Skip to content

Comments

[8.x] [Security Solution][Detection Engine] Split search request building from search (#216887)#218262

Merged
marshallmain merged 4 commits intoelastic:8.xfrom
marshallmain:backport/8.x/pr-216887
Apr 16, 2025
Merged

[8.x] [Security Solution][Detection Engine] Split search request building from search (#216887)#218262
marshallmain merged 4 commits intoelastic:8.xfrom
marshallmain:backport/8.x/pr-216887

Conversation

@marshallmain
Copy link
Contributor

@marshallmain marshallmain commented Apr 15, 2025

Backport

This will backport the following commits from main to 8.x:

Questions ?

Please refer to the Backport tool documentation

@marshallmain
[Security Solution][Detection Engine] Split search request building f…
c8341ba 
…rom search (elastic#216887)

## Summary

This PR better separates the request building logic in the detection
engine from query building logic, removes outdated error checking logic,
updates the `singleSearchAfter` `search` call to no longer use the
legacy `meta: true` param, and improves search response type inference.

(cherry picked from commit dee4dfb)

# Conflicts:
#	x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_types/new_terms/build_new_terms_aggregation.ts
#	x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_types/query/create_query_alert_type.test.ts
#	x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_types/utils/build_events_query.ts
#	x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_types/utils/single_search_after.test.ts
#	x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_types/utils/single_search_after.ts
@marshallmain marshallmain added the backport This PR is a backport of another PR label Apr 15, 2025
@marshallmain marshallmain enabled auto-merge (squash) April 15, 2025 12:33
@marshallmain marshallmain mentioned this pull request Apr 15, 2025
Merged
@elasticmachine
Copy link
Contributor

elasticmachine commented Apr 16, 2025

💚 Build Succeeded

Metrics [docs]

Unknown metric groups

ESLint disabled line counts

id before after diff
securitySolution 579 578 -1

Total ESLint disabled count

id before after diff
securitySolution 662 661 -1

History

@marshallmain marshallmain merged commit 17ba3ab into elastic:8.x Apr 16, 2025
8 checks passed
@marshallmain marshallmain deleted the backport/8.x/pr-216887 branch April 16, 2025 17:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vitaliidm vitaliidm vitaliidm approved these changes

@kibanamachine kibanamachine Awaiting requested review from kibanamachine

Assignees

No one assigned

Labels

backport This PR is a backport of another PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@marshallmain @elasticmachine @vitaliidm