[Detection Engine] Remove technical preview for certain rule types of alert suppression#195425
Merged
yctercero merged 9 commits intoelastic:mainfrom Oct 10, 2024
Merged
Conversation
yctercero
added
v9.0.0
v8.16.0
release_note:skip
Contributor
|
Pinging @elastic/security-detection-engine (Team:Detection Engine) |
|
Let's align on ML rule type, the rest is good! |
nkhristinin
approved these changes
Oct 9, 2024
…o/kibana into remove_tech_preview_suppression
Contributor
Author
Chatted with @rylnd and GA-ing ML suppression. |
Contributor
💚 Build Succeeded
Metrics [docs]Async chunks
Page load bundle
History
cc @yctercero |
Contributor
|
Starting backport for target branches: 8.x https://github.com/elastic/kibana/actions/runs/11265043811 |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Oct 10, 2024
… alert suppression (elastic#195425) ## Summary GA-ing alert suppression for IM rule, ML rule, Threshold rule, ES|QL rule and New Terms rule. Thanks to @vitaliidm for setting up the groundwork to easily update which rules GA. Rules that remain in technical preview are: EQL. (cherry picked from commit 65ed989)
Contributor
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Oct 10, 2024
…pes of alert suppression (#195425) (#195694) # Backport This will backport the following commits from `main` to `8.x`: - [[Detection Engine] Remove technical preview for certain rule types of alert suppression (#195425)](#195425) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Yara Tercero","email":"yctercero@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-10-10T00:14:03Z","message":"[Detection Engine] Remove technical preview for certain rule types of alert suppression (#195425)\n\n## Summary\r\n\r\nGA-ing alert suppression for IM rule, ML rule, Threshold rule, ES|QL\r\nrule and New Terms rule. Thanks to @vitaliidm for setting up the\r\ngroundwork to easily update which rules GA.\r\n\r\nRules that remain in technical preview are: EQL.","sha":"65ed9899de2733ec7017ef7277bd24723131684a","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detection Engine","v8.16.0","backport:version"],"title":"[Detection Engine] Remove technical preview for certain rule types of alert suppression","number":195425,"url":"https://github.com/elastic/kibana/pull/195425","mergeCommit":{"message":"[Detection Engine] Remove technical preview for certain rule types of alert suppression (#195425)\n\n## Summary\r\n\r\nGA-ing alert suppression for IM rule, ML rule, Threshold rule, ES|QL\r\nrule and New Terms rule. Thanks to @vitaliidm for setting up the\r\ngroundwork to easily update which rules GA.\r\n\r\nRules that remain in technical preview are: EQL.","sha":"65ed9899de2733ec7017ef7277bd24723131684a"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/195425","number":195425,"mergeCommit":{"message":"[Detection Engine] Remove technical preview for certain rule types of alert suppression (#195425)\n\n## Summary\r\n\r\nGA-ing alert suppression for IM rule, ML rule, Threshold rule, ES|QL\r\nrule and New Terms rule. Thanks to @vitaliidm for setting up the\r\ngroundwork to easily update which rules GA.\r\n\r\nRules that remain in technical preview are: EQL.","sha":"65ed9899de2733ec7017ef7277bd24723131684a"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Yara Tercero <yctercero@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
GA-ing alert suppression for IM rule, ML rule, Threshold rule, ES|QL rule and New Terms rule. Thanks to @vitaliidm for setting up the groundwork to easily update which rules GA.
Rules that remain in technical preview are: EQL.
Screenshots below are the updated states.
Rule creation
EQL
Threshold
New terms
ES|QL
Indicator Match
Custom Query
ML
Rule details
EQL
ES|QL
Threshold
New Terms
IM
ML
Alert details
EQL
GA-ed rules