Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ProblemChild] Two Detection Rules Querying Invalid Indices #7521

Closed
wants to merge 9 commits into from
Closed

[ProblemChild] Two Detection Rules Querying Invalid Indices #7521

wants to merge 9 commits into from

Conversation

MakoWish
Copy link
Contributor

@MakoWish MakoWish commented Aug 23, 2023
edited
Loading

What does this PR do?

Two of the Detection Rules supplied in the ProblemChild Integration look for logs-endpoint.events.process.*, but that final period is invalid and will not match an Elastic Endpoint index. These indices are named (using default as an example) logs-endpoint.events.process-default, so this should be either logs-endpoint.events.process* or logs-endpoint.events.process-*.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have incremented the version in my package's manifest.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

Related issues

Screenshots

incorrect_index_listing

@MakoWish MakoWish changed the title Rule tuning problem child probability score [ProblemChild] Two Detection Rules Querying Invalid Indices Aug 23, 2023
@MakoWish MakoWish marked this pull request as ready for review August 23, 2023 22:27
@MakoWish MakoWish requested review from a team as code owners August 23, 2023 22:27
@elasticmachine
Copy link

elasticmachine commented Aug 23, 2023
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-08-30T19:54:33.744+0000

  • Duration: 14 min 24 sec

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

peteharverson
peteharverson approved these changes Aug 24, 2023
View reviewed changes
Copy link
Contributor

@peteharverson peteharverson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes LGTM - we are down as CODEOWNERS of this package. No specific ML changes here but LGTM to clear the ml-ui approval.

@susan-shu-c
Copy link
Member

Hi, thank you for the PR!
Let's merge this one first and then rebase this off of that one's version number?

ajosh0504
ajosh0504 suggested changes Aug 30, 2023
View reviewed changes
Copy link
Contributor

@ajosh0504 ajosh0504 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's try to keep the pattern as specific as possible, so -* instead of *. LGTM if you can resolve the version and manifest conflicts. Thanks for trying the package out, and for the PRs!

packages/problemchild/kibana/security_rule/34184d4e-ef61-477b-8d76-5c93448c29bf.json Outdated Show resolved Hide resolved
packages/problemchild/kibana/security_rule/9a2e372a-cbeb-4ad6-a288-017ef086324c.json Outdated Show resolved Hide resolved
MakoWish and others added 3 commits August 30, 2023 13:53
@MakoWish @ajosh0504
Recommended changes from code review
c188a54 
Co-authored-by: Apoorva Joshi <30438249+ajosh0504@users.noreply.github.com>
@MakoWish @ajosh0504
Recommended changes from code review
7166cb9 
Co-authored-by: Apoorva Joshi <30438249+ajosh0504@users.noreply.github.com>
@MakoWish
Merge branch 'main' into rule_tuning_problem_child_probability_score
10d8a49
@ajosh0504 ajosh0504 mentioned this pull request Aug 31, 2023
Merged
5 tasks
@ajosh0504
Copy link
Contributor

ajosh0504 commented Aug 31, 2023
edited
Loading

Also, can we consolidate all these bug /broken link fixes into a single PR resulting in a single patch version bump? Thanks!

MakoWish added a commit to MakoWish/integrations that referenced this pull request Aug 31, 2023
@MakoWish
Consolidate elastic#7521 and elastic#7577 into elastic#7618
6fc393d
@MakoWish
Copy link
Contributor Author

Consolidating into #7618

@MakoWish MakoWish closed this Aug 31, 2023
@MakoWish MakoWish deleted the rule_tuning_problem_child_probability_score branch August 31, 2023 16:33
susan-shu-c pushed a commit that referenced this pull request Sep 1, 2023
@MakoWish @ajosh0504
[ProblemChild] Update Blog Post Link in Docs (#7618)
78d8776 
* Update docs with new blog link

* Commit changes from code review

Co-authored-by: Apoorva Joshi <30438249+ajosh0504@users.noreply.github.com>

* Commit changes from code review

Co-authored-by: Apoorva Joshi <30438249+ajosh0504@users.noreply.github.com>

* Consolidate #7521 and #7577 into #7618

---------

Co-authored-by: Apoorva Joshi <30438249+ajosh0504@users.noreply.github.com>
gizas pushed a commit that referenced this pull request Sep 5, 2023
@MakoWish @ajosh0504 @gizas
[ProblemChild] Update Blog Post Link in Docs (#7618)
f8c554e 
* Update docs with new blog link

* Commit changes from code review

Co-authored-by: Apoorva Joshi <30438249+ajosh0504@users.noreply.github.com>

* Commit changes from code review

Co-authored-by: Apoorva Joshi <30438249+ajosh0504@users.noreply.github.com>

* Consolidate #7521 and #7577 into #7618

---------

Co-authored-by: Apoorva Joshi <30438249+ajosh0504@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ajosh0504 ajosh0504 ajosh0504 requested changes

@peteharverson peteharverson peteharverson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[ProblemChild] Two Detection Rules Querying Invalid Indices
5 participants
@MakoWish @elasticmachine @susan-shu-c @ajosh0504 @peteharverson