elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.58k stars 8.21k forks source link

When an Alert in Elastic Security is generated from a Machine Learning rule, it doesn't contain the data_stream.namespace field. #189695

Open stuartMoorhouse opened 3 months ago

stuartMoorhouse commented 3 months ago

Elasticsearch Version

8.14

Kibana Version

8.14

Installed Plugins

No response

Java Version

bundled

OS Version

n/a

Problem Description

When an Alert in Elastic Security is generated from a Machine Learning rule, it doesn't contain the data_stream.namespace field.

This is a problem when trying to use namespaces for data coming from Elastic Agent to identify different customers, environments, etc when setting up multi-tenancy.

alert-not-from-machine-learning alert-from-machine-learning

Steps to Reproduce

Set up Elastic Agent on a host. Enable non-ML-based Rules and an ML-based Rule. Trigger the Rules and compare the Alert data.

Logs (if relevant)

No response

elasticmachine commented 2 months ago

Pinging @elastic/response-ops (Team:ResponseOps)

elasticmachine commented 2 months ago

Pinging @elastic/security-detection-engine (Team:Detection Engine)