Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Entity Analytics] Add Field Retention Enrich Policy and Ingest Pipeline to Entity Engine #193848

Merged
merged 95 commits into from
Oct 11, 2024
+3,260 −694
Merged

[Entity Analytics] Add Field Retention Enrich Policy and Ingest Pipeline to Entity Engine #193848

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
95 commits
Select commit Hold shift + click to select a range
779048e
add enrich processor helper
hop-dev Sep 6, 2024
b4d13b2
add task definition
hop-dev Sep 6, 2024
9c4536d
it works
hop-dev Sep 12, 2024
bce6dd8
types passing
hop-dev Sep 20, 2024
360a348
engine successfully created
hop-dev Sep 23, 2024
100b03e
start task as part of setup
hop-dev Sep 23, 2024
40e5c2d
use correct platform pipeline name
hop-dev Sep 23, 2024
d395d0e
pipeline not erroring
hop-dev Sep 23, 2024
2acc9d4
ingest processor refactor
hop-dev Sep 23, 2024
ea65d9c
dot expand and trim all fields not just retention fields
hop-dev Sep 23, 2024
8ced0d2
tidy + typecheck
hop-dev Sep 23, 2024
3693721
non-enrich path working
hop-dev Sep 24, 2024
1797c84
simplify
hop-dev Sep 24, 2024
57687b4
delete old file
hop-dev Sep 24, 2024
1153f6d
test
hop-dev Sep 24, 2024
37cd208
Remove Sets
hop-dev Sep 24, 2024
f9d8dec
more pipeline fixes
hop-dev Sep 24, 2024
3866f10
processors refactor
hop-dev Sep 25, 2024
2607686
hack the task into working
hop-dev Sep 25, 2024
20f7ce9
add entity.name and @timestamp to entities
hop-dev Sep 25, 2024
0dca0c4
tidy empty check
hop-dev Sep 25, 2024
a35c4c7
source fields + unique array values
hop-dev Sep 26, 2024
674619a
add entity fields to schema
hop-dev Sep 26, 2024
136992f
asset criticality + risk working
hop-dev Sep 26, 2024
2f2a090
pipeline tweaks
hop-dev Sep 27, 2024
000c237
improve preferNEwest
hop-dev Sep 27, 2024
c6bc2c1
fix prefer oldest
hop-dev Sep 27, 2024
67722b7
pipeline improvements + deep copy ctx
hop-dev Sep 27, 2024
a2545c8
source working
hop-dev Sep 30, 2024
0758373
refactor operators and steps
hop-dev Sep 30, 2024
0265754
enrichField now an option
hop-dev Sep 30, 2024
f010bc4
docs
hop-dev Sep 30, 2024
346ec49
asset criticality working again
hop-dev Sep 30, 2024
81c0e29
remove array to single value step
hop-dev Oct 1, 2024
6cce948
definition improvements
hop-dev Oct 1, 2024
4a505fa
delete + tidy
hop-dev Oct 1, 2024
7a0d22c
fix types
hop-dev Oct 1, 2024
1419f57
fix task
hop-dev Oct 2, 2024
922b5e6
TODOs
hop-dev Oct 2, 2024
0372fa5
friendly definition names
hop-dev Oct 2, 2024
15c8ca9
update task interval
hop-dev Oct 2, 2024
45d8b74
debug mode
hop-dev Oct 2, 2024
d7d60e2
type errors
hop-dev Oct 2, 2024
3e601b1
Make only the init method need the migration client
hop-dev Oct 2, 2024
1d2a7bc
improve init and delete tests
hop-dev Oct 3, 2024
9ecad2d
skip tests until permissions issues resolvecd
hop-dev Oct 3, 2024
55388c6
test + optimise field retention operators
hop-dev Oct 4, 2024
509747f
Add fieldHistoryLength param
hop-dev Oct 7, 2024
b6c8b2f
improve delete resiliency
hop-dev Oct 7, 2024
b213114
remove test file
hop-dev Oct 7, 2024
b270d49
change utils import
hop-dev Oct 7, 2024
31d8510
Move index knowledge to its own file
hop-dev Oct 7, 2024
1e7dfa9
move ingest pipeline knowledge to its own file
hop-dev Oct 7, 2024
c356f8a
remove poinltess private methods
hop-dev Oct 7, 2024
3a7a16b
move component template knowledge to own file
hop-dev Oct 7, 2024
