Skip to content

[8.x] [Security Solution][Detection Engine] fixes siem-signal update when it was reindexed from v7 to v8 (#206119)#208174

Merged
kibanamachine merged 1 commit intoelastic:8.xfrom
kibanamachine:backport/8.x/pr-206119
Jan 24, 2025
Merged

[8.x] [Security Solution][Detection Engine] fixes siem-signal update when it was reindexed from v7 to v8 (#206119)#208174
kibanamachine merged 1 commit intoelastic:8.xfrom
kibanamachine:backport/8.x/pr-206119

Conversation

@kibanamachine
Copy link
Copy Markdown
Contributor

@kibanamachine kibanamachine commented Jan 24, 2025

Backport

This will backport the following commits from main to 8.x:

Questions ?

Please refer to the Backport tool documentation

@vitaliidm
[Security Solution][Detection Engine] fixes siem-signal update when i…
8851d05 
…t was reindexed from v7 to v8 (elastic#206119)

## Summary

 - addresses elastic/security-team#11440

### Testing

1. Create cloud env of 7.17 version, (East US 2 (Virginia) on Azurem
where 8.18 snapshot available)
2. Create rule
3. Generate alerts
4. Create cloud env of 8.18 from existing 7.x snapshot (Restore snapshot
data option)
5. Connect local Kibana of 8.18 from mirror branch of this
one(elastic#206120)
6. Add to Kibana dev config following options to enable Upgrade
assistant(UA) showing outdated indices
    ```yml
    xpack.upgrade_assistant.featureSet:
      mlSnapshots: true
      migrateDataStreams: true
      migrateSystemIndices: true
      reindexCorrectiveActions: true
    ```
7. When Kibana started DO NOT visit Detection rule or any Security  page
8. Open KIbana Upgrade Assistant,
9. Got to step 3 - Review deprecated settings and resolve issues
11. Click Elasticsearch section
12. Find outdated .siem-signals-* index
13. Reindex it
14. Visit detection page to ensure index API updated mappings

Visit to that page should initiate `POST /api/detection_engine/index`,
which updates mappings

Subsequent index status check should return:

```JSON
GET kbn:/api/detection_engine/index

// should return

{
  "name": ".alerts-security.alerts-default",
  "index_mapping_outdated": false
}
```

(cherry picked from commit 5c67037)
@kibanamachine kibanamachine added the backport This PR is a backport of another PR label Jan 24, 2025
@kibanamachine kibanamachine enabled auto-merge (squash) January 24, 2025 11:28
@kibanamachine kibanamachine mentioned this pull request Jan 24, 2025
Merged
@kibanamachine kibanamachine merged commit 39b7b73 into elastic:8.x Jan 24, 2025
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Jan 24, 2025

💚 Build Succeeded

Metrics [docs]

✅ unchanged

cc @vitaliidm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

@vitaliidm vitaliidm

Labels

backport This PR is a backport of another PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kibanamachine @elasticmachine @vitaliidm