalerts.\r\n\r\n## To verify\r\nCreate a Security Rule
with a summary action that is on custom interval\r\n(`Summary of alerts`
-> `Custom Frequency`)\r\nAdd an alerts filter to filter out all the
alerts (e.g. by using host\r\nname that doesn't exist)\r\nExpect the
summary action not to be
triggered.","sha":"506806fee7f374205d98995a2754a0d296fbebb0","branchLabelMapping":{"^v8.9.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:ResponseOps","v8.8.0","v8.9.0"],"number":156421,"url":"https://github.com/elastic/kibana/pull/156421","mergeCommit":{"message":"Don't
trigger summary actions when there are no alerts to report
(#156421)\n\nResolves: #155708\r\n\r\nCurrently we always trigger
summary actions on custom interval even if\r\nthere are no alerts to
report.\r\nThis PR changes this behaviour to skip summary actions when
there are no\r\nalerts.\r\n\r\n## To verify\r\nCreate a Security Rule
with a summary action that is on custom interval\r\n(`Summary of alerts`
-> `Custom Frequency`)\r\nAdd an alerts filter to filter out all the
alerts (e.g. by using host\r\nname that doesn't exist)\r\nExpect the
summary action not to be
triggered.","sha":"506806fee7f374205d98995a2754a0d296fbebb0"}},"sourceBranch":"main","suggestedTargetBranches":["8.8"],"targetPullRequestStates":[{"branch":"8.8","label":"v8.8.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.9.0","labelRegex":"^v8.9.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/156421","number":156421,"mergeCommit":{"message":"Don't
trigger summary actions when there are no alerts to report
(#156421)\n\nResolves: #155708\r\n\r\nCurrently we always trigger
summary actions on custom interval even if\r\nthere are no alerts to
report.\r\nThis PR changes this behaviour to skip summary actions when
there are no\r\nalerts.\r\n\r\n## To verify\r\nCreate a Security Rule
with a summary action that is on custom interval\r\n(`Summary of alerts`
-> `Custom Frequency`)\r\nAdd an alerts filter to filter out all the
alerts (e.g. by using host\r\nname that doesn't exist)\r\nExpect the
summary action not to be
triggered.","sha":"506806fee7f374205d98995a2754a0d296fbebb0"}}]}]
BACKPORT-->

Co-authored-by: Ersin Erdal <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
release_note:fix Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) v8.8.0 v8.9.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Response Ops][Alerting] Should we send summary notifications when there are no alerts to report
5 participants