566888e
move building pipeline responsibility to assets folder
hop-dev Oct 7, 2024
124b84b
Move ingest processor creation into elasticsearch_assets folder
hop-dev Oct 7, 2024
bd33fed
Move task to parent entity store folder
hop-dev Oct 7, 2024
f2c1188
Move field retention definitions to parent entity store folder
hop-dev Oct 7, 2024
b5594b7
move field retention operators to dedicated folder
hop-dev Oct 7, 2024
4586d4f
fix test import
hop-dev Oct 7, 2024
f7318b9
move as much client initialisation as possible to the constructor
hop-dev Oct 7, 2024
fa94c54
do not remove event field
hop-dev Oct 7, 2024
fda55b4
move to united definitions
hop-dev Oct 8, 2024
6dbb359
support adding string value to array in collect values processor
hop-dev Oct 8, 2024
98939e8
add pipeline debug mode config
hop-dev Oct 8, 2024
df97bfa
Merge branch 'main' into entity-store-enrich-processor-for-rebase
elasticmachine Oct 8, 2024
500e134
change entity index format
hop-dev Oct 8, 2024
9143749
add identity field to mapping
hop-dev Oct 8, 2024
93086c2
add fieldHistoryLength to saved object mapping
hop-dev Oct 8, 2024
a7cf734
add fieldHistoryLength field using SO model version
hop-dev Oct 9, 2024
7314f51
remove old code
hop-dev Oct 9, 2024
9b4d629
remove extra start call
hop-dev Oct 9, 2024
4ce878b
add missing type import
hop-dev Oct 9, 2024
e59375f
fix unit tests
hop-dev Oct 9, 2024
de0b55f
fix type error in test
hop-dev Oct 9, 2024
512a715
Merge branch 'main' into entity-store-enrich-processor-for-rebase
hop-dev Oct 9, 2024
668feb5
[CI] Auto-commit changed files from 'node scripts/jest_integration -u…
kibanamachine Oct 9, 2024
f2bd474
[CI] Auto-commit changed files from 'yarn openapi:bundle'
kibanamachine Oct 9, 2024
3fb6d60
[CI] Auto-commit changed files from 'make api-docs && make api-docs-s…
kibanamachine Oct 9, 2024
6c26064
remove SO change
hop-dev Oct 9, 2024
2faacc4
Merge branch 'main' into entity-store-enrich-processor-for-rebase
hop-dev Oct 10, 2024
09692ed
history transform removal fixes
hop-dev Oct 10, 2024
45eeab7
hide latest index
hop-dev Oct 10, 2024
8c2e588
Merge branch 'entity-store-enrich-processor-for-rebase' of github.com…
hop-dev Oct 10, 2024
aa48ca3
[CI] Auto-commit changed files from 'node scripts/check_mappings_upda…
kibanamachine Oct 10, 2024
f07f235
update snapshot
hop-dev Oct 10, 2024
8fc9894
skip nondefault space engine tests until permissions given
hop-dev Oct 10, 2024
5c87dd3
Merge branch 'main' into entity-store-enrich-processor-for-rebase
hop-dev Oct 10, 2024
b74d62b
Merge branch 'entity-store-enrich-processor-for-rebase' of github.com…
hop-dev Oct 10, 2024
1f09e08
fix spelling mistake
hop-dev Oct 10, 2024
79b88fc
Merge branch 'main' into entity-store-enrich-processor-for-rebase
elasticmachine Oct 11, 2024
3a3f4e9
Merge branch 'main' into entity-store-enrich-processor-for-rebase
elasticmachine Oct 11, 2024
f15ce06
Merge branch 'main' into entity-store-enrich-processor-for-rebase
elasticmachine Oct 11, 2024
c708692
run enrich task every hour
hop-dev Oct 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
94 changes: 32 additions & 62 deletions oas_docs/output/kibana.serverless.staging.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8315,6 +8315,10 @@ paths:
schema:
type: object
properties:
fieldHistoryLength:
default: 10
description: The number of historical values to keep for each field.
type: integer
filter:
type: string
indexPattern:
Expand Down Expand Up @@ -47877,6 +47881,8 @@ components:
Security_Entity_Analytics_API_EngineDescriptor:
type: object
properties:
fieldHistoryLength:
type: integer
filter:
type: string
indexPattern:
Expand All @@ -47885,6 +47891,11 @@ components:
$ref: '#/components/schemas/Security_Entity_Analytics_API_EngineStatus'
type:
$ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType'
required:
- type
- indexPattern
- status
- fieldHistoryLength
Security_Entity_Analytics_API_EngineStatus:
enum:
- installing
Expand Down Expand Up @@ -47993,6 +48004,9 @@ components:
Security_Entity_Analytics_API_HostEntity:
type: object
properties:
'@timestamp':
format: date-time
type: string
asset:
type: object
properties:
Expand All @@ -48004,42 +48018,15 @@ components:
entity:
type: object
properties:
definitionId:
type: string
definitionVersion:
type: string
displayName:
type: string
firstSeenTimestamp:
format: date-time
type: string
id:
name:
type: string
identityFields:
source:
items:
type: string
type: array
lastSeenTimestamp:
format: date-time
type: string
schemaVersion:
type: string
source:
type: string
type:
enum:
- node
type: string
required:
- lastSeenTimestamp
- schemaVersion
- definitionVersion
- displayName
- identityFields
- id
- type
- firstSeenTimestamp
- definitionId
- name
- source
host:
type: object
properties:
Expand Down Expand Up @@ -48078,6 +48065,10 @@ components:
type: array
required:
- name
required:
- '@timestamp'
- host
- entity
Security_Entity_Analytics_API_IdField:
enum:
- host.name
Expand Down Expand Up @@ -48167,6 +48158,9 @@ components:
Security_Entity_Analytics_API_UserEntity:
type: object
properties:
'@timestamp':
format: date-time
type: string
asset:
type: object
properties:
Expand All @@ -48178,42 +48172,14 @@ components:
entity:
type: object
properties:
definitionId:
type: string
definitionVersion:
type: string
displayName:
type: string
firstSeenTimestamp:
format: date-time
type: string
id:
name:
type: string
identityFields:
source:
items:
type: string
type: array
lastSeenTimestamp:
format: date-time
type: string
schemaVersion:
type: string
source:
type: string
type:
enum:
- node
type: string
required:
- lastSeenTimestamp
- schemaVersion
- definitionVersion
- displayName
- identityFields
- id
- type
- firstSeenTimestamp
- definitionId
- name
- source
user:
type: object
Expand Down Expand Up @@ -48249,6 +48215,10 @@ components:
type: array
required:
- name
required:
- '@timestamp'
- user
- entity
Security_Exceptions_API_CreateExceptionListItemComment:
type: object
properties:
Expand Down
94 changes: 32 additions & 62 deletions oas_docs/output/kibana.serverless.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8315,6 +8315,10 @@ paths:
schema:
type: object
properties:
fieldHistoryLength:
default: 10
description: The number of historical values to keep for each field.
type: integer
filter:
type: string
indexPattern:
Expand Down Expand Up @@ -47877,6 +47881,8 @@ components:
Security_Entity_Analytics_API_EngineDescriptor:
type: object
properties:
fieldHistoryLength:
type: integer
filter:
type: string
indexPattern:
Expand All @@ -47885,6 +47891,11 @@ components:
$ref: '#/components/schemas/Security_Entity_Analytics_API_EngineStatus'
type:
$ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType'
required:
- type
- indexPattern
- status
- fieldHistoryLength
Security_Entity_Analytics_API_EngineStatus:
enum:
- installing
Expand Down Expand Up @@ -47993,6 +48004,9 @@ components:
Security_Entity_Analytics_API_HostEntity:
type: object
properties:
'@timestamp':
format: date-time
type: string
asset:
type: object
properties:
Expand All @@ -48004,42 +48018,15 @@ components:
entity:
type: object
properties:
definitionId:
type: string
definitionVersion:
type: string
displayName:
type: string
firstSeenTimestamp:
format: date-time
type: string
id:
name:
type: string
identityFields:
source:
items:
type: string
type: array
lastSeenTimestamp:
format: date-time
type: string
schemaVersion:
type: string
source:
type: string
type:
enum:
- node
type: string
required:
- lastSeenTimestamp
- schemaVersion
- definitionVersion
- displayName
- identityFields
- id
- type
- firstSeenTimestamp
- definitionId
- name
- source
host:
type: object
properties:
Expand Down Expand Up @@ -48078,6 +48065,10 @@ components:
type: array
required:
- name
required:
- '@timestamp'
- host
- entity
Security_Entity_Analytics_API_IdField:
enum:
- host.name
Expand Down Expand Up @@ -48167,6 +48158,9 @@ components:
Security_Entity_Analytics_API_UserEntity:
type: object
properties:
'@timestamp':
format: date-time
type: string
asset:
type: object
properties:
Expand All @@ -48178,42 +48172,14 @@ components:
entity:
type: object
properties:
definitionId:
type: string
definitionVersion:
type: string
displayName:
type: string
firstSeenTimestamp:
format: date-time
type: string
id:
name:
type: string
identityFields:
source:
items:
type: string
type: array
lastSeenTimestamp:
format: date-time
type: string
schemaVersion:
type: string
source:
type: string
type:
enum:
- node
type: string
required:
- lastSeenTimestamp
- schemaVersion
- definitionVersion
- displayName
- identityFields
- id
- type
- firstSeenTimestamp
- definitionId
- name
- source
user:
type: object
Expand Down Expand Up @@ -48249,6 +48215,10 @@ components:
type: array
required:
- name
required:
- '@timestamp'
- user
- entity
Security_Exceptions_API_CreateExceptionListItemComment:
type: object
properties:
Expand Down
Loading