Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] Support Data Segregation for Monitors created from other client plugins #576

Closed
getsaurabh02 opened this issue Sep 28, 2022 · 1 comment
Closed

[FEATURE] Support Data Segregation for Monitors created from other client plugins #576

getsaurabh02 opened this issue Sep 28, 2022 · 1 comment
Assignees
@eirsep
Labels
enhancement New feature or request

Comments

@getsaurabh02
Copy link
Member

getsaurabh02 commented Sep 28, 2022
edited
Loading

Is your feature request related to a problem?
As part of #522 we are supporting enhanced monitor configs which can be provided by the client plugins (such as Security Analytics) allowing more control over various configurations which are held by the monitor object. These configurations help define the input and output index sources for monitors allowing data isolation within the monitors. These are optional params which users of the plugins (such as Security Analytics) can use to injects their own configurations such as source data, query index, findings index etc. helping with separation of concerns in data layer for Alerting Plugin.

However, we also need to have identification and segregation of the Monitors on the Alerting plugin side. This will help identify who is the correct owner of the monitors (such as SAP, AD vs Alerting), and hence Alerting APIs and visualization can safely skip attributing to such monitors as part of their Alerting flow.

There are two possible ways to achieve it:

  1. Provide Index Isolation : Each client plugin, such as Security Analytics, can provide its own Index name for persisting the monitor configurations. This means separate index per client plugin. This although maintains the data isolation at a higher level, managing multiple indices could be a maintenance overhead, without clear ownership of the index lifecycle management.

  2. Provide Document Isolation (Recommended): Each monitor object in the monitor config owner by the Alerting can have a owner field, which could allow trace back its origin. Absence of the field could be treated as as default/fallback where Alerting becomes the owner. The Alerting Get APIs could attribute to the field value and filter on the documents while returning responses.

cc: @eirsep @sbcd90 @lezzago
@getsaurabh02 getsaurabh02 added enhancement New feature or request untriaged labels Sep 28, 2022
@eirsep
Copy link
Member

eirsep commented Sep 28, 2022

+1 on using an owner field for multi-tenancy as monitor index is maintained by alerting unlike the custom datasources such as query, alerts, findings indices which can be created/modified/deleted by the plugins.

@eirsep eirsep removed the untriaged label Sep 29, 2022
@eirsep eirsep self-assigned this Sep 29, 2022
@eirsep eirsep mentioned this issue Oct 3, 2022
Merged
@eirsep eirsep closed this as completed Nov 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eirsep eirsep

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@eirsep @getsaurabh02