From de2bb106bd173ed80d54326bd8231661d733dac7 Mon Sep 17 00:00:00 2001 From: jaredburgettelastic Date: Thu, 10 Oct 2024 14:48:09 -0500 Subject: [PATCH 1/5] Flipped Security Entity Store flag to being a "disable" flag, meaning the feature is enabled by default. Also disabled in Serverless. --- config/serverless.security.yml | 5 +++++ .../security_solution/common/experimental_features.ts | 5 +++-- .../entity_analytics/pages/entity_analytics_dashboard.tsx | 4 ++-- .../lib/entity_analytics/register_entity_analytics_routes.ts | 2 +- .../trial_license_complete_tier/configs/ess.config.ts | 5 +---- .../trial_license_complete_tier/configs/serverless.config.ts | 1 - 6 files changed, 12 insertions(+), 10 deletions(-) diff --git a/config/serverless.security.yml b/config/serverless.security.yml index 39346310f78f0..3d143dca19d60 100644 --- a/config/serverless.security.yml +++ b/config/serverless.security.yml @@ -105,3 +105,8 @@ xpack.ml.compatibleModuleType: 'security' # Disable the embedded Dev Console console.ui.embeddedEnabled: false + +# Experimental Security Solution features + +# This feature is disabled in Serverless until fully performance tested within a Serverless environment +xpack.securitySolution.enableExperimental: ['entityStoreDisabled'] diff --git a/x-pack/plugins/security_solution/common/experimental_features.ts b/x-pack/plugins/security_solution/common/experimental_features.ts index 67b9a57af1628..f80e0dfa9f37f 100644 --- a/x-pack/plugins/security_solution/common/experimental_features.ts +++ b/x-pack/plugins/security_solution/common/experimental_features.ts @@ -246,9 +246,10 @@ export const allowedExperimentalValues = Object.freeze({ dataIngestionHubEnabled: false, /** - * Enables the new Entity Store engine routes + * Disables Security's Entity Store engine routes. The Entity Store feature is available by default, but + * can be disabled if necessary in a given environment. */ - entityStoreEnabled: false, + entityStoreDisabled: false, }); type ExperimentalConfigKeys = Array; diff --git a/x-pack/plugins/security_solution/public/entity_analytics/pages/entity_analytics_dashboard.tsx b/x-pack/plugins/security_solution/public/entity_analytics/pages/entity_analytics_dashboard.tsx index 48d2911e7c36a..90f5ec66c8a38 100644 --- a/x-pack/plugins/security_solution/public/entity_analytics/pages/entity_analytics_dashboard.tsx +++ b/x-pack/plugins/security_solution/public/entity_analytics/pages/entity_analytics_dashboard.tsx @@ -32,7 +32,7 @@ const EntityAnalyticsComponent = () => { const { indicesExist, loading: isSourcererLoading, sourcererDataView } = useSourcererDataView(); const isRiskScoreModuleLicenseAvailable = useHasSecurityCapability('entity-analytics'); - const isEntityStoreEnabled = useIsExperimentalFeatureEnabled('entityStoreEnabled'); + const isEntityStoreDisabled = useIsExperimentalFeatureEnabled('entityStoreDisabled'); return ( <> @@ -71,7 +71,7 @@ const EntityAnalyticsComponent = () => { - {isEntityStoreEnabled ? ( + {!isEntityStoreDisabled ? ( diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/register_entity_analytics_routes.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/register_entity_analytics_routes.ts index b4eb0d36e21fb..bd097e8641637 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/register_entity_analytics_routes.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/register_entity_analytics_routes.ts @@ -15,7 +15,7 @@ export const registerEntityAnalyticsRoutes = (routeDeps: EntityAnalyticsRoutesDe registerAssetCriticalityRoutes(routeDeps); registerRiskScoreRoutes(routeDeps); registerRiskEngineRoutes(routeDeps); - if (routeDeps.config.experimentalFeatures.entityStoreEnabled) { + if (!routeDeps.config.experimentalFeatures.entityStoreDisabled) { registerEntityStoreRoutes(routeDeps); } }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/configs/ess.config.ts index ba7a4c83e2ad7..9c168e481df2e 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/configs/ess.config.ts @@ -15,10 +15,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { ...functionalConfig.getAll(), kbnTestServer: { ...functionalConfig.get('kbnTestServer'), - serverArgs: [ - ...functionalConfig.get('kbnTestServer.serverArgs'), - `--xpack.securitySolution.enableExperimental=${JSON.stringify(['entityStoreEnabled'])}`, - ], + serverArgs: [...functionalConfig.get('kbnTestServer.serverArgs')], }, testFiles: [require.resolve('..')], junit: { diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/configs/serverless.config.ts index 990bdd8778aeb..f447df7d83cbc 