Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SecuritySolution] Fix DNS histogram query #154548

Merged
merged 6 commits into from
Apr 12, 2023
Merged

[SecuritySolution] Fix DNS histogram query #154548

merged 6 commits into from
Apr 12, 2023

Conversation

angorayc
Copy link
Contributor

@angorayc angorayc commented Apr 6, 2023
edited
Loading

Summary

This fix below query issues within DNS histogram:

1. The terms aggregates field should be dns.question.regustered_domain instead dns.question.domain

Steps to verify:

  • Inspect the chart and observe the query should do terms aggregation on dns.question.regustered_domain

Known issue:
#154533

Screenshot 2023-04-06 at 12 40 38

2. It didn't respect is PTR record included flag

Steps to verify:

  • Switch the toggle in DNS tab to include PTR record
  • Inspect the chart and observe the query should not exclude PTR record
  • Click on Add to new Case / Add to existing Case / Open in Lens and observe the query should not exclude PTR record.
Screen.Recording.2023-04-06.at.12.40.56.mov

3. It didn't respect is PTR record included when feature flag chartEmbeddablesEnabled: is false

Steps to verify:

  • Set chartEmbeddablesEnabled to false
  • Switch the toggle in DNS tab to include PTR record
  • Click on Add to new Case / Add to existing Case / Open in Lens and observe the query should not exclude PTR record.
Screen.Recording.2023-04-06.at.16.04.54.mov

After:

Screen.Recording.2023-04-06.at.12.30.40.mov

Checklist

Delete any items that are not applicable to this PR.

@angorayc angorayc added bug Fixes for quality problems that affect the customer experience Team:Threat Hunting Security Solution Threat Hunting Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Explore v8.8.0 Feature:Lens Charts Security Solution Lens Charts feature labels Apr 6, 2023
@angorayc angorayc mentioned this pull request Apr 6, 2023
Closed
41 tasks
@angorayc angorayc marked this pull request as ready for review April 8, 2023 20:38
@angorayc angorayc requested review from a team as code owners April 8, 2023 20:38
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@angorayc angorayc added the release_note:skip Skip the PR/issue when compiling release notes label Apr 8, 2023
@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 15.9MB 15.9MB +788.0B
Unknown metric groups

ESLint disabled line counts

id before after diff
securitySolution 433 436 +3

Total ESLint disabled count

id before after diff
securitySolution 513 516 +3

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

stephmilovic
stephmilovic approved these changes Apr 11, 2023
View reviewed changes
Copy link
Contributor

@stephmilovic stephmilovic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for catching this and for the thorough tests!

@angorayc angorayc merged commit bada04c into elastic:main Apr 12, 2023
@kibanamachine kibanamachine added the backport:skip This commit does not require backporting label Apr 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stephmilovic stephmilovic stephmilovic approved these changes

Assignees
No one assigned
Labels
backport:skip This commit does not require backporting bug Fixes for quality problems that affect the customer experience Feature:Lens Charts Security Solution Lens Charts feature release_note:skip Skip the PR/issue when compiling release notes Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Explore Team:Threat Hunting Security Solution Threat Hunting Team v8.8.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@angorayc @elasticmachine @kibana-ci @stephmilovic @kibanamachine