[SecuritySolution] Add enrichPolicyExecutionInterval to entity enablement and init APIs #207374
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
machadoum
force-pushed
the
siem-ea-11306
branch
from
47697a4 to
3f363dc
Compare
machadoum
added
release_note:fix
v9.0.0
Team: SecuritySolution
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-entity-analytics (Team:Entity Analytics) |
💚 Build Succeeded
Metrics [docs]Async chunks
cc @machadoum |
|
Starting backport for target branches: 8.x |
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
machadoum
added a commit
to machadoum/kibana
that referenced
this pull request
Jan 24, 2025
…ment and init APIs (elastic#207374) ## Summary Add `enrichPolicyExecutionInterval`param to entity enablement and init APIs ### How to test? * Start kibana * Call the entity store enablement API with a short value for `enrichPolicyExecutionInterval` param * Check in the logs if the enrichment process is running frequently * Clear the entity store * Call the entity store enablement API without `enrichPolicyExecutionInterval` param * Check in the logs if the enrichment process is running less frequently **Enable Entity store API call:** ``` POST kbn:/api/entity_store/enable { "enrichPolicyExecutionInterval": "10s" } ``` **Init Entity store API call:** ``` POST kbn:/api/entity_store/engines/user/init { "enrichPolicyExecutionInterval": "10s" } ``` **Enrich policy log message:** ``` │ info [o.e.x.e.EnrichPolicyRunner] [...] Policy [entity_store_field_retention_user_default_v1.0.0]: Running enrich policy ``` ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: kibanamachine <[email protected]> (cherry picked from commit 1ca4d96) # Conflicts: # oas_docs/output/kibana.serverless.yaml # oas_docs/output/kibana.yaml # x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/enable.gen.ts # x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/enable.schema.yaml # x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml # x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_store_data_client.ts
machadoum
added a commit
that referenced
this pull request
Jan 24, 2025
…enablement and init APIs (#207374) (#208223) # Backport This will backport the following commits from `main` to `8.x`: - [[SecuritySolution] Add enrichPolicyExecutionInterval to entity enablement and init APIs (#207374)](#207374) <!--- Backport version: 9.6.4 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Pablo Machado","email":"[email protected]"},"sourceCommit":{"committedDate":"2025-01-24T13:09:12Z","message":"[SecuritySolution] Add enrichPolicyExecutionInterval to entity enablement and init APIs (#207374)\n\n## Summary\n\nAdd `enrichPolicyExecutionInterval`param to entity enablement and init\nAPIs\n\n### How to test?\n* Start kibana\n* Call the entity store enablement API with a short value for\n`enrichPolicyExecutionInterval` param\n* Check in the logs if the enrichment process is running frequently\n* Clear the entity store\n* Call the entity store enablement API without\n`enrichPolicyExecutionInterval` param\n* Check in the logs if the enrichment process is running less frequently\n\n\n**Enable Entity store API call:**\n```\nPOST kbn:/api/entity_store/enable {\n \"enrichPolicyExecutionInterval\": \"10s\"\n}\n```\n\n**Init Entity store API call:**\n```\nPOST kbn:/api/entity_store/engines/user/init {\n \"enrichPolicyExecutionInterval\": \"10s\"\n}\n\n```\n\n**Enrich policy log message:**\n```\n │ info [o.e.x.e.EnrichPolicyRunner] [...] Policy [entity_store_field_retention_user_default_v1.0.0]: Running enrich policy\n```\n\n\n\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [ ] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [ ] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n\n---------\n\nCo-authored-by: kibanamachine <[email protected]>","sha":"1ca4d967d926a3e6295cb08dcd55dcf1adbd351c","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["v9.0.0","Team: SecuritySolution","release_note:feature","Theme: entity_analytics","Feature:Entity Analytics","Team:Entity Analytics","backport:version","v8.18.0"],"title":"[SecuritySolution] Add enrichPolicyExecutionInterval to entity enablement and init APIs","number":207374,"url":"https://github.com/elastic/kibana/pull/207374","mergeCommit":{"message":"[SecuritySolution] Add enrichPolicyExecutionInterval to entity enablement and init APIs (#207374)\n\n## Summary\n\nAdd `enrichPolicyExecutionInterval`param to entity enablement and init\nAPIs\n\n### How to test?