[Cloud Security] [Findings] [Vulnerabilities] [Alerts] - Create detection rule#163545
[Cloud Security] [Findings] [Vulnerabilities] [Alerts] - Create detection rule#163545opauloh merged 17 commits intoelastic:mainfrom
Conversation
opauloh
added
release_note:skip
|
Pinging @elastic/kibana-cloud-security-posture (Team:Cloud Security) |
…to alerts/vulnerabilities-rules
JordanSh
left a comment
JordanSh
left a comment
There was a problem hiding this comment.
LGTM 👑, added some comments
| missing_fields_strategy: AlertSuppressionMissingFieldsStrategy.Suppress, | ||
| }, | ||
| index: [LATEST_FINDINGS_INDEX_DEFAULT_NS], | ||
| index: [FINDINGS_INDEX_PATTERN], |
There was a problem hiding this comment.
just wondering, why are we not using the latest-findings/vuln?
There was a problem hiding this comment.
great question, as we plan to deprecate the transforms, having existing rules using the transformed index would make it harder for us to apply backward compatibility in the future. Our transforms routines run every 5 minutes with a 60 seconds delay, and the rule routine runs every hour, there's a small possibility that during this 4 minutes window where data came right after the transform runs, and the rule routine runs, an alert can be triggered before the finding can be seen in the UI, but that's just a couple of minutes delay and worth not having to deal with Backward compatibility later.
💚 Build Succeeded
Metrics [docs]Module Count
Async chunks
Page load bundle
History
To update your PR or re-run it, just comment with: |
…tion rule (#163545) Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
5 participants
Summary
It closes #162112
This PR adds the option to create a detection rule from a Vulnerabilities Flyout using the defaults established here.
it also:
Screenshot
Take Action Button
Success notification
Rule page after clicking the View rule button