Skip to content

[Security Solution] XDR Correlation Engine - Spike #257949

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
patrykkopycinski wants to merge 33 commits into from
Closed

[Security Solution] XDR Correlation Engine - Spike #257949

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
e48811e
[Security Solution] Add XDR Correlation Engine rule type (spike)
patrykkopycinski Mar 16, 2026
c8e612f
[Security Solution] Add correlation rule tests and UI form fields
patrykkopycinski Mar 16, 2026
d1f9224
[Security Solution] Fix correlation engine bugs from audit
patrykkopycinski Mar 16, 2026
11e6d82
[Security Solution] Add performance safeguards and perf tests for cor…
patrykkopycinski Mar 16, 2026
7e560c8
Changes from yarn openapi:generate
kibanamachine Mar 16, 2026
f2593c0
[Security Solution] Add correlation rule preview, timeline, dashboard…
patrykkopycinski Mar 16, 2026
b48d9ac
[Security Solution] Add alert enrichment, cross-cluster correlation, …
patrykkopycinski Mar 16, 2026
51dee22
Changes from yarn openapi:generate
kibanamachine Mar 16, 2026
f183433
[Security Solution] Add dynamic cluster picker, flyout enrichment, an…
patrykkopycinski Mar 16, 2026
c862429
[Security Solution] Add server-side correlation type recommendation a…
patrykkopycinski Mar 16, 2026
cb36100
fix: audit-driven hardening for correlation engine
patrykkopycinski Mar 16, 2026
789836a
test: add full unit test coverage for correlation engine
patrykkopycinski Mar 16, 2026
5d8b7c4
fix: remove duplicate frozenIndicesQueriedCount declaration
patrykkopycinski Mar 16, 2026
9fadac8
fix: register correlation FTR configs in Buildkite manifests
patrykkopycinski Mar 16, 2026
19545ad
fix: resolve TS type errors for correlation rule type
patrykkopycinski Mar 17, 2026
0cca7f8
Changes from yarn openapi:generate
kibanamachine Mar 17, 2026
ed92415
fix: resolve remaining TS errors in FTR tests and preview helper
patrykkopycinski Mar 17, 2026
0ec70a3
fix: move correlation types to non-generated file
patrykkopycinski Mar 17, 2026
572cc24
Changes from yarn openapi:generate
kibanamachine Mar 17, 2026
d9aff7e
Changes from node scripts/eslint_all_files --no-cache --fix
kibanamachine Mar 17, 2026
f405936
fix: resolve type mismatches between gen and augmented rule types
patrykkopycinski Mar 17, 2026
0d9fe14
fix: update test expectations for siem.correlationRule type
patrykkopycinski Mar 17, 2026
8ea88ba
fix: mock useIsExperimentalFeatureEnabled in SelectRuleType shallow test
patrykkopycinski Mar 17, 2026
3ad3158
fix: unskip all correlation tests — use real rule execution and synth…
patrykkopycinski Mar 17, 2026
14f1a6d
docs: add comprehensive spike documentation and QA validation for XDR…
patrykkopycinski Mar 21, 2026
5978df2
feat: implement production-readiness improvements for XDR correlation…
patrykkopycinski Mar 21, 2026
0e682cc
perf: implement major performance optimizations for XDR correlation r…
patrykkopycinski Mar 21, 2026
df7b4cd
feat: implement cross-space RBAC security model for correlation rules
patrykkopycinski Mar 22, 2026
c5878b8
Merge upstream/main into xdr-correlation-engine spike
patrykkopycinski Mar 22, 2026
d2bb27b
chore: remove internal docs and unrelated files from PR
patrykkopycinski Mar 22, 2026
f79c6a0
docs: add production-ready spike specifications for MITRE Auto-Map an…
patrykkopycinski Mar 22, 2026
d0c4021
docs: add team dependencies analysis and autonomous shipping strategy
patrykkopycinski Mar 22, 2026
2fb249a
chore: remove specs for other spikes from correlation PR
patrykkopycinski Mar 22, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .buildkite/ftr_security_serverless_configs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@ enabled:
- x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/long/basic_license_essentials_tier/configs/serverless.config.ts
- x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/text/basic_license_essentials_tier/configs/serverless.config.ts
- x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/workflows/basic_license_essentials_tier/configs/serverless.config.ts
- x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/correlation/trial_license_complete_tier/configs/serverless.config.ts
- x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/eql/trial_license_complete_tier/configs/serverless.config.ts
- x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/esql/trial_license_complete_tier/configs/serverless.config.ts
- x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/general_logic/trial_license_complete_tier/configs/serverless.config.ts
Expand Down
1 change: 1 addition & 0 deletions .buildkite/ftr_security_stateful_configs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ enabled:
- x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/long/basic_license_essentials_tier/configs/ess.config.ts
- x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/text/basic_license_essentials_tier/configs/ess.config.ts
- x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/workflows/basic_license_essentials_tier/configs/ess.config.ts
- x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/correlation/trial_license_complete_tier/configs/ess.config.ts
- x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/eql/trial_license_complete_tier/configs/ess.config.ts
- x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/esql/trial_license_complete_tier/configs/ess.config.ts
- x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/general_logic/trial_license_complete_tier/configs/ess.config.ts
Expand Down
Loading
Loading