Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RAC][Security Solution][Detections] Integrate Rule Execution Log into HTTP route handlers #106466

Closed
Tracked by #101013
banderror opened this issue Jul 21, 2021 · 2 comments
Closed
Tracked by #101013

[RAC][Security Solution][Detections] Integrate Rule Execution Log into HTTP route handlers #106466

banderror opened this issue Jul 21, 2021 · 2 comments
Assignees
@xcrzx
Labels
Feature:Detection Rules Security Solution rules and Detection Engine Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Theme: rac label obsolete

Comments

@banderror
Copy link
Contributor

Parent ticket: #101013

Summary

Update all HTTP route handlers in security_solution to start fetching execution events and metrics from the Rule Execution Log instead of custom saved objects.

Note that in some of the route handlers we write to the custom saved objects, so this needs to be updated as well.

Note that the route handlers might not yet support the new rule type ids, and working with the Log might not work because of this. It would be up to the engineer working on this ticket to decide how to handle it: as part of this work or separately.
@banderror banderror added Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Jul 21, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@banderror banderror mentioned this issue Jul 21, 2021
Closed
11 tasks
@banderror banderror changed the title [Security Solution][Detections] Integrate Rule Execution Log into HTTP route handlers [RAC][Security Solution][Detections] Integrate Rule Execution Log into HTTP route handlers Jul 21, 2021
@banderror banderror added Feature:Detection Rules Security Solution rules and Detection Engine Theme: rac label obsolete labels Jul 21, 2021
@banderror banderror mentioned this issue Aug 2, 2021
Merged
3 tasks
@xcrzx
Copy link
Contributor

xcrzx commented Aug 3, 2021

Implemented in #103463

@xcrzx xcrzx closed this as completed Aug 3, 2021
@xcrzx xcrzx mentioned this issue Aug 17, 2021
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@xcrzx xcrzx

Labels
Feature:Detection Rules Security Solution rules and Detection Engine Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Theme: rac label obsolete
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@xcrzx @banderror @elasticmachine