Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Detection Engine][FTR] Audit machine learning FTRs #179768

Open
1 of 4 tasks
Tracked by #179765
yctercero opened this issue Apr 1, 2024 · 2 comments
Open
1 of 4 tasks
Tracked by #179765

[Detection Engine][FTR] Audit machine learning FTRs #179768

yctercero opened this issue Apr 1, 2024 · 2 comments
Labels
8.14 candidate Project:Serverless Work as part of the Serverless project for its initial release Team:Detection Engine Security Solution Detection Engine Area Team:Detections and Resp Security Detection Response Team v8.14.0

Comments

@yctercero
Copy link
Contributor

yctercero commented Apr 1, 2024
edited
Loading

Summary

We've been working on an effort to move our FTR tests from being run in trial license (an elevated license) to basic license/essentials tier. Tests in the elevated license folder should be specific to functionality only available for that license. During this work, I encountered a few behaviors that I think we need to follow up on.

ML is available in Essentials Tier in serverless, and Platinum in ESS. I think we can maintain the bulk of the ML tests in the trial_license_complete_tier folder but also add:

  • Test passed creating ML rule in serverless essentials license. @paulewing @approksiu should this match ESS where this is only for elevated tier? EDIT: confirmed it should be available in essentials.
  • Test in essentials tier ensuring you can create and run an ML rule - Serverless specifc
  • Missing test in basic to ensure that if you downgrade, can’t run ML rules that already exist in ESS
  • ML trial tier asset criticality test failing - search for this ticket number in the code
@yctercero yctercero added Team:Detections and Resp Security Detection Response Team Project:Serverless Work as part of the Serverless project for its initial release Team:Detection Engine Security Solution Detection Engine Area 8.14 candidate v8.14.0 labels Apr 1, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-engine (Team:Detection Engine)

@yctercero yctercero mentioned this issue Apr 1, 2024
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
8.14 candidate Project:Serverless Work as part of the Serverless project for its initial release Team:Detection Engine Security Solution Detection Engine Area Team:Detections and Resp Security Detection Response Team v8.14.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yctercero @elasticmachine