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/configs/serverless.config.ts @@ -9,7 +9,6 @@ import { createTestConfig } from '../../../../../config/serverless/config.base'; export default createTestConfig({ kbnTestServerArgs: [ - `--xpack.securitySolution.enableExperimental=${JSON.stringify(['entityStoreEnabled'])}`, `--xpack.securitySolutionServerless.productTypes=${JSON.stringify([ { product_line: 'security', product_tier: 'complete' }, { product_line: 'endpoint', product_tier: 'complete' }, From ba061baf8f717cadec9bf6273f6ae45f86f99ad0 Mon Sep 17 00:00:00 2001 From: jaredburgettelastic Date: Fri, 11 Oct 2024 01:40:12 -0500 Subject: [PATCH 2/5] Intentionally skipping entity store integration test in Serverless, as it is disabled there --- .../entity_store/trial_license_complete_tier/entities_list.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entities_list.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entities_list.ts index 133f74a7a68c8..e5b551741fd0d 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entities_list.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entities_list.ts @@ -11,7 +11,7 @@ import { FtrProviderContext } from '../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { const securitySolutionApi = getService('securitySolutionApi'); - describe('@ess @serverless @skipInServerlessMKI Entity store - Entities list API', () => { + describe('@ess Entity store - Entities list API', () => { describe('when the entity store is disable', () => { it("should return response with success status when the index doesn't exist", async () => { const { body } = await securitySolutionApi.listEntities({ From 0e22b40eb6c4710901af2d78b7fb5e922b7d5b56 Mon Sep 17 00:00:00 2001 From: jaredburgettelastic Date: Fri, 11 Oct 2024 08:39:05 -0500 Subject: [PATCH 3/5] Intentionally skipping more entity store integration test in Serverless, as it is disabled there --- .../entity_store/trial_license_complete_tier/engine.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/engine.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/engine.ts index 4fb2360a049cf..2bfec228044b5 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/engine.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/engine.ts @@ -14,7 +14,7 @@ export default ({ getService }: FtrProviderContext) => { const utils = EntityStoreUtils(getService); - describe('@ess @serverless @skipInServerlessMKI Entity Store Engine APIs', () => { + describe('@ess Entity Store Engine APIs', () => { before(async () => { await utils.cleanEngines(); }); From a7c5b50451c4075bb075266360b899968daf5ecb Mon Sep 17 00:00:00 2001 From: jaredburgettelastic Date: Sat, 12 Oct 2024 01:29:37 -0500 Subject: [PATCH 4/5] Fixed newly added feature flag check --- x-pack/plugins/security_solution/server/plugin.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/plugins/security_solution/server/plugin.ts b/x-pack/plugins/security_solution/server/plugin.ts index 9203a068b278d..2ac776d37f1e5 100644 --- a/x-pack/plugins/security_solution/server/plugin.ts +++ b/x-pack/plugins/security_solution/server/plugin.ts @@ -221,7 +221,7 @@ export class Plugin implements ISecuritySolutionPlugin { logger.error(`Error scheduling entity analytics migration: ${err}`); }); - if (experimentalFeatures.entityStoreEnabled) { + if (!experimentalFeatures.entityStoreDisabled) { registerEntityStoreFieldRetentionEnrichTask({ getStartServices: core.getStartServices, logger: this.logger, From 27dd3783ecbf17a26c6fa857b9a84e32f4834794 Mon Sep 17 00:00:00 2001 From: jaredburgettelastic Date: Sat, 12 Oct 2024 22:49:43 -0500 Subject: [PATCH 5/5] Added fix for checking registered task types --- .../test_suites/task_manager/check_registered_task_types.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/x-pack/test/plugin_api_integration/test_suites/task_manager/check_registered_task_types.ts b/x-pack/test/plugin_api_integration/test_suites/task_manager/check_registered_task_types.ts index fcb782b069dbf..b9f085325dc30 100644 --- a/x-pack/test/plugin_api_integration/test_suites/task_manager/check_registered_task_types.ts +++ b/x-pack/test/plugin_api_integration/test_suites/task_manager/check_registered_task_types.ts @@ -137,6 +137,7 @@ export default function ({ getService }: FtrProviderContext) { 'endpoint:complete-external-response-actions', 'endpoint:metadata-check-transforms-task', 'endpoint:user-artifact-packager', + 'entity_store:field_retention:enrichment', 'fleet:check-deleted-files-task', 'fleet:deploy_agent_policies', 'fleet:reassign_action:retry',