[Security Solution] /upgrade/_perform performance improvements
#199101
Labels
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules area
performance
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Comments
xcrzx
added
8.18 candidate
Feature:Prebuilt Detection Rules
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
Performance testing results for
/upgrade/_performindicate that the rule upgrade operation is highly I/O-dependent, as rules are upgraded one-by-one. Upgrading 1,000 rules takes around 60 seconds and scales linearly. While this isn't a blocker for the initial rule customization release, we could improve performance with some optimizations.rulesClient.bulkEditmethod. This may require refactoring the bulk edit method since it currently supports only params, not full rule attributes. However, the potential performance gains make this worth exploring.createPrebuiltRuleAssetsPayload: This CPU-intensive method can block the main thread for up to 700ms when upgrading around 1,000 rules. Splitting it up could improve performance.The text was updated successfully, but these errors were encountered: