Skip to content

[8.x] [Security Solution][Detection Engine] adds preview logged requests for new terms, threshold, query, ML rule types (#203320)#208581

Merged
kibanamachine merged 1 commit intoelastic:8.xfrom
kibanamachine:backport/8.x/pr-203320
Jan 28, 2025
Merged

[8.x] [Security Solution][Detection Engine] adds preview logged requests for new terms, threshold, query, ML rule types (#203320)#208581
kibanamachine merged 1 commit intoelastic:8.xfrom
kibanamachine:backport/8.x/pr-203320

Conversation

@kibanamachine
Copy link
Copy Markdown
Contributor

@kibanamachine kibanamachine commented Jan 28, 2025

Backport

This will backport the following commits from main to 8.x:

Questions ?

Please refer to the Backport tool documentation

@vitaliidm @kibanamachine
[Security Solution][Detection Engine] adds preview logged requests fo…
4271154 
…r new terms, threshold, query, ML rule types (elastic#203320)

## Summary

- partially addresses elastic#202545
(except of IM rule type)
- extends logged requests preview for:
  - [x] New terms
  - [x] Query
  - [x] ML
  - [x] Threshold
- For Threshold, Query, New terms rule type introduced Page view, where
each loop of rule execution is presented as a separate page
- Only first 2 search queries requests of each type are logged for
performance reasons(rule can have very a large and multiple requests).
That's why property **request** was made not mandatory in
`rule_preview.schema.yaml`

### DEMO

https://github.com/user-attachments/assets/abfbd3ff-d06c-4892-b805-0f05084042ed

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
(cherry picked from commit 0f996c3)
@kibanamachine kibanamachine added the backport This PR is a backport of another PR label Jan 28, 2025
@kibanamachine kibanamachine enabled auto-merge (squash) January 28, 2025 16:55
@kibanamachine kibanamachine mentioned this pull request Jan 28, 2025
Merged
4 tasks
@kibanamachine kibanamachine merged commit 8d79524 into elastic:8.x Jan 28, 2025
3 checks passed
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Jan 28, 2025

💚 Build Succeeded

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 6621 6623 +2

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 18.5MB 18.5MB +2.0KB
Unknown metric groups

ESLint disabled line counts

id before after diff
securitySolution 575 577 +2

Total ESLint disabled count

id before after diff
securitySolution 658 660 +2

cc @vitaliidm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

@vitaliidm vitaliidm

Labels

backport This PR is a backport of another PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kibanamachine @elasticmachine @vitaliidm