search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.68k stars 8.23k forks source link

[Entity Analytics][API] New API to allow user to configure risk engine SO #201344

Open abhishekbhatia1710 opened 3 days ago

abhishekbhatia1710 commented 3 days ago

Summary

New API to allow user to configure saved object

Optional Params required to test the API : 

exclude_alert_statuses : ["open", "closed"]
range : {"start" : "now-40m", "end" : "now"}
exclude_alert_tags : ["False positive"]

Example requests : 

curl --location --request PUT 'http://localhost:5601/api/risk_score/engine/saved_object/configure' \
--header 'kbn-xsrf: hello' \
--header 'elastic-api-version: 2023-10-31' \
--header 'x-elastic-internal-origin: test' \
--header 'Content-Type: application/json' \
--header 'Authorization: <REDACTED>' \
--data '{
    "exclude_alert_statuses" : ["open", "closed"],
    "range": {
        "start" : "now-23m",
        "end" : "now"
    },
    "exclude_alert_tags" : ["False-positive"]
}'

Unit and integration tests are added considering the spaces as well.

Checklist

Check the PR satisfies following conditions.

Reviewers should verify this PR satisfies this list as well.

elasticmachine commented 3 days ago

Pinging @elastic/security-entity-analytics (Team:Entity Analytics)

elasticmachine commented 3 days ago

:yellow_heart: Build succeeded, but was flaky

Failed CI Steps

Test Failures

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 6227 6228 +1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 13.4MB 13.4MB +444.0B

History

cc @abhishekbhatia1710