[Entity Analytics] Asset Criticality soft delete#193591
Merged
tiansivive merged 10 commits intoelastic:mainfrom Sep 25, 2024
Merged
[Entity Analytics] Asset Criticality soft delete#193591tiansivive merged 10 commits intoelastic:mainfrom
tiansivive merged 10 commits intoelastic:mainfrom
Conversation
tiansivive
added
8.16 candidate
release_note:skip
Contributor
|
Pinging @elastic/security-entity-analytics (Team:Entity Analytics) |
machadoum
reviewed
Sep 24, 2024
Member
machadoum
left a comment
machadoum
left a comment
There was a problem hiding this comment.
Hey!
I checked the code and dek-tested it. Everything looks great. 👏 👏 👏
I have a couple of questions:
- Could you add a test that verifies if the risk score doesn't consider deleted asset criticalities?
- Should we also support delete as a valid value for bulk upload? [not in the PR scope]
Thank you! 👏
| } & Pick<Parameters<ElasticsearchClient['helpers']['bulk']>[0], 'flushBytes' | 'retries'>; | ||
|
|
||
| type StoredAssetCriticalityRecord = { | ||
| [K in keyof AssetCriticalityRecord]: K extends 'criticality_level' |
Contributor
Author
There was a problem hiding this comment.
yeah, idk, any suggestions to improve readability here? 😅
TS syntax is quite verbose for type computations, but maybe we can extract out the behaviour of "setting the type of a value for a specific key K"?
Contributor
Author
I don't see a use case for it off the top of my head. Maybe @jaredburgettelastic can think of something? |
Contributor
Author
|
@elasticmachine merge upstream |
💚 Build Succeeded
Metrics [docs]
History
To update your PR or re-run it, just comment with: |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Sep 25, 2024
## Summary This PR introduces a "soft delete" for Asset Criticality records. Instead of deleting the document, we now simply change the criticality field to the value `"deleted"`. This value is fully managed on Kibana and should not be exposed to the client side. ### How to test 1. Add some host/user data 2. Make sure to enable the `entityStoreEnabled` feature flag 3. Assign asset criticality to a user/host. * You may need to enable Asset Criticality in Kibana Advanced Settings 5. Verify the criticality has been assigned by `GET .asset-citicality*`. 6. Unassign the criticality for that host/user via the UI. 7. `GET`ing the criticality index should now still show the updated record with `"deleted"` criticality value 8. The Ui should also show criticality as `Unassigned` for the deleted record. Implements elastic/security-team#10531, which is part of the overall [Entity Store for 8.16](elastic/security-team#10529) work (cherry picked from commit a8c7e06)
Contributor
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Sep 25, 2024
…4010) # Backport This will backport the following commits from `main` to `8.x`: - [[Entity Analytics] Asset Criticality soft delete (#193591)](#193591) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Tiago Vila Verde","email":"tiago.vilaverde@elastic.co"},"sourceCommit":{"committedDate":"2024-09-25T13:54:30Z","message":"[Entity Analytics] Asset Criticality soft delete (#193591)\n\n## Summary\r\n\r\nThis PR introduces a \"soft delete\" for Asset Criticality records.\r\nInstead of deleting the document, we now simply change the criticality\r\nfield to the value `\"deleted\"`.\r\nThis value is fully managed on Kibana and should not be exposed to the\r\nclient side.\r\n\r\n\r\n### How to test\r\n\r\n1. Add some host/user data\r\n2. Make sure to enable the `entityStoreEnabled` feature flag\r\n3. Assign asset criticality to a user/host.\r\n* You may need to enable Asset Criticality in Kibana Advanced Settings\r\n5. Verify the criticality has been assigned by `GET .asset-citicality*`.\r\n6. Unassign the criticality for that host/user via the UI.\r\n7. `GET`ing the criticality index should now still show the updated\r\nrecord with `\"deleted\"` criticality value\r\n8. The Ui should also show criticality as `Unassigned` for the deleted\r\nrecord.\r\n\r\n\r\n\r\nImplements elastic/security-team#10531, which\r\nis part of the overall [Entity Store for\r\n8.16](elastic/security-team#10529) work","sha":"a8c7e0659635994546874fb1f7ec1304fa4f8353","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","backport:prev-minor","Feature:Entity Analytics","Team:Entity Analytics","8.16 candidate","v8.16.0"],"title":"[Entity Analytics] Asset Criticality soft delete","number":193591,"url":"https://github.com/elastic/kibana/pull/193591","mergeCommit":{"message":"[Entity Analytics] Asset Criticality soft delete (#193591)\n\n## Summary\r\n\r\nThis PR introduces a \"soft delete\" for Asset Criticality records.\r\nInstead of deleting the document, we now simply change the criticality\r\nfield to the value `\"deleted\"`.\r\nThis value is fully managed on Kibana and should not be exposed to the\r\nclient side.\r\n\r\n\r\n### How to test\r\n\r\n1. Add some host/user data\r\n2. Make sure to enable the `entityStoreEnabled` feature flag\r\n3. Assign asset criticality to a user/host.\r\n* You may need to enable Asset Criticality in Kibana Advanced Settings\r\n5. Verify the criticality has been assigned by `GET .asset-citicality*`.\r\n6. Unassign the criticality for that host/user via the UI.\r\n7. `GET`ing the criticality index should now still show the updated\r\nrecord with `\"deleted\"` criticality value\r\n8. The Ui should also show criticality as `Unassigned` for the deleted\r\nrecord.\r\n\r\n\r\n\r\nImplements elastic/security-team#10531, which\r\nis part of the overall [Entity Store for\r\n8.16](elastic/security-team#10529) work","sha":"a8c7e0659635994546874fb1f7ec1304fa4f8353"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/193591","number":193591,"mergeCommit":{"message":"[Entity Analytics] Asset Criticality soft delete (#193591)\n\n## Summary\r\n\r\nThis PR introduces a \"soft delete\" for Asset Criticality records.\r\nInstead of deleting the document, we now simply change the criticality\r\nfield to the value `\"deleted\"`.\r\nThis value is fully managed on Kibana and should not be exposed to the\r\nclient side.\r\n\r\n\r\n### How to test\r\n\r\n1. Add some host/user data\r\n2. Make sure to enable the `entityStoreEnabled` feature flag\r\n3. Assign asset criticality to a user/host.\r\n* You may need to enable Asset Criticality in Kibana Advanced Settings\r\n5. Verify the criticality has been assigned by `GET .asset-citicality*`.\r\n6. Unassign the criticality for that host/user via the UI.\r\n7. `GET`ing the criticality index should now still show the updated\r\nrecord with `\"deleted\"` criticality value\r\n8. The Ui should also show criticality as `Unassigned` for the deleted\r\nrecord.\r\n\r\n\r\n\r\nImplements elastic/security-team#10531, which\r\nis part of the overall [Entity Store for\r\n8.16](elastic/security-team#10529) work","sha":"a8c7e0659635994546874fb1f7ec1304fa4f8353"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Tiago Vila Verde <tiago.vilaverde@elastic.co>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR introduces a "soft delete" for Asset Criticality records. Instead of deleting the document, we now simply change the criticality field to the value
"deleted".This value is fully managed on Kibana and should not be exposed to the client side.
How to test
entityStoreEnabledfeature flagGET .asset-citicality*.GETing the criticality index should now still show the updated record with"deleted"criticality valueUnassignedfor the deleted record.Implements https://github.com/elastic/security-team/issues/10531, which is part of the overall Entity Store for 8.16 work