-
Notifications
You must be signed in to change notification settings - Fork 8.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Response Ops][Alerting] Optimize alerting task runner for persistent (non-lifecycle rule types) #149043
[Response Ops][Alerting] Optimize alerting task runner for persistent (non-lifecycle rule types) #149043
Conversation
Pinging @elastic/response-ops (Team:ResponseOps) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we add a functional test for a rule type that sets autoRecoverAlerts
to false?
...ecurity_solution/server/lib/detection_engine/rule_types/create_security_rule_type_wrapper.ts
Outdated
Show resolved
Hide resolved
…kalexi/kibana into alerting/update-for-persistent-rules
Resolved in this commit 2a2be5b |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Left one comment about maybe checking for autoRecover in a different spot.
@@ -140,6 +142,7 @@ export function createAlertFactory< | |||
previouslyRecoveredAlerts: {}, | |||
hasReachedAlertLimit, | |||
alertLimit: maxAlerts, | |||
autoRecoverAlerts, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking at this again, we could probably short circuit this logic even more by adding a check before processAlerts
:
if (!autoRecoverAlerts) {
logger.debug(`Set autoRecoverAlerts to true on rule type to get access to recovered alerts.`);
return [];
}
WDYT?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure I can do that!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Resolved in this commit 5306a12
…kalexi/kibana into alerting/update-for-persistent-rules
💚 Build Succeeded
Metrics [docs]History
To update your PR or re-run it, just comment with: |
Resolves #148573
Summary
To help prepare for the framework to handle persistent (non-lifecycle rule types) that do not need the auto-recovery functionality performed by the framework, we added a flag for the rule type so they can opt in or out
Checklist
To verify
autoRecoverAlerts: true
for a rule type and create a rule using that rule type. Verify that the rule does not recover.