[Security Solution] Use aggregation queries in the internal _rule_management_filters endpoint #166364
Labels
Feature:Rule Management
Security Solution Detection Rule Management area
performance
refactoring
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
technical debt
Improvement of the software architecture and operational architecture
Related to: #137428
Summary
In the
_rule_management_filters
endpoint, we fetch aggregated information needed for filters on the Rule Management page.In order to fetch how many prebuilt and custom rules we have, we run two search requests in parallel:
https://github.com/banderror/kibana/blob/bf22a48a91f55d4d72961da074ede02118b318c7/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/filters/route.ts#L34-L52
We could do it using a single aggregation request similar to how it is done for fetching aggregated tags in the same endpoint:
https://github.com/banderror/kibana/blob/bf22a48a91f55d4d72961da074ede02118b318c7/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/tags/read_tags/read_tags.ts#L19-L35
We could go further and combine aggs for fetching aggregated tags and the number of rules into a single call to
rulesClient.aggregate()
, optimizing this endpoint to making only one call to Elasticsearch.The text was updated successfully, but these errors were encountered: