Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[8.x] [Security Solution][Endpoint] Ensure that DS indices for response actions are created prior to sending action to Endpoint (#196953) #197901

Merged
merged 2 commits into from
Oct 28, 2024
Merged

[8.x] [Security Solution][Endpoint] Ensure that DS indices for response actions are created prior to sending action to Endpoint (#196953) #197901

merged 2 commits into from
Oct 28, 2024

Conversation

paul-tavares
Copy link
Contributor

@paul-tavares
[Security Solution][Endpoint] Ensure that DS indices for response act…
e70d96b 
…ions are created prior to sending action to Endpoint (elastic#196953)

## Summary

PR adds changes to Security Solution so that DOT indices (restricted in
Serverless) are created in Kibana prior to Elastic Defend (Endpoint)
attempting to stream documents to these indices. The indices that are
now created in kibana are:

- `.logs-endpoint.diagnostic.collection-<namespace_from_policy>`
- `.logs-endpoint.action.responses-<namespace_from_policy>`
- `.logs-endpoint.heartbeat-<namespace_from_policy>` _(⚠️ created only
in serverless only)_

### Fleet changes:

- Added support for the following two server-side extension points:
- `packagePolicyPostUpdate` : callbacks invoked after an integration
policy has been updated successfully
- `agentPolicyPostUpdate` : callbacks invoked after an agent policy has
been updated successfully

### Security Solution:

- Logic was added to the following Fleet server-side extension points
that checks if the necessary indices exist and if not, it creates them:
    - After creating an Elastic Defend integration policy
    - After updating an Elastic Defend integration policy
- After updating a Fleet Agent Policy that includes Elastic Defend
integration policy

(cherry picked from commit ae9c0d3)

# Conflicts:
#	x-pack/plugins/fleet/server/services/agent_policy.ts
@paul-tavares paul-tavares requested review from a team as code owners October 25, 2024 20:01
@paul-tavares paul-tavares requested review from pzl and gergoabraham and removed request for a team October 25, 2024 20:01
@paul-tavares paul-tavares enabled auto-merge (squash) October 25, 2024 20:01
@botelastic botelastic bot added the Team:Fleet Team label for Observability Data Collection Fleet team label Oct 25, 2024
@paul-tavares paul-tavares mentioned this pull request Oct 25, 2024
Merged
1 task
@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Team:Fleet)

@paul-tavares paul-tavares merged commit 61e17b1 into elastic:8.x Oct 28, 2024
36 checks passed
@elasticmachine
Copy link
Contributor

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #48 / console app misc console behavior keyboard shortcuts open documentation should open documentation when Ctrl+/ is pressed

Metrics [docs]

Public APIs missing exports

Total count of every type that is part of your API that should be exported but is not. This will cause broken links in the API documentation system. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats exports for more detailed information.

id before after diff
fleet 75 79 +4

History

@paul-tavares paul-tavares deleted the backport/8.x/pr-196953 branch October 28, 2024 14:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gergoabraham gergoabraham gergoabraham approved these changes

@pzl pzl pzl approved these changes

Assignees
No one assigned
Labels
backport Team:Fleet Team label for Observability Data Collection Fleet team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@paul-tavares @elasticmachine @pzl @gergoabraham