[BUG_FIX] fix check for agg rules in detector trigger condition to create chained findings monitor #992
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…cket level monitor Signed-off-by: Surya Sashank Nistala <[email protected]>
eirsep
requested review from
amsiglan,
AWSHurneyt,
getsaurabh02,
lezzago,
praveensameneni,
sbcd90,
jowg-amazon,
engechas,
goyamegh and
riysaxen-amzn
as code owners
|
Without this additional check in the logic won't we call |
…n of detector Signed-off-by: Surya Sashank Nistala <[email protected]>
…s monitor Signed-off-by: Surya Sashank Nistala <[email protected]>
eirsep
changed the title
fixed to check for atleast one agg rule |
jowg-amazon
reviewed
Apr 26, 2024
| RestRequest.Method restMethod | ||
| ) { | ||
| Method restMethod, | ||
| List<Pair<String, Rule>> queries) { |
There was a problem hiding this comment.
If there are multiple aggregation rules/queries, do the queried passed in here include all of them or only the aggregation rule that created the bucket level monitor?
There was a problem hiding this comment.
we are only adding the tags of each aggregation query to the doc level monitor's DocLevelQuery tags. Btw each agg rule creates 1 bucket level monitor. For all bucket level monitors there is one chained findings doc level monitor
Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Surya Sashank Nistala <[email protected]>
Signed-off-by: Surya Sashank Nistala <[email protected]>
sbcd90
previously approved these changes
Apr 27, 2024
Signed-off-by: Surya Sashank Nistala <[email protected]>
jowg-amazon
approved these changes
Apr 27, 2024
sbcd90
approved these changes
Apr 27, 2024
AWSHurneyt
approved these changes
Apr 27, 2024
|
Flaky tests failed |
|
The backport to To backport manually, run these commands in your terminal: # Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/security-analytics/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/security-analytics/backport-2.x
# Create a new branch
git switch --create backport-992-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 31a81aa95b1075f403fbb4fb5d3f095e039ad060
# Push it to GitHub
git push --set-upstream origin backport-992-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/security-analytics/backport-2.xThen, create a pull request where the |
|
The backport to To backport manually, run these commands in your terminal: # Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/security-analytics/backport-2.13 2.13
# Navigate to the new working tree
pushd ../.worktrees/security-analytics/backport-2.13
# Create a new branch
git switch --create backport-992-to-2.13
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 31a81aa95b1075f403fbb4fb5d3f095e039ad060
# Push it to GitHub
git push --set-upstream origin backport-992-to-2.13
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/security-analytics/backport-2.13Then, create a pull request where the |
|
The backport to To backport manually, run these commands in your terminal: # Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/security-analytics/backport-2.12 2.12
# Navigate to the new working tree
pushd ../.worktrees/security-analytics/backport-2.12
# Create a new branch
git switch --create backport-992-to-2.12
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 31a81aa95b1075f403fbb4fb5d3f095e039ad060
# Push it to GitHub
git push --set-upstream origin backport-992-to-2.12
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/security-analytics/backport-2.12Then, create a pull request where the |
|
The backport to To backport manually, run these commands in your terminal: # Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/security-analytics/backport-2.11 2.11
# Navigate to the new working tree
pushd ../.worktrees/security-analytics/backport-2.11
# Create a new branch
git switch --create backport-992-to-2.11
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 31a81aa95b1075f403fbb4fb5d3f095e039ad060
# Push it to GitHub
git push --set-upstream origin backport-992-to-2.11
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/security-analytics/backport-2.11Then, create a pull request where the |
eirsep
added a commit
to eirsep/security-analytics
that referenced
this pull request
Apr 27, 2024
…eate chained findings monitor (opensearch-project#992) * remove chekc for agg rules in detector trigger condition to create bucket level monitor Signed-off-by: Surya Sashank Nistala <[email protected]> * add agg rules tags in chained monitor query to match trigger condition of detector Signed-off-by: Surya Sashank Nistala <[email protected]> * fix check to evaluate agg rules present when creating chained findings monitor Signed-off-by: Surya Sashank Nistala <[email protected]> * fix tests where check on group by trigger existed earlier Signed-off-by: Surya Sashank Nistala <[email protected]> * fix race condition while creating first monitor Signed-off-by: Surya Sashank Nistala <[email protected]> * add test to verify detector trigger function for aggregation rules Signed-off-by: Surya Sashank Nistala <[email protected]> * revert step listener change Signed-off-by: Surya Sashank Nistala <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]>
