-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Defend Advanced Policy Options for Linux event aggregation. #183518
Defend Advanced Policy Options for Linux event aggregation. #183518
Conversation
@elasticmachine merge upstream |
key: 'linux.advanced.events.aggregate', | ||
first_supported_version: '8.15', | ||
documentation: i18n.translate( | ||
'xpack.securitySolution.endpoint.policy.advanced.linux.advanced.events.aggregate', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should make this advanced.linux.advanced.events.aggregate_process
so when we add network event aggregation (or other types we haven't considered yet) users can control each independently. Partially to empower users and partially because each upgrade needs a way to add a migration so existing Endpoint policies keep behaving in the old manner.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, good eye. Forgot to push.
b108904
to
495520e
Compare
495520e
to
af8aead
Compare
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Async chunks
History
To update your PR or re-run it, just comment with: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Blocking merge just to prevent this from being accidentally merged. @gergoabraham is taking it over.
Closing so that new PR including migrations can be created. |
Summary
Add an advanced option to enabled/disable event aggregation.
Checklist
Delete any items that are not applicable to this PR.
For maintainers