Skip to content

[Defend workflows] Stop spreading whole request to ES dsl#162116

Merged
tomsonpl merged 2 commits intoelastic:mainfrom
tomsonpl:stop-spreading-request
Jul 19, 2023
Merged

[Defend workflows] Stop spreading whole request to ES dsl#162116
tomsonpl merged 2 commits intoelastic:mainfrom
tomsonpl:stop-spreading-request

Conversation

@tomsonpl
Copy link
Contributor

@tomsonpl tomsonpl commented Jul 18, 2023
edited
Loading

This PR solved a part of https://github.com/elastic/security-team/issues/6988 which was firstly implemented in: #161806
After giving it some thoughts we decided not to introduce breaking changes to our API yet.

  • remove spreading request in to ES when internal user (osquerySearchStrategyProvider)
  • replace filterQuery with a string (this needs more discussion and spcification of what is needed)

@tomsonpl tomsonpl added chore release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Feature:Osquery Security Solution Osquery feature v8.10.0 labels Jul 18, 2023
@tomsonpl tomsonpl self-assigned this Jul 18, 2023
@tomsonpl tomsonpl marked this pull request as ready for review July 18, 2023 08:55
@tomsonpl tomsonpl requested a review from a team as a code owner July 18, 2023 08:55
@elasticmachine
Copy link
Contributor

elasticmachine commented Jul 18, 2023

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

gergoabraham
gergoabraham approved these changes Jul 18, 2023
View reviewed changes
Copy link
Contributor

@gergoabraham gergoabraham left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks great! please check my question if you are okay with that, otherwise 🚢 it

@kibana-ci
Copy link

kibana-ci commented Jul 18, 2023

💚 Build Succeeded

Metrics [docs]

✅ unchanged

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @tomsonpl

@tomsonpl tomsonpl merged commit 9c7dda0 into elastic:main Jul 19, 2023
@kibanamachine kibanamachine added the backport:skip This PR does not require backporting label Jul 19, 2023
ThomThomson pushed a commit to ThomThomson/kibana that referenced this pull request Aug 1, 2023
@tomsonpl
[Defend workflows] Stop spreading whole request to ES dsl (elastic#16…
b779c4f 
…2116)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@patrykkopycinski patrykkopycinski patrykkopycinski approved these changes

@gergoabraham gergoabraham gergoabraham approved these changes

Assignees

@tomsonpl tomsonpl

Labels

backport:skip This PR does not require backporting chore Feature:Osquery Security Solution Osquery feature release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v8.10.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@tomsonpl @elasticmachine @kibana-ci @patrykkopycinski @gergoabraham @kibanamachine