Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Detection Engine] removes field_caps call for all fields in index during rule execution #193869

Merged
merged 13 commits into from
Sep 30, 2024
Merged

[Security Solution][Detection Engine] removes field_caps call for all fields in index during rule execution #193869

merged 13 commits into from
Sep 30, 2024
+50 −181

Conversation

vitaliidm
Copy link
Contributor

@vitaliidm vitaliidm commented Sep 24, 2024
edited by kibanamachine
Loading

Summary

Checklist

Delete any items that are not applicable to this PR.

@vitaliidm vitaliidm self-assigned this Sep 24, 2024
@vitaliidm vitaliidm added release_note:skip Skip the PR/issue when compiling release notes Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Detection Engine Security Solution Detection Engine Area 8.16 candidate backport:prev-minor Backport to (8.x) the previous minor version (i.e. one version back from main) labels Sep 24, 2024
@vitaliidm vitaliidm marked this pull request as ready for review September 26, 2024 08:59
@vitaliidm vitaliidm requested a review from a team as a code owner September 26, 2024 08:59
@vitaliidm vitaliidm requested a review from rylnd September 26, 2024 08:59
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-engine (Team:Detection Engine)

rylnd
rylnd approved these changes Sep 28, 2024
View reviewed changes
Copy link
Contributor

@rylnd rylnd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vitaliidm I wasn't sure exactly how to test this, but the code looks good and I verified several rule types run as expected. Please let me know if you'd like additional review and I can do that!

...k/plugins/security_solution/server/lib/detection_engine/rule_types/utils/get_query_fields.ts
title: index.join(),
});
return Object.values(
await queryToFields({
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great to see queryToFields is back! 😎

@vitaliidm vitaliidm enabled auto-merge (squash) September 30, 2024 10:47
@kibana-ci
Copy link
Collaborator

💛 Build succeeded, but was flaky

Failed CI Steps

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @vitaliidm

@vitaliidm vitaliidm merged commit b005ea9 into elastic:main Sep 30, 2024
46 checks passed
@kibanamachine
Copy link
Contributor

Starting backport for target branches: 8.x

https://github.com/elastic/kibana/actions/runs/11106911350

kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Sep 30, 2024
@vitaliidm
[Security Solution][Detection Engine] removes field_caps call for all…
c3531dc 
… fields in index during rule execution (elastic#193869)

## Summary

- addresses elastic#187059

### Checklist

Delete any items that are not applicable to this PR.

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

---------

Co-authored-by: kibanamachine <[email protected]>
(cherry picked from commit b005ea9)
@kibanamachine kibanamachine mentioned this pull request Sep 30, 2024
Merged
@kibanamachine
Copy link
Contributor

💚 All backports created successfully

Status Branch Result
8.x

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

kibanamachine added a commit that referenced this pull request Sep 30, 2024
@kibanamachine @vitaliidm
[8.x] [Security Solution][Detection Engine] removes field_caps call f…
629b0a9 
…or all fields in index during rule execution (#193869) (#194433)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[Security Solution][Detection Engine] removes field_caps call for all
fields in index during rule execution
(#193869)](#193869)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Vitalii
Dmyterko","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-09-30T13:15:24Z","message":"[Security
Solution][Detection Engine] removes field_caps call for all fields in
index during rule execution (#193869)\n\n## Summary\r\n\r\n- addresses
https://github.com/elastic/kibana/issues/187059\r\n\r\n###
Checklist\r\n\r\nDelete any items that are not applicable to this
PR.\r\n\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<[email protected]>","sha":"b005ea907b7173b2aa7ab0974f9a2fcfef08de0d","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:
SecuritySolution","backport:prev-minor","Team:Detection Engine","8.16
candidate"],"title":"[Security Solution][Detection Engine] removes
field_caps call for all fields in index during rule
execution","number":193869,"url":"https://github.com/elastic/kibana/pull/193869","mergeCommit":{"message":"[Security
Solution][Detection Engine] removes field_caps call for all fields in
index during rule execution (#193869)\n\n## Summary\r\n\r\n- addresses
https://github.com/elastic/kibana/issues/187059\r\n\r\n###
Checklist\r\n\r\nDelete any items that are not applicable to this
PR.\r\n\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<[email protected]>","sha":"b005ea907b7173b2aa7ab0974f9a2fcfef08de0d"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/193869","number":193869,"mergeCommit":{"message":"[Security
Solution][Detection Engine] removes field_caps call for all fields in
index during rule execution (#193869)\n\n## Summary\r\n\r\n- addresses
https://github.com/elastic/kibana/issues/187059\r\n\r\n###
Checklist\r\n\r\nDelete any items that are not applicable to this
PR.\r\n\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<[email protected]>","sha":"b005ea907b7173b2aa7ab0974f9a2fcfef08de0d"}}]}]
BACKPORT-->

Co-authored-by: Vitalii Dmyterko <[email protected]>
This was referenced Sep 30, 2024
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rylnd rylnd rylnd approved these changes

Assignees

@vitaliidm vitaliidm

Labels
8.16 candidate backport:prev-minor Backport to (8.x) the previous minor version (i.e. one version back from main) release_note:skip Skip the PR/issue when compiling release notes Team:Detection Engine Security Solution Detection Engine Area Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.16.0 v9.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@vitaliidm @elasticmachine @kibana-ci @kibanamachine @rylnd