[Security_Solution][Telemetry] - Update endpoint usage to use agentService #93829
Conversation
michaelolo24
added
v8.0.0
release_note:skip
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-threat-hunting (Team:Threat Hunting) |
| }; | ||
|
|
||
| /* | ||
| TODO: AS OF 7.13, this access will no longer work due to the enabling of fleet server. An alternative route will have |
There was a problem hiding this comment.
This will break in 7.13
There was a problem hiding this comment.
Should we also put this information in an issue?
When it breaks in 7.13 will it have an adverse affect on the plugin? Or will it just log and fail silently?
There was a problem hiding this comment.
We currently don't log to prevent accidental leaking of PII, but yea if it stays as is for 7.13, we'll only get the total_installed and os details. Everything else will fail silently. Yea, I'm gonna add it into the issue that @nchaulet created that's referenced in the description here.
There was a problem hiding this comment.
@jonathan-buttner actually went with a comment here to avoid splitting the discussion
| @@ -108,7 +109,7 @@ export const updateEndpointOSTelemetry = ( | |||
| * the same time span. | |||
| */ | |||
| export const updateEndpointDailyActiveCount = ( | |||
| latestEndpointEvent: SavedObject<NewAgentEvent>, | |||
| latestEndpointEvent: SavedObject<NewAgentEvent>, // TODO: This information will be lost in 7.13, need to find an alternative route. | |||
There was a problem hiding this comment.
This will break in 7.13
|
@elasticmachine merge upstream |
| agentService: AgentService | undefined, | ||
| esClient: ElasticsearchClient | ||
| ) => { | ||
| const agentData = await agentService?.listAgents(savedObjectsClient, esClient, { |
There was a problem hiding this comment.
I just merged the change where we remove the support for saved object, I think this method is probably not accepting a savedObjectClient any more
There was a problem hiding this comment.
Thanks for the note. I'll update this accordingly!
michaelolo24
force-pushed
the
update-endpoint-telemetry
branch
from
18f30b3 to
32b1012
Compare
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
💚 Build SucceededMetrics [docs]
History
To update your PR or re-run it, just comment with: |
|
Discussed with @achuguy who wrote the current |
…rvice (elastic#93829) Co-authored-by: Kibana Machine <[email protected]>
…rvice (#93829) (#94366) Co-authored-by: Kibana Machine <[email protected]> Co-authored-by: Kibana Machine <[email protected]>
…-action * 'master' of github.com:elastic/kibana: (43 commits) [Console] Update copy when showing warnings in response headers (#94270) [TSVB] Type public code. Step 1 (#93231) [ML] Functional tests - stabilize slider value selection (#94313) skip another suite blocking es promotion (#94367) [Security Solution] Eliminates a redundant external link icon (#94194) skip another suite blocking es promotion (#94367) [App Search] Role mappings migration part 1 (#94346) [Security Solution][Detections] Fix flaky indicator enrichment tests (#94241) [Workplace Search] Deduplicate icons (#94359) [ML] Add latest transform to intro text (#94039) skip test failing es promotion (#94367) [Maps] convert elasticsearch_utils to TS (#93984) [Security_Solution][Telemetry] - Update endpoint usage to use agentService (#93829) [Security Solution][Exceptions] Fixes OS adding method for exception enrichment (#94343) [ILM] Add support for frozen phase (#93068) [App Search] Fixed 2 relevance tuning bugs (#94312) remove `try` auth mode (#94287) Removing resolver functional tests (#94331) migrate warning mixin to core (#94273) [App Search] Add routes for Role Mappings (#94221) ... # Conflicts: # x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/components/phases/cold_phase/cold_phase.tsx # x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/components/phases/phase/phase.tsx # x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/components/phases/shared_fields/searchable_snapshot_field/searchable_snapshot_field.tsx # x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/edit_policy.tsx # x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/form/configuration_issues_context.tsx
Summary
This PR addresses the first point made by @nchaulet in this issue: #92311
We were previously accessing the saved_objects for fleet directly to populate endpoint usage telemetry, but should have been using the
agentServicewhere possible. This PR adopts that change to continue to reliably provide us with thetotal_installedandosdetails information we currently have available for telemetry.The outstanding issue remains that there is no way to currently reliably obtain the information we are getting from the
fleet-agent-eventssavedObject which helps to populate theactive_within_last_24_hoursandpolicies.malwaredata. With the move to fleet server as detailed in the aforementioned issue, our use of that savedObject will break and we will no longer get this data. Ideally, we'll be able to determine a solution that allows us to retain this information and is better implemented than the current scenario (also detailed here: https://github.com/elastic/endpoint-dev/issues/8382)Checklist
Delete any items that are not applicable to this PR.