elasticmachine
commented
1 year ago Pinging @elastic/security-detections-response (Team:Detections and Resp)
Open banderror opened 1 year ago
elasticmachine
commented
1 year ago Pinging @elastic/security-detections-response (Team:Detections and Resp)
elasticmachine
commented
1 year ago Pinging @elastic/security-solution (Team: SecuritySolution)
Related to: https://github.com/elastic/kibana/issues/137428
Summary
In the
_rule_management_filtersendpoint, we fetch aggregated information needed for filters on the Rule Management page.In order to fetch how many prebuilt and custom rules we have, we run two search requests in parallel:
https://github.com/banderror/kibana/blob/bf22a48a91f55d4d72961da074ede02118b318c7/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/filters/route.ts#L34-L52
We could do it using a single aggregation request similar to how it is done for fetching aggregated tags in the same endpoint:
https://github.com/banderror/kibana/blob/bf22a48a91f55d4d72961da074ede02118b318c7/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/tags/read_tags/read_tags.ts#L19-L35
We could go further and combine aggs for fetching aggregated tags and the number of rules into a single call to
rulesClient.aggregate(), optimizing this endpoint to making only one call to Elasticsearch.