[Security Solution][Detection Engine] investigate field_caps call in security rule wrapper

elastic / kibana

Your window into the Elastic Stack

https://www.elastic.co/products/kibana

Other

19.47k stars 8.04k forks source link

[Security Solution][Detection Engine] investigate field_caps call in security rule wrapper #187059

Open vitaliidm opened 4 days ago

vitaliidm commented 4 days ago

For number of rules(new terms, IM, threshold) field_caps request is made without any filtering of fields to get all available fields to support wildcard queries. This can put a strain on Kibana/Es instances as field_caps requests can have large response size and in past were a reason for a multiple SDHs.

Investigate if work done in https://github.com/elastic/kibana/pull/186317 can be applied to the rest of rules

elasticmachine commented 4 days ago

Pinging @elastic/security-solution (Team: SecuritySolution)

elasticmachine commented 4 days ago

Pinging @elastic/security-detections-response (Team:Detections and Resp)

elasticmachine commented 4 days ago

Pinging @elastic/security-detection-engine (Team:Detection Engine)