[SIEMDPOINT] Move endpoint to siem #66907
Conversation
XavierM
added
release_note:skip
XavierM
added
Team:Endpoint Data Visibility
|
Pinging @elastic/endpoint-management (Team:Endpoint Management) |
|
Pinging @elastic/endpoint-data-visibility-team (Team:Endpoint Data Visibility) |
|
Pinging @elastic/siem (Team:SIEM) |
|
Pinging @elastic/endpoint-response (Team:Endpoint Response) |
XavierM
changed the title
|
Action Items / Debrief Here's some stuff from notes I took while working w/ @XavierM on this: Action items:Re-enable and fix testsWe kept as many tests enabled as we could. Unfortunately we did disable some. We should try and re-enable tests as soon as possible. In some cases, we may need to integrate a feature more before testing. Consolidate ‘StartDeps’.The dependencies that Endpoint needed from NP aren’t exactly the same as the ones SIEM needed. SIEM and Endpoint each had a type for these deps. We added the values that Endpoint needed to the SIEM type (and implementation.) But many places still refer to the Endpoint type. Should we have 1 type plugin-wide? Should each ‘supplugin’ define its own type? TBD UI ‘links’ are implemented in a different way in SIEM vs Endpoint.On the Endpoint side @paul-tavares implemented a way to link to places in Kibana / other routes. Let’s compare that w/ what SIEM has and consider consolidating approaches. Consider formalizing (and finishing) the 'Subplugin' idea@XavierM proposed the idea of ‘subplugins’ which divide functionality within a plugin. This was semi-implemented in the ‘public’ code, but its not there for the server side. We should define this pattern, and if we like it, argue for adopting it plugin-wide. Come to agreement on eslint rules that aren’t part of the Kibana standard.When development started on the endpoint plugin, we were advised not to deviate from the Kibana standard lint rules. The idea is that code that’s valid anywhere in Kibana should be valid everywhere. This should allow us to, for example, copy Endpoint code into SIEM w/o changing it. The SIEM team has some custom lint rules. When the Endpoint code was moved into SIEM, Xavier changed the code to meet SIEM eslint rules. Let’s discuss as a team (and perhaps w/ the Kibana arch group) these lint rules. If we deviate from Kibana in a way that affects all code in the plugin, then we should agree on those rules as a team. Explain certain Endpoint code concepts to the SIEM teamThe Endpoint code has some novel patterns. In some cases, these warrant an explanation to the SIEM team (and maybe some more docs.)
Continue adding doc comments to exports.This makes the code much easier to read and understand. IDEs can show these docs on hover. Let's make it easy to read and understand our code. Document the technical roadmap for Resolver, specifically as it relates to 'Is it an Embeddable?'The last time the broader team heard details about the technical roadmap of Resolver, 'embeddable' was said many times. Let's explain to the team what our current vision for resolver is. |
XavierM
force-pushed
the
move-alerts-to-siem
branch
from
55d0615 to
1c628a1
Compare
XavierM
force-pushed
the
move-alerts-to-siem
branch
from
3dd2d8f to
8f7f736
Compare
XavierM
force-pushed
the
move-alerts-to-siem
branch
from
3f532f5 to
61738b0
Compare
|
@elasticmachine merge upstream |
| /** | ||
| * Host Endpoint Configuration | ||
| */ | ||
| endpointResultListDefaultFirstPageIndex: schema.number({ defaultValue: 0 }), | ||
| endpointResultListDefaultPageSize: schema.number({ defaultValue: 10 }), | ||
|
|
||
| /** | ||
| * Alert Endpoint Configuration | ||
| */ | ||
| alertResultListDefaultDateRange: schema.object({ | ||
| from: schema.string({ defaultValue: 'now-15m' }), | ||
| to: schema.string({ defaultValue: 'now' }), | ||
| }), |
There was a problem hiding this comment.
Nit: I happened to look for the docs for these settings, and discovered that there aren't any docs for these settings (or other existing siem plugin settings). If there's not already an open issue for it, perhaps one should be opened to ensure that docs are added for these settings.
There was a problem hiding this comment.
Thank you @jportner, I think we are going to revisit some of that and see if we still need it and if so we will document it
There was a problem hiding this comment.
@XavierM @jportner Here's an existing github issue concerning the removal of these options: https://github.com/elastic/endpoint-app-team/issues/176
💚 Build SucceededHistory
To update your PR or re-run it, just comment with: |
|
WOOOOO |
* adds the stuff * keeps moving stuff * finishes moving the stuff * moves tests * fix type * try moving it all at once. BROKEN * move endpoint to siem * fix package coming from endpoint * missing scripts + change url * fix eslint * temporary disable functional testing for endpoint * fix api integration types * allow api integration test + comment functional test * fix internationalization * fix internationalization II * fix jest test * fix x-pack test * fix i18n * fix api integration * fix circular dependency * add new dependency to cypress test Co-authored-by: Davis Plumlee <[email protected]> Co-authored-by: oatkiller <[email protected]> Co-authored-by: Elastic Machine <[email protected]>
* [SIEMDPOINT] Move endpoint to siem (#66907) * adds the stuff * keeps moving stuff * finishes moving the stuff * moves tests * fix type * try moving it all at once. BROKEN * move endpoint to siem * fix package coming from endpoint * missing scripts + change url * fix eslint * temporary disable functional testing for endpoint * fix api integration types * allow api integration test + comment functional test * fix internationalization * fix internationalization II * fix jest test * fix x-pack test * fix i18n * fix api integration * fix circular dependency * add new dependency to cypress test Co-authored-by: Davis Plumlee <[email protected]> Co-authored-by: oatkiller <[email protected]> Co-authored-by: Elastic Machine <[email protected]> * miss import in cherry-pick Co-authored-by: Davis Plumlee <[email protected]> Co-authored-by: oatkiller <[email protected]> Co-authored-by: Elastic Machine <[email protected]>
* master: (33 commits) [Saved Objects] adds support for including hidden types in saved objects client (elastic#66879) [Discover] Deangularize timechart header (elastic#66532) [Discover] Improve and unskip a11y context view test (elastic#66959) [SIEM] Refactor Timeline.timelineType draft to Timeline.status draft (elastic#66864) docs: update RUM documentation link (elastic#67042) [QA] fixup coverage ingestion tests. (elastic#66905) [Metrics UI] Add support for multiple groupings to Metrics Explorer (and Alerts) (elastic#66503) [Metrics UI] Add sorting for name and value to Inventory View (elastic#66644) [Metrics UI] Change Metric Threshold Alert charts to use bar charts (elastic#66672) [Uptime] Use React.lazy for alert type registration (elastic#66829) [Reporting] Consolidate API Integration Test configs (elastic#66637) Allow histogram fields in average and sum aggregations (elastic#66891) Fix saved object share link (elastic#66771) move role reset into the top level after clause (elastic#66971) Automate the labels for any PRs affecting files for the Ingest Management team (elastic#67022) [SIEMDPOINT] Move endpoint to siem (elastic#66907) server.uuid so is not used (elastic#66963) Revert "[ci/stats] fix git metadata collection (elastic#66840)" [Uptime] Unmount uptime app properly (elastic#66950) [Visualize] Bar chart: Show missing values on chart setting (elastic#66375) ...
MindyRS
added
the
Team: SecuritySolution
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Summary
Move endpoint to siem
Add in kibana dev config
New routes: