Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[7.12] [Security Solution][Detections] Set default indicator path to reduce friction with new filebeat modules (#92081) #92752

Merged
merged 3 commits into from
Feb 25, 2021
Merged

[7.12] [Security Solution][Detections] Set default indicator path to reduce friction with new filebeat modules (#92081) #92752

merged 3 commits into from
Feb 25, 2021

Conversation

rylnd
Copy link
Contributor

@rylnd rylnd commented Feb 25, 2021

Backports the following commits to 7.12:

@rylnd @kibanamachine
[Security Solution][Detections] Set default indicator path to reduce …
65114a0 
…friction with new filebeat modules (elastic#92081)

* Distinguish source and destination config for indicator matches

We were previously conflating the path to retrieve indicator fields with
the path to persist indicator fields, since they were the same value.

To reduce friction in use with the new filebeat modules, we've decided
to make the default source path threatintel.indicator. However, we still
want to persist to threat.indicator, so we add a new constant, here.

* Update our integration tests following change of default

These tests were assuming a default path of threat.indicator. Since that
is the ECS standard, we're not going to rewrite the tests but instead
just add this rule override. In the future if the default changes, this
parameter might be unnecessary.

* DRY up unit tests a bit

* Add a note for future devs

If/when that constant changes, I imagine this will be useful context.

Co-authored-by: Kibana Machine <[email protected]>
@rylnd rylnd added the backport label Feb 25, 2021
@rylnd rylnd enabled auto-merge (squash) February 25, 2021 02:50
@rylnd
Copy link
Contributor Author

rylnd commented Feb 25, 2021

@elasticmachine merge upstream

@yctercero
Copy link
Contributor

#92882 should fix the failure - once merged should go 🟢

@rylnd
Copy link
Contributor Author

rylnd commented Feb 25, 2021

@elasticmachine merge upstream

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 7.7MB 7.7MB -57.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
securitySolution 244.8KB 244.9KB +71.0B

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@rylnd rylnd merged commit 827ee47 into elastic:7.12 Feb 25, 2021
@rylnd rylnd deleted the backport/7.12/pr-92081 branch February 25, 2021 23:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
backport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rylnd @yctercero @kibanamachine