8.18 mirror of [Security Solution][Detection Engine] fixes siem-signal update when it was reindexed from v7 to v8 #206119#206120
Closed
vitaliidm wants to merge 5 commits intoelastic:8.xfrom
Closed
Conversation
…t was reindexed from v7 to v8
Contributor
|
🤖 Jobs for this PR can be triggered through checkboxes. 🚧
ℹ️ To trigger the CI, please tick the checkbox below 👇
|
vitaliidm
added a commit
that referenced
this pull request
Jan 24, 2025
…t was reindexed from v7 to v8 (#206119) ## Summary - addresses elastic/security-team#11440 ### Testing 1. Create cloud env of 7.17 version, (East US 2 (Virginia) on Azurem where 8.18 snapshot available) 2. Create rule 3. Generate alerts 4. Create cloud env of 8.18 from existing 7.x snapshot (Restore snapshot data option) 5. Connect local Kibana of 8.18 from mirror branch of this one(#206120) 6. Add to Kibana dev config following options to enable Upgrade assistant(UA) showing outdated indices ```yml xpack.upgrade_assistant.featureSet: mlSnapshots: true migrateDataStreams: true migrateSystemIndices: true reindexCorrectiveActions: true ``` 7. When Kibana started DO NOT visit Detection rule or any Security page 8. Open KIbana Upgrade Assistant, 9. Got to step 3 - Review deprecated settings and resolve issues 11. Click Elasticsearch section 12. Find outdated .siem-signals-* index 13. Reindex it 14. Visit detection page to ensure index API updated mappings Visit to that page should initiate `POST /api/detection_engine/index`, which updates mappings Subsequent index status check should return: ```JSON GET kbn:/api/detection_engine/index // should return { "name": ".alerts-security.alerts-default", "index_mapping_outdated": false } ```
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jan 24, 2025
…t was reindexed from v7 to v8 (elastic#206119) ## Summary - addresses elastic/security-team#11440 ### Testing 1. Create cloud env of 7.17 version, (East US 2 (Virginia) on Azurem where 8.18 snapshot available) 2. Create rule 3. Generate alerts 4. Create cloud env of 8.18 from existing 7.x snapshot (Restore snapshot data option) 5. Connect local Kibana of 8.18 from mirror branch of this one(elastic#206120) 6. Add to Kibana dev config following options to enable Upgrade assistant(UA) showing outdated indices ```yml xpack.upgrade_assistant.featureSet: mlSnapshots: true migrateDataStreams: true migrateSystemIndices: true reindexCorrectiveActions: true ``` 7. When Kibana started DO NOT visit Detection rule or any Security page 8. Open KIbana Upgrade Assistant, 9. Got to step 3 - Review deprecated settings and resolve issues 11. Click Elasticsearch section 12. Find outdated .siem-signals-* index 13. Reindex it 14. Visit detection page to ensure index API updated mappings Visit to that page should initiate `POST /api/detection_engine/index`, which updates mappings Subsequent index status check should return: ```JSON GET kbn:/api/detection_engine/index // should return { "name": ".alerts-security.alerts-default", "index_mapping_outdated": false } ``` (cherry picked from commit 5c67037)
JoseLuisGJ
pushed a commit
to JoseLuisGJ/kibana
that referenced
this pull request
Jan 27, 2025
…t was reindexed from v7 to v8 (elastic#206119) ## Summary - addresses elastic/security-team#11440 ### Testing 1. Create cloud env of 7.17 version, (East US 2 (Virginia) on Azurem where 8.18 snapshot available) 2. Create rule 3. Generate alerts 4. Create cloud env of 8.18 from existing 7.x snapshot (Restore snapshot data option) 5. Connect local Kibana of 8.18 from mirror branch of this one(elastic#206120) 6. Add to Kibana dev config following options to enable Upgrade assistant(UA) showing outdated indices ```yml xpack.upgrade_assistant.featureSet: mlSnapshots: true migrateDataStreams: true migrateSystemIndices: true reindexCorrectiveActions: true ``` 7. When Kibana started DO NOT visit Detection rule or any Security page 8. Open KIbana Upgrade Assistant, 9. Got to step 3 - Review deprecated settings and resolve issues 11. Click Elasticsearch section 12. Find outdated .siem-signals-* index 13. Reindex it 14. Visit detection page to ensure index API updated mappings Visit to that page should initiate `POST /api/detection_engine/index`, which updates mappings Subsequent index status check should return: ```JSON GET kbn:/api/detection_engine/index // should return { "name": ".alerts-security.alerts-default", "index_mapping_outdated": false } ```
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
…t was reindexed from v7 to v8
Summary
Summarize your PR. If it involves visual changes include a screenshot or gif.
Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
release_note:breakinglabel should be applied in these situations.release_note:*label is applied per the guidelinesIdentify risks
Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss.
Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging.