Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Defend Advanced Policy Options for Linux event aggregation. #183518

Conversation

nicholasberlin
Copy link
Contributor

Summary

Add an advanced option to enabled/disable event aggregation.

Checklist

Delete any items that are not applicable to this PR.

For maintainers

@nicholasberlin nicholasberlin added backport:skip This commit does not require backporting v8.15.0 labels May 15, 2024
@nicholasberlin nicholasberlin requested a review from a team as a code owner May 15, 2024 13:55
@nicholasberlin
Copy link
Contributor Author

@elasticmachine merge upstream

key: 'linux.advanced.events.aggregate',
first_supported_version: '8.15',
documentation: i18n.translate(
'xpack.securitySolution.endpoint.policy.advanced.linux.advanced.events.aggregate',
Copy link
Contributor

@ferullo ferullo Jun 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should make this advanced.linux.advanced.events.aggregate_process so when we add network event aggregation (or other types we haven't considered yet) users can control each independently. Partially to empower users and partially because each upgrade needs a way to add a migration so existing Endpoint policies keep behaving in the old manner.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, good eye. Forgot to push.

@nicholasberlin nicholasberlin force-pushed the defend-policy-linux-advance-event-aggregation branch from b108904 to 495520e Compare June 6, 2024 12:13
@nicholasberlin nicholasberlin force-pushed the defend-policy-linux-advance-event-aggregation branch from 495520e to af8aead Compare June 6, 2024 12:19
@kibana-ci
Copy link
Collaborator

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #12 / Fleet Endpoints Integrations inputs_with_standalone_docker_agent "before all" hook for "generate a valid config for standalone agents"

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 13.6MB 13.6MB +640.0B

History

  • 💔 Build #214436 failed 495520e0155784718c833ddfb039dd8825d5630d
  • 💔 Build #210199 failed b108904e0a214c664e850ba25deb47bd837949da
  • 💔 Build #210176 failed df239436e2738a6bebb280c5f1f884317a67017b

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

Copy link
Contributor

@ferullo ferullo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Blocking merge just to prevent this from being accidentally merged. @gergoabraham is taking it over.

@nicholasberlin
Copy link
Contributor Author

Closing so that new PR including migrations can be created.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport:skip This commit does not require backporting release_note:enhancement v8.16.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants