Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[8.x] [Rule Migration] Adding CIM to ECS mapping and ESQL validation (#202331) #202668

Merged
merged 1 commit into from
Dec 3, 2024
Merged

[8.x] [Rule Migration] Adding CIM to ECS mapping and ESQL validation (#202331) #202668

merged 1 commit into from
Dec 3, 2024
+461 −24

Conversation

kibanamachine
Copy link
Contributor

Backport

This will backport the following commits from main to 8.x:

Questions ?

Please refer to the Backport tool documentation

@P1llus
[Rule Migration] Adding CIM to ECS mapping and ESQL validation (elast…
8e3ae09 
…ic#202331)

## Summary

This PR adds the initial context to map CIM fields to ECS and two new
nodes validation and a node to handle esql validation issues, fixing
itself.

This is how the graph looks compared to its old one:
<img width="646" alt="image"
src="https://github.com/user-attachments/assets/253e449c-ac6f-4913-8da4-eb36f4e7b982">

Validation always runs last, and if validation returns any errors it
will run the appropriate node depending on what validation failed. Once
it is resolved it will validate again and then END when its successful.

Currently 5 error iterations is max, which is just an arbitrary number.
The default Langgraph configuration is 25 nodes executed in total for a
specific graph before it errors with a recursion limit (main and sub
graphs are not combined in that count).

A few things are included in this PR:

- Moved ESQL KB caller to util(any better place?), as it is now used in
multiple nodes.
- New Validation node, where any sort of validation takes place, usually
the last step before ending the graph (on success).
- New ESQL Error node, to resolve any ESQL validation errors and trigger
a re-validation.
- Fix a small bug in the main graph on the conditional edges, added a
map for the allowed return values.

(cherry picked from commit c1d976b)
@kibanamachine kibanamachine enabled auto-merge (squash) December 3, 2024 10:56
@kibanamachine kibanamachine mentioned this pull request Dec 3, 2024
Merged
@kibanamachine kibanamachine merged commit 1b7c2e8 into elastic:8.x Dec 3, 2024
11 checks passed
@elasticmachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

✅ unchanged

cc @P1llus

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

@P1llus P1llus

Labels
backport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kibanamachine @elasticmachine @P1llus