Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SIEM] [Detection engine] from signals to timeline #54769

Merged
merged 11 commits into from
Jan 15, 2020
Merged

[SIEM] [Detection engine] from signals to timeline #54769

merged 11 commits into from
Jan 15, 2020

Conversation

XavierM
Copy link
Contributor

@XavierM XavierM commented Jan 14, 2020

Summary

  • Be able to select between raw/signal event on timeline
    image
  • Be able to replace template fields from a timeline data provider. kql and filters ( see below the fields whick can act as a template)
const templateFields = [
 'host.name',
 'host.hostname',
 'host.domain',
 'host.id',
 'host.ip',
 'client.ip',
 'destination.ip',
 'server.ip',
 'source.ip',
 'network.community_id',
 'user.name',
 'process.name',
];
  • Add status on All rules page

Checklist

Use strikethroughs to remove checklist items you don't feel are applicable to this PR.

For maintainers

@XavierM XavierM self-assigned this Jan 14, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/siem (Team:SIEM)

@XavierM XavierM changed the title [SIEM] [Detection engine] form signals to timeline [SIEM] [Detection engine] from signals to timeline Jan 14, 2020
FrankHassanabad
FrankHassanabad approved these changes Jan 15, 2020
View reviewed changes
Copy link
Contributor

@FrankHassanabad FrankHassanabad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks for all the work and making all the changes requested.

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@XavierM XavierM merged commit 26bc765 into elastic:master Jan 15, 2020
@XavierM XavierM mentioned this pull request Jan 15, 2020
Merged
XavierM added a commit to XavierM/kibana that referenced this pull request Jan 15, 2020
@XavierM
[SIEM] [Detection engine] from signals to timeline (elastic#54769)
4445cc6 
* remove batch action on signals

* fix callback dependency bug

* open timeline in signals table + add a way to pick between signal and raw events in timeline

* add status on all rules

* fix i18n

* review I

* fix test
andrew-goldstein pushed a commit that referenced this pull request Jan 15, 2020
@XavierM @elasticmachine
@spong @andrew-goldstein
[SIEM] [Detection engine] from signals to timeline (#54769) (#54865)
b70df56 
* remove batch action on signals

* fix callback dependency bug

* open timeline in signals table + add a way to pick between signal and raw events in timeline

* add status on all rules

* fix i18n

* review I

* fix test

Co-authored-by: Elastic Machine <[email protected]>
Co-authored-by: Garrett Spong <[email protected]>
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jan 15, 2020
@gmmorris
Merge remote-tracking branch 'upstream/master'
bfdb1ea 
* upstream/master: (72 commits)
  [ML] Calculate model memory limit API integration tests (elastic#54557)
  Skip flakey index template component integration tests. (elastic#54878)
  Add label and icon to nested fields in the doc table (elastic#54199)
  Reverse dependency of home plugin and apm/ml/cloud (elastic#52883)
  [SIEM][Detection Engine] Order JSON keys, fix scripts, update pre-packaged rules
  update invalid snapshot
  add readme note about alerting / manage_api_key cluster privilege (elastic#54639)
  [SIEM] New Overview Page (elastic#54783)
  [Uptime] Feature/refactor context initialization (elastic#54494)
  Upgrade EUI to v18.2.0 (elastic#54786)
  [SIEM] [Detection engine] from signals to timeline (elastic#54769)
  [Index Management] Add Mappings Editor to Index Template Wizard (elastic#47562)
  [SIEM][Detection Engine] Removes deprecated filter from mapping
  [Maps] Add categorical styling (elastic#54408)
  Add mapbox-gl-rtl-text library (elastic#54842)
  [SIEM][Detection Engine] Adds actions to Rule Details (elastic#54828)
  Lexicographically sort location tags (elastic#54832)
  [Maps] expand extent filter to tile boundaries (elastic#54276)
  [Maps] Use v7.6 Elastic Maps Service API (elastic#54399)
  [DOCS] Adds monitoring setting (elastic#54819)
  ...
jkelastic pushed a commit to jkelastic/kibana that referenced this pull request Jan 17, 2020
@XavierM @jkelastic
[SIEM] [Detection engine] from signals to timeline (elastic#54769)
d7b678a 
* remove batch action on signals

* fix callback dependency bug

* open timeline in signals table + add a way to pick between signal and raw events in timeline

* add status on all rules

* fix i18n

* review I

* fix test
@XavierM XavierM deleted the detection-engine-view-timeline branch June 4, 2020 16:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FrankHassanabad FrankHassanabad FrankHassanabad approved these changes

@spong spong Awaiting requested review from spong

Assignees

@XavierM XavierM

Labels
release_note:enhancement Team:SIEM v7.6.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@XavierM @elasticmachine @kibanamachine @FrankHassanabad