\n* Start kibana\n* Call the entity store enablement API with a short value for\n`enrichPolicyExecutionInterval` param\n* Check in the logs if the enrichment process is running frequently\n* Clear the entity store\n* Call the entity store enablement API without\n`enrichPolicyExecutionInterval` param\n* Check in the logs if the enrichment process is running less frequently\n\n\n**Enable Entity store API call:**\n```\nPOST kbn:/api/entity_store/enable {\n \"enrichPolicyExecutionInterval\": \"10s\"\n}\n```\n\n**Init Entity store API call:**\n```\nPOST kbn:/api/entity_store/engines/user/init {\n \"enrichPolicyExecutionInterval\": \"10s\"\n}\n\n```\n\n**Enrich policy log message:**\n```\n │ info [o.e.x.e.EnrichPolicyRunner] [...] Policy [entity_store_field_retention_user_default_v1.0.0]: Running enrich policy\n```\n\n\n\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [ ] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [ ] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n\n---------\n\nCo-authored-by: kibanamachine <[email protected]>","sha":"1ca4d967d926a3e6295cb08dcd55dcf1adbd351c"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/207374","number":207374,"mergeCommit":{"message":"[SecuritySolution] Add enrichPolicyExecutionInterval to entity enablement and init APIs (#207374)\n\n## Summary\n\nAdd `enrichPolicyExecutionInterval`param to entity enablement and init\nAPIs\n\n### How to test?\n* Start kibana\n* Call the entity store enablement API with a short value for\n`enrichPolicyExecutionInterval` param\n* Check in the logs if the enrichment process is running frequently\n* Clear the entity store\n* Call the entity store enablement API without\n`enrichPolicyExecutionInterval` param\n* Check in the logs if the enrichment process is running less frequently\n\n\n**Enable Entity store API call:**\n```\nPOST kbn:/api/entity_store/enable {\n \"enrichPolicyExecutionInterval\": \"10s\"\n}\n```\n\n**Init Entity store API call:**\n```\nPOST kbn:/api/entity_store/engines/user/init {\n \"enrichPolicyExecutionInterval\": \"10s\"\n}\n\n```\n\n**Enrich policy log message:**\n```\n │ info [o.e.x.e.EnrichPolicyRunner] [...] Policy [entity_store_field_retention_user_default_v1.0.0]: Running enrich policy\n```\n\n\n\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [ ] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [ ] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n\n---------\n\nCo-authored-by: kibanamachine <[email protected]>","sha":"1ca4d967d926a3e6295cb08dcd55dcf1adbd351c"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> --------- Co-authored-by: kibanamachine <[email protected]>
JoseLuisGJ
pushed a commit
to JoseLuisGJ/kibana
that referenced
this pull request
Jan 27, 2025
…ment and init APIs (elastic#207374) ## Summary Add `enrichPolicyExecutionInterval`param to entity enablement and init APIs ### How to test? * Start kibana * Call the entity store enablement API with a short value for `enrichPolicyExecutionInterval` param * Check in the logs if the enrichment process is running frequently * Clear the entity store * Call the entity store enablement API without `enrichPolicyExecutionInterval` param * Check in the logs if the enrichment process is running less frequently **Enable Entity store API call:** ``` POST kbn:/api/entity_store/enable { "enrichPolicyExecutionInterval": "10s" } ``` **Init Entity store API call:** ``` POST kbn:/api/entity_store/engines/user/init { "enrichPolicyExecutionInterval": "10s" } ``` **Enrich policy log message:** ``` │ info [o.e.x.e.EnrichPolicyRunner] [...] Policy [entity_store_field_retention_user_default_v1.0.0]: Running enrich policy ``` ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: kibanamachine <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Add
enrichPolicyExecutionIntervalparam to entity enablement and init APIsHow to test?
enrichPolicyExecutionIntervalparamenrichPolicyExecutionIntervalparamEnable Entity store API call:
Init Entity store API call:
Enrich policy log message:
Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
release_note:*label is applied per the guidelines