Security Analytics enables users for detecting security threats on their security event log data. It will also allow them to modify/tailor the pre-packaged solution.
Apache License 2.0
71
stars
72
forks
source link
[BUG] Impossible to create/update detector when one data source index is closed #1103
What is the bug?
It's impossible to create or update a detector when one index behind the alias data source is closed
How can one reproduce the bug?
Steps to reproduce the behavior:
Edit an existing detector
Pick an alias as data source with a closed index
Save your changes
What is the expected behavior?
We would expect to update to be able to create or update a detector even though all the index behind the data source are not opened. In our case we are closing indexing older than 1 month to keep a good search performance. We keep them for some time in case of an incident.
What is your host/environment?
OS: WS2022
Version 2.15
Plugins
Do you have any screenshots?
Do you have any additional context?
I tried to open all the old indexes we have in the cluster and it solved the issue. However the detector is able to detect newly suspicious behaviours
What is the bug? It's impossible to create or update a detector when one index behind the alias data source is closed
How can one reproduce the bug? Steps to reproduce the behavior:
What is the expected behavior? We would expect to update to be able to create or update a detector even though all the index behind the data source are not opened. In our case we are closing indexing older than 1 month to keep a good search performance. We keep them for some time in case of an incident.
What is your host/environment?
Do you have any screenshots?
Do you have any additional context? I tried to open all the old indexes we have in the cluster and it solved the issue. However the detector is able to detect newly suspicious behaviours