Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Detection Engine][Telemetry] Adds basic suppression telemetry #181245

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

[Detection Engine][Telemetry] Adds basic suppression telemetry #181245

wants to merge 2 commits into from
+572 −61

Conversation

yctercero
Copy link
Contributor

Summary

Adds some basic alert suppression telemetry around to answer:

  • Is telemetry enabled?
  • When enabled, is it enabled per rule execution?
  • When enabled, is it enabled per time period?
  • When enabled, is missing field strategy set to suppress?

@yctercero yctercero added release_note:skip Skip the PR/issue when compiling release notes Team:Detection Engine Security Solution Detection Engine Area v8.14.0 v8.15.0 labels Apr 20, 2024
@yctercero yctercero self-assigned this Apr 20, 2024
@yctercero
Copy link
Contributor Author

/ci

@yctercero
Copy link
Contributor Author

/ci

@kibana-ci
Copy link
Collaborator

kibana-ci commented Apr 22, 2024
edited

💔 Build Failed

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #71 / Detections Response - Detection rule type telemetry @ess @serverless Detection rule telemetry "kql" rule type should show "notifications_enabled", "notifications_disabled" "legacy_notifications_enabled", "legacy_notifications_disabled", all to be "0" for "disabled"/"in-active" rule that does not have any actions
  • [job] [logs] FTR Configs #93 / Detections Response - Detection rule type telemetry @ess @serverless Detection rule telemetry "kql" rule type should show "notifications_enabled", "notifications_disabled" "legacy_notifications_enabled", "legacy_notifications_disabled", all to be "0" for "disabled"/"in-active" rule that does not have any actions
  • [job] [logs] FTR Configs #93 / Detections Response - Detection rule type telemetry @ess @serverless Detection rule telemetry "kql" rule type should show "notifications_enabled", "notifications_disabled" "legacy_notifications_enabled", "legacy_notifications_disabled", all to be "0" for "disabled"/"in-active" rule that does not have any actions
  • [job] [logs] FTR Configs #71 / Detections Response - Detection rule type telemetry @ess @serverless Detection rule telemetry "kql" rule type should show "notifications_enabled", "notifications_disabled" "legacy_notifications_enabled", "legacy_notifications_disabled", all to be "0" for "disabled"/"in-active" rule that does not have any actions
  • [job] [logs] Jest Tests #4 / Detections Usage and Metrics getRuleMetrics() returns information with on non elastic prebuilt rule
  • [job] [logs] Jest Tests #4 / Detections Usage and Metrics getRuleMetrics() returns information with on non elastic prebuilt rule
  • [job] [logs] Jest Tests #4 / Detections Usage and Metrics getRuleMetrics() returns information with rule, alerts and cases
  • [job] [logs] Jest Tests #4 / Detections Usage and Metrics getRuleMetrics() returns information with rule, alerts and cases
  • [job] [logs] Jest Tests #4 / Detections Usage and Metrics getRuleMetrics() returns information with rule, no alerts and no cases
  • [job] [logs] Jest Tests #4 / Detections Usage and Metrics getRuleMetrics() returns information with rule, no alerts and no cases
  • [job] [logs] Jest Tests #4 / Detections Usage and Metrics Update metrics with rule information Should update based on multiple metrics
  • [job] [logs] Jest Tests #4 / Detections Usage and Metrics Update metrics with rule information Should update based on multiple metrics
  • [job] [logs] Jest Tests #4 / Detections Usage and Metrics Update metrics with rule information Should update elastic and eql rule metric total
  • [job] [logs] Jest Tests #4 / Detections Usage and Metrics Update metrics with rule information Should update elastic and eql rule metric total
  • [job] [logs] Defend Workflows Cypress Tests #2 / Response console Processes operations: "kill-process --pid" - should kill a process "kill-process --pid" - should kill a process
  • [job] [logs] Defend Workflows Cypress Tests on Serverless #14 / Response console Processes operations: "kill-process --pid" - should kill a process "kill-process --pid" - should kill a process
  • [job] [logs] Defend Workflows Cypress Tests #2 / Response console Processes operations: "processes" - should obtain a list of processes "processes" - should obtain a list of processes
  • [job] [logs] Defend Workflows Cypress Tests on Serverless #14 / Response console Processes operations: "processes" - should obtain a list of processes "processes" - should obtain a list of processes
  • [job] [logs] Defend Workflows Cypress Tests #2 / Response console Processes operations: "suspend-process --pid" - should suspend a process "suspend-process --pid" - should suspend a process
  • [job] [logs] Defend Workflows Cypress Tests on Serverless #14 / Response console Processes operations: "suspend-process --pid" - should suspend a process "suspend-process --pid" - should suspend a process

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @yctercero

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@yctercero yctercero

Labels
release_note:skip Skip the PR/issue when compiling release notes Team:Detection Engine Security Solution Detection Engine Area v8.14.0 v8.15.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@yctercero @kibana-ci