-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Detection Engine][9.0] Deprecate legacy siem signals migration endpoints #195523
Labels
Team:Detection Engine
Security Solution Detection Engine Area
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
v9.0.0
Comments
yctercero
added
v9.0.0
Team:Detection Engine
Security Solution Detection Engine Area
labels
Oct 9, 2024
Pinging @elastic/security-detection-engine (Team:Detection Engine) |
yctercero
added
the
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
label
Oct 9, 2024
Pinging @elastic/security-solution (Team: SecuritySolution) |
Update: Core has merged the PR that enables teams to register deprecated HTTP APIs. Per the latest instructions, we'll need to:
|
vitaliidm
added a commit
that referenced
this issue
Dec 10, 2024
…on APIs (#202662) ## Summary - addresses part of #195523 - deprecates https://www.elastic.co/guide/en/security/current/signals-migration-api.html APIs according to internal 9.x readiness [guideline](https://docs.google.com/document/d/1W7csjn6QYjrBjmbXMzSz_JUD4KcmWz8jTTtAWFwgUJM/edit?tab=t.0#heading=h.tui2zvb9gca6) #### How to test deprecated APIs? 1. Run API https://www.elastic.co/guide/en/security/current/signals-migration-api.html 2. Observe warning deprecation on Kibana Upgrade page <img width="2540" alt="Screenshot 2024-12-03 at 10 43 59" src="https://github.com/user-attachments/assets/24fcebb9-2d31-4ca3-a0dc-4ed7861d26a2"> --------- Co-authored-by: kibanamachine <[email protected]>
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Dec 10, 2024
…on APIs (elastic#202662) ## Summary - addresses part of elastic#195523 - deprecates https://www.elastic.co/guide/en/security/current/signals-migration-api.html APIs according to internal 9.x readiness [guideline](https://docs.google.com/document/d/1W7csjn6QYjrBjmbXMzSz_JUD4KcmWz8jTTtAWFwgUJM/edit?tab=t.0#heading=h.tui2zvb9gca6) #### How to test deprecated APIs? 1. Run API https://www.elastic.co/guide/en/security/current/signals-migration-api.html 2. Observe warning deprecation on Kibana Upgrade page <img width="2540" alt="Screenshot 2024-12-03 at 10 43 59" src="https://github.com/user-attachments/assets/24fcebb9-2d31-4ca3-a0dc-4ed7861d26a2"> --------- Co-authored-by: kibanamachine <[email protected]> (cherry picked from commit 3d46ead)
vitaliidm
added a commit
that referenced
this issue
Dec 11, 2024
…try (#202671) ## Summary - partly addresses #195523 - adds snapshot telemetry that shows number of legacy siem signals and number of spaces they are in - while working on PR, discovered and fixed few issues in APIs - get migration status API did not work correctly with new `.alerts-*` indices, listing them as outdated - finalize migration API did account for spaces, when adding alias to migrated index - remove migration API failed due to lack of permissions to removed migration task from `.tasks` index ### How to test #### How to create legacy siem index? run script that used for FTR tests ```bash node scripts/es_archiver --kibana-url=http://elastic:changeme@localhost:5601 --es-url=http://elastic:changeme@localhost:9200 load x-pack/test/functional/es_archives/signals/legacy_signals_index ``` These would create legacy siem indices. But be aware, it might break Kibana .alerts indices creation. But sufficient for testing #### How to test snapshot telemetry Snapshot For snapshot telemetry use [API](https://docs.elastic.dev/telemetry/collection/snapshot-telemetry#telemetry-usage-payload-api) call OR Check snapshots in Kibana adv settings -> Global Settings Tab -> Usage collection section -> Click on cluster data example link -> Check `legacy_siem_signals ` fields in flyout <details> <summary> Snapshot telemetry </summary> <img width="2549" alt="Screenshot 2024-12-03 at 13 08 03" src="https://github.com/user-attachments/assets/28ffe983-01c7-4435-a82a-9a968d32d5e0"> </details> --------- Co-authored-by: Ryland Herrick <[email protected]>
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Dec 11, 2024
