-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[RAM][Security Solution][Alerts] Support the ability to trigger a rule action per alert generated (#153611) #155384
[RAM][Security Solution][Alerts] Support the ability to trigger a rule action per alert generated (#153611) #155384
Conversation
…e action per alert generated (elastic#153611)
@elasticmachine merge upstream |
@elasticmachine merge upstream |
@elasticmachine merge upstream |
@elasticmachine merge upstream |
x-pack/plugins/rule_registry/server/utils/create_persistence_rule_type_wrapper.ts
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
alerting framework changes LGTM
@elasticmachine merge upstream |
…text" This reverts commit 62a6b77.
Hi @XavierM, I think I am not involved into the project and you are tagging the wrong person here :) |
@elasticmachine merge upstream |
@elasticmachine merge upstream |
@elasticmachine merge upstream |
💛 Build succeeded, but was flaky
Failed CI StepsMetrics [docs]Async chunks
Page load bundle
Unknown metric groupsESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: cc @e40pud |
## Summary - Fixes: #155384 (comment) - Fixes language around conditional filter to not confuse our user like it was before <img width="756" alt="image" src="https://user-images.githubusercontent.com/189600/234410455-a577d5a7-afc7-489d-b37d-96a6487c2e31.png"> ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* main: (1294 commits) [SecuritySolution] Refactor security packages (elastic#155365) [Discover] Show "Temporary" badge for ad-hoc data views in Alerts flyout (elastic#155717) [RAM] Conditional actions feedback on pr review (elastic#155804) [Files] Adds bulk delete method (elastic#155628) [Lens] Use proper way to generate absolute short URL (elastic#155512) [Guided onboarding] Use Kibana features to grant access (elastic#155065) [Index Management] Fix duped mock (elastic#155844) [Lens] Enhance visualization modifier popup with layer palette (elastic#155280) Fix flaky combobox tests on role management screen (elastic#155711) [Infrastructure UI] Create InventoryViewsService and InventoryViewsClient (elastic#155126) [Fleet] always create agent upload write indices (elastic#155729) [Fleet] [Cloud Security Posture] Add CloudFormation agent install method (elastic#155045) Add tech preview label for search applications (elastic#155649) [ML] AIOps: Stabilize flaky functional tests. (elastic#155710) [ES UI Shared] Migrate JsonEditor to monaco (elastic#155610) [Security Solution] Fixes security_solution storybooks always rendering in a flyout (elastic#155814) [Synthetics] Make error popover disappear `onMouseLeave` of metric item card (elastic#155800) Remove Exploratory View components from Observability (elastic#155629) [Discover] Remove redundant "Filter was added" toast (elastic#155645) [RAM][Security Solution][Alerts] Support the ability to trigger a rule action per alert generated (elastic#153611) (elastic#155384) ...
…t variables (#155829) ## Summary Closes [#155812](#155812) In #155384, detection rules were switched to support per-alert actions. When passing the context variable, it was suggested that we should be calling formatAlert to format the alert for notifications, however doing that causes some test failures because formatAlert is fairly heavyweight and bunch of tests were timing out. Thanks to @marshallmain we have this much faster `expandDottedObject` that solves the issue with the very slow `formatAlert`.
…t variables (elastic#155829) ## Summary Closes [elastic#155812](elastic#155812) In elastic#155384, detection rules were switched to support per-alert actions. When passing the context variable, it was suggested that we should be calling formatAlert to format the alert for notifications, however doing that causes some test failures because formatAlert is fairly heavyweight and bunch of tests were timing out. Thanks to @marshallmain we have this much faster `expandDottedObject` that solves the issue with the very slow `formatAlert`. (cherry picked from commit 8f59720)
…context variables (#155829) (#156009) # Backport This will backport the following commits from `main` to `8.8`: - [[Security Solution][Alerts] Format alerts for per-alert action context variables (#155829)](#155829) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Ievgen Sorokopud","email":"ievgen.sorokopud@elastic.co"},"sourceCommit":{"committedDate":"2023-04-26T16:16:41Z","message":"[Security Solution][Alerts] Format alerts for per-alert action context variables (#155829)\n\n## Summary\r\n\r\nCloses [#155812](https://github.com/elastic/kibana/issues/155812)\r\n\r\nIn #155384, detection rules were\r\nswitched to support per-alert actions. When passing the context\r\nvariable, it was suggested that we should be calling formatAlert to\r\nformat the alert for notifications, however doing that causes some test\r\nfailures because formatAlert is fairly heavyweight and bunch of tests\r\nwere timing out.\r\n\r\nThanks to @marshallmain we have this much faster `expandDottedObject`\r\nthat solves the issue with the very slow `formatAlert`.","sha":"8f597207a222f02b1c7664bc555a9f6e744bc4aa","branchLabelMapping":{"^v8.8.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","backport:skip","v8.8.0"],"number":155829,"url":"https://github.com/elastic/kibana/pull/155829","mergeCommit":{"message":"[Security Solution][Alerts] Format alerts for per-alert action context variables (#155829)\n\n## Summary\r\n\r\nCloses [#155812](https://github.com/elastic/kibana/issues/155812)\r\n\r\nIn #155384, detection rules were\r\nswitched to support per-alert actions. When passing the context\r\nvariable, it was suggested that we should be calling formatAlert to\r\nformat the alert for notifications, however doing that causes some test\r\nfailures because formatAlert is fairly heavyweight and bunch of tests\r\nwere timing out.\r\n\r\nThanks to @marshallmain we have this much faster `expandDottedObject`\r\nthat solves the issue with the very slow `formatAlert`.","sha":"8f597207a222f02b1c7664bc555a9f6e744bc4aa"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.8.0","labelRegex":"^v8.8.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/155829","number":155829,"mergeCommit":{"message":"[Security Solution][Alerts] Format alerts for per-alert action context variables (#155829)\n\n## Summary\r\n\r\nCloses [#155812](https://github.com/elastic/kibana/issues/155812)\r\n\r\nIn #155384, detection rules were\r\nswitched to support per-alert actions. When passing the context\r\nvariable, it was suggested that we should be calling formatAlert to\r\nformat the alert for notifications, however doing that causes some test\r\nfailures because formatAlert is fairly heavyweight and bunch of tests\r\nwere timing out.\r\n\r\nThanks to @marshallmain we have this much faster `expandDottedObject`\r\nthat solves the issue with the very slow `formatAlert`.","sha":"8f597207a222f02b1c7664bc555a9f6e744bc4aa"}}]}] BACKPORT--> Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Summary
These changes enable triggering of "per-alert" actions.
Closes #153611
Checklist
Delete any items that are not applicable to this PR.