Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RAM] Machine learning alerts working with cases #171150

Closed
XavierM opened this issue Nov 14, 2023 · 1 comment
Closed

[RAM] Machine learning alerts working with cases #171150

XavierM opened this issue Nov 14, 2023 · 1 comment
Assignees
@XavierM
Labels
Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) v8.12.0

Comments

@XavierM
Copy link
Contributor

XavierM commented Nov 14, 2023
edited
Loading

The ML team just merged this #167998 to show alerts data in the Anomaly Explorer. During the development of this feature, we realized that these alerts can belong to different solutions like observability, security or just stack. Therefore, in the Anomaly Explorer, we would like to create a case or add to an existing case for different solutions. At this point of time, this feature is not possible because our cases are silos by solutions (security/o11y/stack). Also our alerts are silos but in a different way because security users access their rule with their own privileges but o11y/stack user are accessing this alert with the kibana user with some authentication filter on top of the alert index. We need to figure out how to remove this bottleneck in the near future to make it a seamless experience for our user.

For 8.12, We would like to make sure that our ML/stack alerts can be linked to a stack cases with no problem. For our o11y user, we will introduce the anomaly detection rule in o11y rule management page with this #170451. This will allow o11y user to create o11y cases and link these alerts there.
@XavierM XavierM added Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) v8.12.0 labels Nov 14, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/response-ops (Team:ResponseOps)

@XavierM XavierM moved this from Awaiting Triage to In Progress in AppEx: ResponseOps - Rules & Alerts Management Nov 29, 2023
@XavierM XavierM self-assigned this Nov 29, 2023
@XavierM XavierM mentioned this issue Nov 29, 2023
Merged
1 task
XavierM added a commit that referenced this issue Dec 22, 2023
@XavierM @kibanamachine
[RAM] Add cases functionality for ML (#172217)
151ece6 
## Summary

Fix -> #171150


### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

---------

Co-authored-by: kibanamachine <[email protected]>
@XavierM XavierM moved this from In Progress to Done in AppEx: ResponseOps - Rules & Alerts Management Jan 2, 2024
@XavierM XavierM closed this as completed Jan 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@XavierM XavierM

Labels
Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) v8.12.0
Projects
No open projects
AppEx: ResponseOps - Rules & Alerts Management
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@XavierM @elasticmachine