eirsep
added a commit
that referenced
this pull request
Apr 27, 2024
…eate chained findings monitor (#992) (#1002) * remove chekc for agg rules in detector trigger condition to create bucket level monitor * add agg rules tags in chained monitor query to match trigger condition of detector * fix check to evaluate agg rules present when creating chained findings monitor * fix tests where check on group by trigger existed earlier * fix race condition while creating first monitor * add test to verify detector trigger function for aggregation rules * revert step listener change --------- Signed-off-by: Surya Sashank Nistala <[email protected]>
opensearch-trigger-bot bot
pushed a commit
that referenced
this pull request
Apr 27, 2024
…eate chained findings monitor (#992) (#1002) * remove chekc for agg rules in detector trigger condition to create bucket level monitor * add agg rules tags in chained monitor query to match trigger condition of detector * fix check to evaluate agg rules present when creating chained findings monitor * fix tests where check on group by trigger existed earlier * fix race condition while creating first monitor * add test to verify detector trigger function for aggregation rules * revert step listener change --------- Signed-off-by: Surya Sashank Nistala <[email protected]> (cherry picked from commit 07bf73f)
eirsep
added a commit
to eirsep/security-analytics
that referenced
this pull request
Apr 28, 2024
…eate chained findings monitor (opensearch-project#992) * remove chekc for agg rules in detector trigger condition to create bucket level monitor Signed-off-by: Surya Sashank Nistala <[email protected]> * add agg rules tags in chained monitor query to match trigger condition of detector Signed-off-by: Surya Sashank Nistala <[email protected]> * fix check to evaluate agg rules present when creating chained findings monitor Signed-off-by: Surya Sashank Nistala <[email protected]> * fix tests where check on group by trigger existed earlier Signed-off-by: Surya Sashank Nistala <[email protected]> * fix race condition while creating first monitor Signed-off-by: Surya Sashank Nistala <[email protected]> * add test to verify detector trigger function for aggregation rules Signed-off-by: Surya Sashank Nistala <[email protected]> * revert step listener change Signed-off-by: Surya Sashank Nistala <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]>
eirsep
added a commit
that referenced
this pull request
Apr 29, 2024
* [BUG_FIX] fix check for agg rules in detector trigger condition to create chained findings monitor (#992) * remove chekc for agg rules in detector trigger condition to create bucket level monitor Signed-off-by: Surya Sashank Nistala <[email protected]> * add agg rules tags in chained monitor query to match trigger condition of detector Signed-off-by: Surya Sashank Nistala <[email protected]> * fix check to evaluate agg rules present when creating chained findings monitor Signed-off-by: Surya Sashank Nistala <[email protected]> * fix tests where check on group by trigger existed earlier Signed-off-by: Surya Sashank Nistala <[email protected]> * fix race condition while creating first monitor Signed-off-by: Surya Sashank Nistala <[email protected]> * add test to verify detector trigger function for aggregation rules Signed-off-by: Surya Sashank Nistala <[email protected]> * revert step listener change Signed-off-by: Surya Sashank Nistala <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]> * fix imports Signed-off-by: Surya Sashank Nistala <[email protected]> --------- Signed-off-by: Surya Sashank Nistala <[email protected]>
eirsep
added a commit
that referenced
this pull request
Apr 29, 2024
…eate chained findings monitor (#992) (#1002) (#1003) * remove chekc for agg rules in detector trigger condition to create bucket level monitor * add agg rules tags in chained monitor query to match trigger condition of detector * fix check to evaluate agg rules present when creating chained findings monitor * fix tests where check on group by trigger existed earlier * fix race condition while creating first monitor * add test to verify detector trigger function for aggregation rules * revert step listener change --------- Signed-off-by: Surya Sashank Nistala <[email protected]> (cherry picked from commit 07bf73f) Co-authored-by: Surya Sashank Nistala <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
remove check for agg rules in detector trigger condition to create chained findings monitor.
Currently, chained findings monitor is not created unless ids of aggregation Sigma rules are not mentioned in the detector trigger condition
Right behaviour is to create chained findings monitor irrespective of trigger condition.
Add agg rule tags to chained findings monitor
Issues Resolved
[List any issues this PR will resolve]
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.