[ML] Adding V3 modules for Security_Linux and Security_Windows #123274
Conversation
dishadasgupta
added
:ml
Feature:Anomaly Detection
|
Pinging @elastic/ml-ui (:ml) |
|
@elastic/ml-ui - Referring to #85065, I see there are some other edits I need to make to ensure these show up in the UI, doing so |
|
Also updated some descriptions/docs based on @szabosteve comments left from #123000 |
|
A few questions in order to progress on the errors I'm seeing above: I'm failing this test from this code part here. My understanding is the reference module ids need to be updated to also include Happy to pair and provide more context, please let me know what I can do from my end to help, thank you! |
There was a problem hiding this comment.
@dishadasgupta I've looked into your two question and for the linter one find my suggested code change below.
For the test failures: I haven't looked too closely into the module definitions yet, but if the v3 modules are supposed to basically match the same data, then those failures are expected and the fix is to add security_linux_v3 to the expected recognized module everywhere we already recognize security_linux (and the same for the windows module). Note, that the order matters. Here's what worked for me locally: https://gist.github.com/pheyos/bb396d6b954c0af3ec26c202d2392efb
If the v3 module is not supposed to match the same data, we should take a closer look what's going on.
x-pack/plugins/security_solution/public/common/components/ml_popover/ml_modules.tsx
Outdated
Show resolved
Hide resolved
|
We should remove that language due to:
I believe we can capture the “refactor” sentiment in release notes. |
modified this query to match updates made in https://github.com/elastic/kibana/pull/100000/files
updated manifest description to be more informative & clear that these are the latest and current modules, and that the v2 module is no longer necessary with current data.
|
Thanks for getting this ready for review well before FF. Some minor points
This appears in the create job wizard tile. There is limited space in the tile - suggest we keep it succinct and descriptive. Current: V2 module description was Suggest something like
These comments apply to multiple job configs: The following fields can be removed. Recommend standardising across all modules. The following fields are applicable. Recommend applying and standardising for all modules: Note that the |
reworked descriptions
@SourinPaul @donaherc where these are used for telemetry now, in ML job telemetry, what values should we be placing in the |
added "allow_lazy_open": true, where it was missing
checked all model memory limits and set them equal to the values in the shipping jobs
💚 Build Succeeded
Metrics [docs]Async chunks
History
To update your PR or re-run it, just comment with: |
|
We're going to pause this and hold it for 8.2. See https://github.com/elastic/security-team/issues/1490 |
Summary
security_linuxandsecurity_windows- for use within the Security app.Files/Job Artifacts:
2 updated manifest
.jsonfiles - for both linux and windowsUpdated/new ML Job configurations for 26 jobs - each with associated datafeed configuration files:
security_linux: 14 jobs
security_windows: 12 jobs
Tests:
Individual job test tracking stats available here: https://docs.google.com/spreadsheets/d/1JOUIVsitaMdEdhM3WT2Eag4ELI-rI2Jec7bXildJsdQ/edit#gid=0
@randomuserid to also post more updates as needed to this issue + regarding tests, thanks