…try (elastic#202671) ## Summary - partly addresses elastic#195523 - adds snapshot telemetry that shows number of legacy siem signals and number of spaces they are in - while working on PR, discovered and fixed few issues in APIs - get migration status API did not work correctly with new `.alerts-*` indices, listing them as outdated - finalize migration API did account for spaces, when adding alias to migrated index - remove migration API failed due to lack of permissions to removed migration task from `.tasks` index ### How to test #### How to create legacy siem index? run script that used for FTR tests ```bash node scripts/es_archiver --kibana-url=http://elastic:changeme@localhost:5601 --es-url=http://elastic:changeme@localhost:9200 load x-pack/test/functional/es_archives/signals/legacy_signals_index ``` These would create legacy siem indices. But be aware, it might break Kibana .alerts indices creation. But sufficient for testing #### How to test snapshot telemetry Snapshot For snapshot telemetry use [API](https://docs.elastic.dev/telemetry/collection/snapshot-telemetry#telemetry-usage-payload-api) call OR Check snapshots in Kibana adv settings -> Global Settings Tab -> Usage collection section -> Click on cluster data example link -> Check `legacy_siem_signals ` fields in flyout <details> <summary> Snapshot telemetry </summary> <img width="2549" alt="Screenshot 2024-12-03 at 13 08 03" src="https://github.com/user-attachments/assets/28ffe983-01c7-4435-a82a-9a968d32d5e0"> </details> --------- Co-authored-by: Ryland Herrick <[email protected]> (cherry picked from commit 8821e03)
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this issue
Dec 12, 2024
…on APIs (elastic#202662) ## Summary - addresses part of elastic#195523 - deprecates https://www.elastic.co/guide/en/security/current/signals-migration-api.html APIs according to internal 9.x readiness [guideline](https://docs.google.com/document/d/1W7csjn6QYjrBjmbXMzSz_JUD4KcmWz8jTTtAWFwgUJM/edit?tab=t.0#heading=h.tui2zvb9gca6) #### How to test deprecated APIs? 1. Run API https://www.elastic.co/guide/en/security/current/signals-migration-api.html 2. Observe warning deprecation on Kibana Upgrade page <img width="2540" alt="Screenshot 2024-12-03 at 10 43 59" src="https://github.com/user-attachments/assets/24fcebb9-2d31-4ca3-a0dc-4ed7861d26a2"> --------- Co-authored-by: kibanamachine <[email protected]>
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this issue
Dec 12, 2024
…try (elastic#202671) ## Summary - partly addresses elastic#195523 - adds snapshot telemetry that shows number of legacy siem signals and number of spaces they are in - while working on PR, discovered and fixed few issues in APIs - get migration status API did not work correctly with new `.alerts-*` indices, listing them as outdated - finalize migration API did account for spaces, when adding alias to migrated index - remove migration API failed due to lack of permissions to removed migration task from `.tasks` index ### How to test #### How to create legacy siem index? run script that used for FTR tests ```bash node scripts/es_archiver --kibana-url=http://elastic:changeme@localhost:5601 --es-url=http://elastic:changeme@localhost:9200 load x-pack/test/functional/es_archives/signals/legacy_signals_index ``` These would create legacy siem indices. But be aware, it might break Kibana .alerts indices creation. But sufficient for testing #### How to test snapshot telemetry Snapshot For snapshot telemetry use [API](https://docs.elastic.dev/telemetry/collection/snapshot-telemetry#telemetry-usage-payload-api) call OR Check snapshots in Kibana adv settings -> Global Settings Tab -> Usage collection section -> Click on cluster data example link -> Check `legacy_siem_signals ` fields in flyout <details> <summary> Snapshot telemetry </summary> <img width="2549" alt="Screenshot 2024-12-03 at 13 08 03" src="https://github.com/user-attachments/assets/28ffe983-01c7-4435-a82a-9a968d32d5e0"> </details> --------- Co-authored-by: Ryland Herrick <[email protected]>
Telemetry was added in #202671 Docs ticket: elastic/security-docs#6284 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Team:Detection Engine
Security Solution Detection Engine Area
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
v9.0.0
See doc for info on deprecating API - https://docs.google.com/document/d/1W7csjn6QYjrBjmbXMzSz_JUD4KcmWz8jTTtAWFwgUJM/edit#heading=h.tui2zvb9gca6
Summary
We propose removing the siem signals migration endpoints from Kibana in 10.0. These include the following routes:
POST /api/detection_engine/signals/migrations
DELETE /api/detection_engine/signals/migrations
POST /api/detection_engine/signals/finalize_migrations
GET /api/detection_engine/signals/migration_status
To prepare for this we need to:
Add check in upgrade assistant that identifies legacy siem signals and prompts user to utilize our APIs to migrateThis is going to be tracked separately and combined with other UA work required for our indicesDocs checklist
QA checklist
The text was updated successfully, but these errors were encountered: