Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SECURITY SOLUTION] [Detections] Increase lookback when gap is detected #68339

Merged
merged 26 commits into from
Jun 30, 2020
Merged

[SECURITY SOLUTION] [Detections] Increase lookback when gap is detected #68339

merged 26 commits into from
Jun 30, 2020

Commits on Jun 30, 2020

  1. add POC logic to modify the 'from' param in the search

    @dhurley14
    dhurley14 committed Jun 30, 2020
    Configuration menu
    Copy the full SHA
    a023280 View commit details
    Browse the repository at this point in the history

  2. fixes formatting for appending gap diff to from

    @dhurley14
    dhurley14 committed Jun 30, 2020
    Configuration menu
    Copy the full SHA
    8ce0f95 View commit details
    Browse the repository at this point in the history

  3. computes new max signals based on how many intervals of rule runs wer… 

    …e missed when gap in consecutive rule runs is detected
    @dhurley14
    dhurley14 committed Jun 30, 2020
    Configuration menu
    Copy the full SHA
    e0db4e5 View commit details
    Browse the repository at this point in the history

  4. adds logging, fixes bug where we could end up with negative values fo… 

    …r diff, adds calculatedFrom to the search after query
    @dhurley14
    dhurley14 committed Jun 30, 2020
    Configuration menu
    Copy the full SHA
    4a85ba0 View commit details
    Browse the repository at this point in the history

  5. remove console.log and for some reason two eslint disables were added… 

    … so i removed one of them
    @dhurley14
    dhurley14 committed Jun 30, 2020
    Configuration menu
    Copy the full SHA
    9c0e825 View commit details
    Browse the repository at this point in the history

  6. rename variables, add test based on log message - need to figure out … 

    …a better way to test this
    @dhurley14
    dhurley14 committed Jun 30, 2020
    Configuration menu
    Copy the full SHA
    4670f6b View commit details
    Browse the repository at this point in the history

  7. remove unused import

    @dhurley14
    dhurley14 committed Jun 30, 2020
    Configuration menu
    Copy the full SHA
    4ce4a25 View commit details
    Browse the repository at this point in the history

  8. fully re-worked the algorithm for searching discrete time periods, st… 

    …ill need search_after because a user could submit a rule with a custom maxSignals so that would still serve a purpose. This needs heavy refactoring though, and tests.
    @dhurley14
    dhurley14 committed Jun 30, 2020
    Configuration menu
    Copy the full SHA
    3c9587c View commit details
    Browse the repository at this point in the history

  9. updated loop to include maxSignals per time interval tuple, this way … 

    …we guarantee maxSignals per full rule interval. Needs some refactoring though.
    @dhurley14
    dhurley14 committed Jun 30, 2020
    Configuration menu
    Copy the full SHA
    889382a View commit details
    Browse the repository at this point in the history

  10. move logic into utils function, utils function still needs refactoring

    @dhurley14
    dhurley14 committed Jun 30, 2020
    Configuration menu
    Copy the full SHA
    b336202 View commit details
    Browse the repository at this point in the history

  11. adds unit tests and cleans up new util function for determining time … 

    …intervals for searching to occur
    @dhurley14
    dhurley14 committed Jun 30, 2020
    Configuration menu
    Copy the full SHA
    f7b0318 View commit details
    Browse the repository at this point in the history

  12. more code cleanup

    @dhurley14
    dhurley14 committed Jun 30, 2020
    Configuration menu
    Copy the full SHA
    9072963 View commit details
    Browse the repository at this point in the history

  13. remove more logging statements

    @dhurley14
    dhurley14 committed Jun 30, 2020
    Configuration menu
    Copy the full SHA
    dfecacd View commit details
    Browse the repository at this point in the history

  14. fix type errors

    @dhurley14
    dhurley14 committed Jun 30, 2020
    Configuration menu
    Copy the full SHA
    f5111ed View commit details
    Browse the repository at this point in the history

  15. updates unit tests and fixes bug where search result would return 0 h… 

    …its but we were accessing property on non-existent hit item
    @dhurley14
    dhurley14 committed Jun 30, 2020
    Configuration menu
    Copy the full SHA
    28fd2fe View commit details
    Browse the repository at this point in the history

  16. fix rebase conflict

    @dhurley14
    dhurley14 committed Jun 30, 2020
    Configuration menu
    Copy the full SHA
    b47318a View commit details
    Browse the repository at this point in the history

  17. fixes a bug where a negative gap could exist if a rule ran before the… 

    … lookback time, also fixes a bug where the search and bulk loop would return false when successful.
    @dhurley14
    dhurley14 committed Jun 30, 2020
    Configuration menu
    Copy the full SHA
    59a254a View commit details
    Browse the repository at this point in the history

  18. gap is a duration, not a number.

    @dhurley14
    dhurley14 committed Jun 30, 2020
    Configuration menu
    Copy the full SHA
    2c201f6 View commit details
    Browse the repository at this point in the history

  19. remove logging variable

    @dhurley14
    dhurley14 committed Jun 30, 2020
    Configuration menu
    Copy the full SHA
    61e3fae View commit details
    Browse the repository at this point in the history

  20. remove logging function from test

    @dhurley14
    dhurley14 committed Jun 30, 2020
    Configuration menu
    Copy the full SHA
    c681b09 View commit details
    Browse the repository at this point in the history

  21. fix type import from rebase with master

    @dhurley14
    dhurley14 committed Jun 30, 2020
    Configuration menu
    Copy the full SHA
    3898a80 View commit details
    Browse the repository at this point in the history

  22. updates missed test when rebased with master, removes unused import

    @dhurley14
    dhurley14 committed Jun 30, 2020
    Configuration menu
    Copy the full SHA
    c1b44da View commit details
    Browse the repository at this point in the history

  23. modify log statements to include meta information for logged rule eve… 

    …nts, adds tests
    @dhurley14
    dhurley14 committed Jun 30, 2020
    Configuration menu
    Copy the full SHA
    eadef46 View commit details
    Browse the repository at this point in the history

  24. remove unnecessary ts-ignores

    @dhurley14
    dhurley14 committed Jun 30, 2020
    Configuration menu
    Copy the full SHA
    7a6ada6 View commit details
    Browse the repository at this point in the history

  25. indentation on stringify

    @dhurley14
    dhurley14 committed Jun 30, 2020
    Configuration menu
    Copy the full SHA
    453f514 View commit details
    Browse the repository at this point in the history

  26. adds a test to ensure we are parsing the elapsed time correctly

    @dhurley14
    dhurley14 committed Jun 30, 2020
    Configuration menu
    Copy the full SHA
    0d36ebe View commit details
    Browse the repository at this point in the history