Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] Use aggregation queries in the internal _rule_management_filters endpoint #166364

Open
banderror opened this issue Sep 13, 2023 · 2 comments
Labels
Feature:Rule Management Security Solution Detection Rule Management area performance refactoring Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. technical debt Improvement of the software architecture and operational architecture

Comments

@banderror
Copy link
Contributor

Related to: #137428

Summary

In the _rule_management_filters endpoint, we fetch aggregated information needed for filters on the Rule Management page.

In order to fetch how many prebuilt and custom rules we have, we run two search requests in parallel:

https://github.com/banderror/kibana/blob/bf22a48a91f55d4d72961da074ede02118b318c7/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/filters/route.ts#L34-L52

We could do it using a single aggregation request similar to how it is done for fetching aggregated tags in the same endpoint:

https://github.com/banderror/kibana/blob/bf22a48a91f55d4d72961da074ede02118b318c7/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/tags/read_tags/read_tags.ts#L19-L35

We could go further and combine aggs for fetching aggregated tags and the number of rules into a single call to rulesClient.aggregate(), optimizing this endpoint to making only one call to Elasticsearch.

@banderror banderror added performance refactoring technical debt Improvement of the software architecture and operational architecture Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Feature:Rule Management Security Solution Detection Rule Management area Team:Detection Rule Management Security Detection Rule Management Team labels Sep 13, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Feature:Rule Management Security Solution Detection Rule Management area performance refactoring Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. technical debt Improvement of the software architecture and operational architecture
Projects
None yet
Development

No branches or pull requests

2 participants