[Security Solution][Detections] Migrate from shadow saved object for managing actions configured to fire at specific intervals #100958
Assignees
Labels
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
technical debt
Improvement of the software architecture and operational architecture
Comments
spong
added
technical debt
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Addressed in 7.16 - related work found here. Closing out for now. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently the Detection Engine uses a few separate SO's for managing additional state, sometimes as a stopgap while other solutions were under development. Details on all SO's managed by Detections are detailed in this comment here: #60053 (comment).
Actions/Notifications SO's:
For managing Rule Actions that run at configured intervals (instead of
at rule execution) the initial implementation included an additional shadow SO -- this issue is for investigating if it's possible to remove this additional shadow SO in favor of leveraging the functionality from the underlying alerting framework.Custom Action Interval from Core Alerting UI:
The text was updated successfully, but these errors were encountered: