-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution][Detections][Threshold Rules] Threshold multiple aggregations with cardinality #90826
Merged
Merged
[Security Solution][Detections][Threshold Rules] Threshold multiple aggregations with cardinality #90826
Changes from all commits
Commits
Show all changes
50 commits
Select commit
Hold shift + click to select a range
a4139ce
Remove unnecessary spreads
madirey b73b34a
Layout, round 1
madirey 026a6d7
Merge branch 'master' of github.com:elastic/kibana into threshold-mul…
madirey 8c5c889
Merge branch 'master' of github.com:elastic/kibana into threshold-mul…
madirey ed5f9b0
Revert "Layout, round 1"
madirey b2f31ba
Make threshold field an array
madirey 0842e84
Add cardinality fields
madirey 02c3b2c
Fix validation schema
madirey 48f6545
Query for multi-aggs
madirey e435241
Merge branch 'master' of github.com:elastic/kibana into threshold-mul…
madirey 70e4f50
Finish multi-agg aggregation
madirey cf7ef93
Translate to multi-agg buckets
madirey 1ebfed0
Fix existing tests and add new test skeletons
madirey 0786757
merge master, fix conflicts
madirey 12a98bb
clean up
madirey 6cba63a
Fix types
marshallmain 78e77bc
Fix threshold_result data structure
madirey 465c5a4
previous signals filter
madirey 18d5363
Fix previous signal detection
madirey 41a5ddb
Finish previous signal parsing
madirey 19ed253
tying up loose ends
madirey 733347c
merge master, fix conflicts
madirey c7eea31
Merge branch 'master' of github.com:elastic/kibana into threshold-mul…
madirey 319e9db
Fix timeline view for multi-agg threshold signals
madirey e2a7d40
Fix build_bulk_body tests
madirey c6abdf5
test fixes
madirey 741c75e
Add test for threshold bucket filters
madirey b277b04
Address comments
madirey 8d1e922
Fixing schema errors
madirey 6b8c8ed
Remove unnecessary comment
madirey a8dc733
Fix tests
madirey 6fd0836
Fix types
madirey 900ead0
Merge branch 'master' of github.com:elastic/kibana into threshold-mul…
madirey 37956ca
linting
madirey 7956953
linting
madirey af5ed84
Fixes
madirey ee103c1
Handle pre-7.12 threshold format in timeline view
madirey 2094d58
missing null check
madirey bed1faf
adding in follow-up pr
madirey e979d12
Handle pre-7.12 filters
madirey 9dab01e
Merge branch 'master' of github.com:elastic/kibana into threshold-mul…
madirey 3edc7f2
unnecessary change
madirey 13821bf
Revert "unnecessary change"
madirey f88cf66
linting
madirey 3e09b24
Fix rule schemas
madirey 6eafa8d
Merge branch 'master' of github.com:elastic/kibana into threshold-mul…
madirey db6dfa5
Fix tests
madirey 9ba09b6
Merge branch 'master' of github.com:elastic/kibana into threshold-mul…
madirey b6fd98b
merge master, fix conflicts
madirey 5c503fc
more fixing conflicts
madirey File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -14,4 +14,5 @@ export interface SignalEcs { | |
group?: { | ||
id?: string[]; | ||
}; | ||
threshold_result?: unknown; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks like a few changes similar to this one were made in this PR, would it be worth pulling this out into its own type shared between the updated code? not a blocker, but might be a nice follow up.