[SIEM] Adds stable alerting ids and more scripting for product testing #48165

FrankHassanabad · 2019-10-14T20:52:27Z

Summary

Adds stable alerting id's by using the alert params.
Currently does a manual walk through of the alert params to find the stable id
Updated all of the endpoints to take either of the two id's.
Added several scripts to support performance testing ad-hoc such as post_x_signals.sh
Added scripts to support converting from saved searches to alerts.
[SIEM][Detection Engine] Create REST API endpoint for KQL signals #47013

Checklist

Use ~~strikethroughs~~ to remove checklist items you don't feel are applicable to this PR.

~~- [ ] This was checked for cross-browser compatibility, including a check against IE11~~

~~- [ ] Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support~~

~~- [ ] Documentation was added for features that require explanation or tutorials~~

Unit or functional tests were updated or added to match the most common scenarios

~~- [ ] This was checked for keyboard-only and screenreader accessibility~~

For maintainers

This was checked for breaking API changes and was labeled appropriately
This includes a feature addition or change that requires a release note and was labeled appropriately

…some of the data types around

… _id

FrankHassanabad · 2019-10-14T20:54:12Z

x-pack/legacy/plugins/siem/scripts/convert_saved_search_to_signals.js

+
+if (require.main === module) {
+  main();
+}


Looking for a way to make files like this a TypeScript file. It is a command line script at the moment but we might end up having an endpoint which takes exported saved objects and just move most if not all of this logic into that endpoint eventually so will concentrate more on that instead and leave this as is.

elasticmachine · 2019-10-14T22:12:41Z

💚 Build Succeeded

continuous-integration/kibana-ci/pull-request
Commit: 31b8add

elasticmachine · 2019-10-15T18:44:00Z

💚 Build Succeeded

continuous-integration/kibana-ci/pull-request
Commit: 009010a

elasticmachine · 2019-10-15T19:33:26Z

💚 Build Succeeded

continuous-integration/kibana-ci/pull-request
Commit: 17394a2

elasticmachine · 2019-10-17T01:35:37Z

💚 Build Succeeded

continuous-integration/kibana-ci/pull-request
Commit: 6cf8a42

FrankHassanabad · 2019-10-17T02:30:24Z

Closing in favor of this one which is better:
#48471

FrankHassanabad added 23 commits October 8, 2019 17:09

Added API endpoints and more scripts

8c9a5fc

Merge branch 'master' into add-get-delete-api

3b56b4c

Added the update endpoint and scripts for the support of it. Changed …

91953a1

…some of the data types around

put back the require statement for the builds to work correctly

84739d4

Added casting magic with a TODO block

91f2797

cleaned up more types

ee7c2c3

Merge branch 'master' into add-get-delete-api

d136c3b

Updated per code review

5fe3a77

Changed per code review

42fbb44

Updated per code review

a5f5448

Added optional id parameter in the URL that can be sent

aa7108b

added some unit tests

eadac5d

Merge branch 'master' into add-get-delete-api

9a90e47

Does all crud through a request params called alert_id instead of the…

9a3c036

… _id

Removed weird wording from a function

5ab372a

Merge branch 'master' into add-get-delete-api

ee06ed0

Merge branch 'add-get-delete-api' into add-stable-id-option

a236065

Added scripts to convert from saved objects to signals for posting

acd9ff0

Remove echo statement

93e888e

Merge branch 'master' into add-get-delete-api

e5cb35f

Merge branch 'master' into add-get-delete-api

a5eaab1

Merge branch 'add-get-delete-api' into add-stable-id-option

688da79

Merge branch 'master' into add-stable-id-option

31b8add

FrankHassanabad self-assigned this Oct 14, 2019

FrankHassanabad commented Oct 14, 2019

View reviewed changes

Merge branch 'master' into add-stable-id-option

009010a

FrankHassanabad changed the title ~~Add stable id option~~ [SIEM] Adds stable alerting ids and more scripting for product testing Oct 15, 2019

Fix minor wording

17394a2

FrankHassanabad added the v8.0.0 label Oct 15, 2019

FrankHassanabad added the v7.5.0 label Oct 15, 2019

Merge branch 'master' into add-stable-id-option

6cf8a42

FrankHassanabad closed this Oct 17, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[SIEM] Adds stable alerting ids and more scripting for product testing #48165

[SIEM] Adds stable alerting ids and more scripting for product testing #48165

FrankHassanabad commented Oct 14, 2019 •

edited

Loading

FrankHassanabad Oct 14, 2019 •

edited

Loading

elasticmachine commented Oct 14, 2019

elasticmachine commented Oct 15, 2019

elasticmachine commented Oct 15, 2019

elasticmachine commented Oct 17, 2019

FrankHassanabad commented Oct 17, 2019

[SIEM] Adds stable alerting ids and more scripting for product testing #48165

[SIEM] Adds stable alerting ids and more scripting for product testing #48165

Conversation

FrankHassanabad commented Oct 14, 2019 • edited Loading

Summary

Checklist

For maintainers

FrankHassanabad Oct 14, 2019 • edited Loading

Choose a reason for hiding this comment

elasticmachine commented Oct 14, 2019

💚 Build Succeeded

elasticmachine commented Oct 15, 2019

💚 Build Succeeded

elasticmachine commented Oct 15, 2019

💚 Build Succeeded

elasticmachine commented Oct 17, 2019

💚 Build Succeeded

FrankHassanabad commented Oct 17, 2019

FrankHassanabad commented Oct 14, 2019 •

edited

Loading

FrankHassanabad Oct 14, 2019 •

edited

Loading