Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] DE Server Type Refactor #117229

Open
madirey opened this issue Nov 2, 2021 · 1 comment
Open

[Security Solution] DE Server Type Refactor #117229

madirey opened this issue Nov 2, 2021 · 1 comment
Labels
Feature:Detection Alerts Security Solution Detection Alerts Feature Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. technical debt Improvement of the software architecture and operational architecture

Comments

@madirey
Copy link
Contributor

madirey commented Nov 2, 2021
edited
Loading

Summary

There are a number of duplicate, misleading, and inconsistent types across the DE backend. This issue will outline some potential problems and solutions as we work toward a more consistent type framework.

Work Items

  • SignalHit - Uses ES hit terminology, but is not actually a hit (it's used to build alerts in build_bulk_body.ts)... there is also a different type named SignalHit in the cases plugin => Remove in favor of AlertBody below.
  • SignalSource - TODO
  • SignalSourceHit - Like above, uses hit terminology, but is used to construct alerts.
  • WrappedSignalHit - Same as above.
  • RACAlert - This is the new type to replace SignalHit, but should be renamed to AlertBody.
  • WrappedRACAlert - Rename to WrappedAlertBody.
  • SimpleHit - Fairly useless type... just BaseHit parameterized with an optional @timestamp.
  • Signal - Will be deprecated.
  • SignalRuleAlertTypeDefinition - Remove. (Need to wait for rule preview work)
  • Threshold types - move to different location.
@madirey madirey added the technical debt Improvement of the software architecture and operational architecture label Nov 2, 2021
@botelastic botelastic bot added the needs-team Issues missing a team label label Nov 2, 2021
@madirey madirey added Feature:Detection Alerts Security Solution Detection Alerts Feature Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Nov 2, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@botelastic botelastic bot removed the needs-team Issues missing a team label label Nov 2, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature:Detection Alerts Security Solution Detection Alerts Feature Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. technical debt Improvement of the software architecture and operational architecture
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@madirey @elasticmachine