Skip to content

[8.x] [Security Solution][Detection Engine] add deprecation warning for non-migrated signals (#204247)#205858

Merged
kibanamachine merged 4 commits intoelastic:8.xfrom
kibanamachine:backport/8.x/pr-204247
Jan 8, 2025
Merged

[8.x] [Security Solution][Detection Engine] add deprecation warning for non-migrated signals (#204247)#205858
kibanamachine merged 4 commits intoelastic:8.xfrom
kibanamachine:backport/8.x/pr-204247

Conversation

@kibanamachine
Copy link
Copy Markdown
Contributor

Backport

This will backport the following commits from main to 8.x:

Questions ?

Please refer to the Backport tool documentation

…-migrated signals (elastic#204247)

## Summary

- addresses partly elastic/security-team#10878
 - shows deprecation warning if siem index was not migrated

### How to test

#### How to create legacy siem index?

run script that used for FTR tests

```bash
node scripts/es_archiver --kibana-url=http://elastic:changeme@localhost:5601 --es-url=http://elastic:changeme@localhost:9200 load x-pack/test/functional/es_archives/signals/legacy_signals_index

node scripts/es_archiver --kibana-url=http://elastic:changeme@localhost:5601 --es-url=http://elastic:changeme@localhost:9200 load x-pack/test/functional/es_archives/signals/legacy_signals_index_non_default_space
```
These would create legacy siem indices. But be aware, it might break
Kibana .alerts indices creation. But sufficient for testing

Visit also detection rules page, to ensure alerts index created.
Otherwise,
https://www.elastic.co/guide/en/security/current/signals-migration-api.html#migration-1
API might not show these indices outdated

#### How to test deprecated feature?
1. Observe warning feature deprecation on Kibana Upgrade page, if you
set up legacy siem signals

<details>
<summary> Kibana Upgrade feature deprecation flyout </summary>

<img width="2540" alt="Screenshot 2024-12-17 at 16 59 04"
src="https://github.com/user-attachments/assets/c6aa420f-af69-4545-8400-6a6513f613a9"
/>

 </details>

#### Test outdated indices created in 7.x

1. Create cloud env of 7.x version
2. Create rule, generate alerts for .siem-signals
3. Create cloud env of 8.18 from existing 7.x snapshot (from previous
steps)
4. Connect local Kibana to 8.18 from mirror branch of this
one(elastic#204621)
5. Add to Kibana dev config following options to enable Upgrade
assistant(UA) showing outdated indices
    ```yml
    xpack.upgrade_assistant.featureSet:
      mlSnapshots: true
      migrateDataStreams: true
      migrateSystemIndices: true
      reindexCorrectiveActions: true
    ```
6. Go to Detection rules page, ensure rule is running and new .alerts
index has been created (visiting rules table page should be enough)
7. Open UA, ensure Kibana deprecations show signals are not migrated
8. Open UA, check Elasticsearch deprecations
9. Find outdated siem-signals index
10. Migrate it
11. Check Kibana deprecations still  signals are not migrated
12. Migrate signals using
https://www.elastic.co/guide/en/security/current/signals-migration-api.html
API
13. Ensure Kibana deprecations does not show that space as not migrated

Demo video of migration .siem-signal from another-3 Kibana space

https://github.com/user-attachments/assets/d2729482-d2c8-4a23-a780-ad19d4f52c73
(cherry picked from commit 9cccd30)
@kibanamachine kibanamachine merged commit e671535 into elastic:8.x Jan 8, 2025
@elasticmachine
Copy link
Copy Markdown
Contributor

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] Jest Tests #14 / Test packages All test packages should be valid (node scripts/verify_test_packages)

Metrics [docs]

✅ unchanged

History

cc @vitaliidm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

backport This PR is a backport of another PR

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants