[Security Solution][Endpoint] adds new alert loading utility and un-skip FTR test for endpoint#144133
Merged
paul-tavares merged 9 commits intoelastic:mainfrom Oct 31, 2022
Conversation
…kip-endpoint-timeline-ftr
paul-tavares
added
release_note:skip
Contributor
Author
Contributor
|
Pinging @elastic/security-onboarding-and-lifecycle-mgt (Team:Onboarding and Lifecycle Mgt) |
Contributor
Author
|
Another flaky run: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/1479 |
ashokaditya
approved these changes
Oct 31, 2022
Member
ashokaditya
left a comment
ashokaditya
left a comment
There was a problem hiding this comment.
I have a few questions but it's good to 🚢
|
|
||
| /** | ||
| * Waits for alerts to have been loaded into `.alerts-security.alerts-default` index | ||
| * Waits for alerts to have been loaded by calling continuously calling the alerts api until data shows up |
Member
There was a problem hiding this comment.
this sentence has one too many calling 😅
| }, | ||
| ], | ||
| malware_classification: { | ||
| identifier: 'endpointpe', |
Member
There was a problem hiding this comment.
is this supposed to be endpointype?
Contributor
Author
There was a problem hiding this comment.
I'm not sure. I essentially "dumped" what a record looked like once the Endpoint rule ran and created alerts and just copied that. This is what I ended up with
| alerts: indexedAlerts, | ||
| cleanup: async (): Promise<void> => { | ||
| if (indexedAlerts.length) { | ||
| this.log.info(`cleaning up loaded endpoint rule alerts`); |
Member
There was a problem hiding this comment.
This doesn't need template literals unless maybe you forgot to log some variables here.
| }; | ||
| } | ||
|
|
||
| private async ensureEndpointRuleAlertsIndexExists() { |
Member
There was a problem hiding this comment.
please add a return type to this function.
Comment on lines
+73
to
+89
| await this.esClient.indices.create({ | ||
| index: indexMappings.index, | ||
| body: { | ||
| settings: indexMappings.settings, | ||
| mappings: indexMappings.mappings, | ||
| aliases: indexMappings.aliases, | ||
| }, | ||
| }); | ||
| } catch (error) { | ||
| // ignore error that indicate index is already created | ||
| if ( | ||
| ['resource_already_exists_exception', 'invalid_alias_name_exception'].includes( | ||
| error?.body?.error?.type | ||
| ) | ||
| ) { | ||
| return; | ||
| } |
Member
There was a problem hiding this comment.
You can also use indices.exists before calling indices.create. Then you won't have to ignore the resource_already_exists_exception. 🤔
…kip-endpoint-timeline-ftr
…timeline-ftr' into task/olm-140701-unskip-endpoint-timeline-ftr
💚 Build Succeeded
Metrics [docs]Unknown metric groupsESLint disabled in files
ESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: |
jloleysens
added a commit
to jloleysens/kibana
that referenced
this pull request
Nov 1, 2022
* main: (43 commits) [Synthetics] Step details page screenshot (elastic#143452) [Lens] Datatable expression types improvement. (elastic#144173) [packages/kbn-journeys] start apm after browser start and stop after browser is closed (elastic#144267) [Files] Make files namespace agnostic (elastic#144019) Implement base browser-side logging system (elastic#144107) Correct wrong multiplier for byte conversion (elastic#143751) [Monaco] Add JSON syntax support to the Monaco editor (elastic#143739) CCS Smoke Test for Remote Clusters and Index Management (elastic#142423) [api-docs] Daily api_docs build (elastic#144294) chore(NA): include progress on Bazel tasks (elastic#144275) [RAM] Allow users to see event logs from all spaces they have access to (elastic#140449) [APM] Show recommended minimum size when going below 5 minutes (elastic#144170) [typecheck] delete temporary target_types dirs in packages (elastic#144271) [Security Solution][Endpoint] adds new alert loading utility and un-skip FTR test for endpoint (elastic#144133) [performance/journeys] revert data_stress_test_lens.ts journey step (elastic#144261) [TIP] Use search strategies in Threat Intelligence (elastic#143267) Optimize react-query dependencies (elastic#144206) [babel/node] invalidate cache when synth pkg map is updated (elastic#144258) [APM] AWS lambda estimated cost (elastic#143986) [Maps] layer group wizard (elastic#144129) ...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
fixes #140701