Skip to content

[9.1] Moved scheduleNow call to privmon engine init instead of monitoring source engine - bug fix (#230263) #230451

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kibanamachine merged 2 commits into from
Aug 4, 2025
Merged

[9.1] Moved scheduleNow call to privmon engine init instead of monitoring source engine - bug fix (#230263) #230451

kibanamachine merged 2 commits into from
Aug 4, 2025

Conversation

@kibanamachine
Copy link
Contributor

@kibanamachine kibanamachine commented Aug 4, 2025

Backport

This will backport the following commits from main to 9.1:

Questions ?

Please refer to the Backport tool documentation

@CAWilson94 @kibanamachine @machadoum
Moved scheduleNow call to privmon engine init instead of monitoring s…
40749b4 
…ource engine - bug fix (elastic#230263)

## Summary
This PR moves the scheduleNow call from the monitoring engine
initialization to the privilege monitoring initialisation step. This
change ensures the task is only scheduled after the Privileged
Monitoring Engine has been properly created and is ready — resolving the
dependency issue.

The flow for starting a sync with the monitoring engine is -
1. Create privileged users.
2. Register these with the monitoring source
3. Initialise the privilege monitoring engine - will trigger
scheduleNow, and therefore the task.

Also added a try catch around engine status for handling the case of
status undefined within scheduleNow call.

### Testing Changes
1. Open fresh kibana and ES
2. Enable Advanced Settings

**UI Test:**
1. Navigate to privileged monitoring page
2. Select index modal - create new index from here
3. Select 'add Privileged users'

Look at kibana logs - "Running privilege monitoring task" should show
UI should have closed modal, onto the privmon screen.

**Dev Tools Test:**
1. **Create test index/ indicies**

```
PUT /tatooine-
{
  "mappings": {
    "properties": {
      "user": {
        "properties": {
          "name": {
            "type": "keyword",
            "fields": {
              "text": {
                "type": "text"
              }
            }
          }
        }
      }
    }
  }
}

```
2. **OPTIONAL - Add some users to this**
```
POST tatooine-/_bulk
{ "index": {} }
{ "user": { "name": "Luke Skywalker" } }
{ "index": {} }
{ "user": { "name": "Leia Organa" } }
{ "index": {} }
{ "user": { "name": "Han Solo" } }
{ "index": {} }
{ "user": { "name": "Chewbacca" } }
{ "index": {} }
{ "user": { "name": "Obi-Wan Kenobi" } }
{ "index": {} }
{ "user": { "name": "Yoda" } }
{ "index": {} }
{ "user": { "name": "R2-D2" } }
{ "index": {} }
{ "user": { "name": "C-3PO" } }
{ "index": {} }
{ "user": { "name": "Darth Vader" } }
```
3. **Register Monitoring Entity Source Saved Objects**
```
POST kbn:/api/entity_analytics/monitoring/entity_source
{
  "type": "index",
  "name": "StarWars",
  "managed": true,
  "indexPattern": "tatooine-",
  "enabled": true,
 "matchers": [
    {
      "fields": ["user.role"],
      "values": ["admin"]
    }
  ],
  "filter": {}
}

```
4. **Initialise monitoring engine:**
```
POST kbn:/api/entity_analytics/monitoring/engine/init {}
```
Should all work as expected (famous last words)

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: machadoum <pablo.nevesmachado@elastic.co>
(cherry picked from commit 20ea09a)
@kibanamachine kibanamachine added the backport This PR is a backport of another PR label Aug 4, 2025
@kibanamachine kibanamachine enabled auto-merge (squash) August 4, 2025 16:11
@kibanamachine kibanamachine mentioned this pull request Aug 4, 2025
Merged
@jaredburgettelastic
Copy link
Contributor

jaredburgettelastic commented Aug 4, 2025

@elasticmachine merge upstream

@kibanamachine kibanamachine merged commit 41e0968 into elastic:9.1 Aug 4, 2025
12 checks passed
@elasticmachine
Copy link
Contributor

elasticmachine commented Aug 4, 2025

💚 Build Succeeded

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 7770 7771 +1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 9.8MB 9.8MB +413.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
securitySolution 94.4KB 94.4KB +1.0B

History

cc @CAWilson94

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

@CAWilson94 CAWilson94

Labels

backport This PR is a backport of another PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@kibanamachine @jaredburgettelastic @elasticmachine @CAWilson94