elasticmachine
commented
1 week ago Pinging @elastic/security-detection-engine (Team:Detection Engine)
Open marshallmain opened 1 week ago
elasticmachine
commented
1 week ago Pinging @elastic/security-detection-engine (Team:Detection Engine)
Parent issue: https://github.com/elastic/security-team/issues/10106
When we build the query filter from exception items in https://github.com/elastic/kibana/blob/main/x-pack/plugins/lists/server/services/exception_lists/build_exception_filter.ts, we make a separate request for every single value list referenced by exception items. If an exception list has many items that reference small value lists, the overhead of creating separate requests for every list is expensive. We should both deduplicate these requests when a single list is referenced by multiple items and combine multiple small requests into one larger request when possible, fetching multiple lists at once.