[Security Solution] Change default index pattern #70797

oatkiller · 2020-07-06T13:27:45Z

Add logs-* to the Security Solution default index pattern. This should
allow the app to recognize events from the Elastic Endpoint.

manual validation

First I (think) i delete my local ES data

rm -rf .es

Next I started my local dev env up

yarn es snapshot
# other terminal
yarn start --no-base-path

Then I added Resolver data

cd x-pack/plugins/security_solution/scripts/endpoint
nvm use
yarn test:generate --ch 10 --gen 5

Then I viewed the data in the security solution:

I also validated that logs-* was found in the advanced security settings:

Questions

Does this require something in release notes? It could have a big (and unexpected) impact on users otherwise.
Does this require a documentation change? Probably not?
This will change the way the app behaves in some cases. Do we need to address anything right away?

Checklist

Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
Documentation was added for features that require explanation or tutorials
Unit or functional tests were updated or added to match the most common scenarios

For maintainers

This was checked for breaking API changes and was labeled appropriately

Add `logs-*` to the Security Solution default index pattern. This should allow the app to recognize events from the Elastic Endpoint.

EricDavisX · 2020-07-06T17:23:55Z

nice

kibanamachine · 2020-07-06T23:03:00Z

💚 Build Succeeded

continuous-integration/kibana-ci/pull-request
Commit: aa9c67e

Build metrics

✅ unchanged

History

💔 Build #59091 failed de1120f
💔 Build #58990 failed d0b8351
💔 Build #58948 failed 3b458ff

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

* [Security Solution] Change default index pattern Add `logs-*` to the Security Solution default index pattern. This should allow the app to recognize events from the Elastic Endpoint.

* master: (53 commits) [Composable template] Details panel + delete functionality (elastic#70814) [Uptime] Ping list body scroll (elastic#70781) moving indexPattern.delete() to indexPatterns.delete(indexPattern) (elastic#70430) Adapt expected response of advanced settings feature control for cloud tests (elastic#70793) skip flaky suite (elastic#70885) skip flaky suite (elastic#67814) skip flaky suite (elastic#70906) Revert "reenable regression and classification functional tests (elastic#70661)" (elastic#70908) Added UI validation when creating a Webhook connector with invalid URL (elastic#70025) [Security Solution] Change default index pattern (elastic#70797) ServiceNow push to Incident generic implementation (supporting both Case specific and generic Alerts) (elastic#68464) add button link to ingest (elastic#70142) reenable regression and classification functional tests (elastic#70661) [Component templates] Form wizard (elastic#69732) [Ingest Manager] Copy changes (elastic#70828) Adding test user to maps functional tests - PR 1 (elastic#70649) [Ingest Manager] Support limiting integrations on an agent config (elastic#70542) skip flaky suite (elastic#70880) [Metrics UI] Fix a bug in Metric Threshold query filter construction (elastic#70672) upgrade caniuse-lite database (elastic#70833) ...

* master: (46 commits) [Composable template] Details panel + delete functionality (elastic#70814) [Uptime] Ping list body scroll (elastic#70781) moving indexPattern.delete() to indexPatterns.delete(indexPattern) (elastic#70430) Adapt expected response of advanced settings feature control for cloud tests (elastic#70793) skip flaky suite (elastic#70885) skip flaky suite (elastic#67814) skip flaky suite (elastic#70906) Revert "reenable regression and classification functional tests (elastic#70661)" (elastic#70908) Added UI validation when creating a Webhook connector with invalid URL (elastic#70025) [Security Solution] Change default index pattern (elastic#70797) ServiceNow push to Incident generic implementation (supporting both Case specific and generic Alerts) (elastic#68464) add button link to ingest (elastic#70142) reenable regression and classification functional tests (elastic#70661) [Component templates] Form wizard (elastic#69732) [Ingest Manager] Copy changes (elastic#70828) Adding test user to maps functional tests - PR 1 (elastic#70649) [Ingest Manager] Support limiting integrations on an agent config (elastic#70542) skip flaky suite (elastic#70880) [Metrics UI] Fix a bug in Metric Threshold query filter construction (elastic#70672) upgrade caniuse-lite database (elastic#70833) ...

* actions/feature: (46 commits) [Composable template] Details panel + delete functionality (elastic#70814) [Uptime] Ping list body scroll (elastic#70781) moving indexPattern.delete() to indexPatterns.delete(indexPattern) (elastic#70430) Adapt expected response of advanced settings feature control for cloud tests (elastic#70793) skip flaky suite (elastic#70885) skip flaky suite (elastic#67814) skip flaky suite (elastic#70906) Revert "reenable regression and classification functional tests (elastic#70661)" (elastic#70908) Added UI validation when creating a Webhook connector with invalid URL (elastic#70025) [Security Solution] Change default index pattern (elastic#70797) ServiceNow push to Incident generic implementation (supporting both Case specific and generic Alerts) (elastic#68464) add button link to ingest (elastic#70142) reenable regression and classification functional tests (elastic#70661) [Component templates] Form wizard (elastic#69732) [Ingest Manager] Copy changes (elastic#70828) Adding test user to maps functional tests - PR 1 (elastic#70649) [Ingest Manager] Support limiting integrations on an agent config (elastic#70542) skip flaky suite (elastic#70880) [Metrics UI] Fix a bug in Metric Threshold query filter construction (elastic#70672) upgrade caniuse-lite database (elastic#70833) ...

elasticmachine · 2021-09-23T14:31:53Z

Pinging @elastic/security-solution (Team: SecuritySolution)

[Security Solution] Change default index pattern

3b458ff

Add `logs-*` to the Security Solution default index pattern. This should allow the app to recognize events from the Elastic Endpoint.

oatkiller requested review from a team as code owners July 6, 2020 13:27

oatkiller added v7.9.0 v8.0.0 release_note:enhancement labels Jul 6, 2020

update failing snapshots

d0b8351

fix tests

de1120f

james-elastic approved these changes Jul 6, 2020

View reviewed changes

fix tests

aa9c67e

oatkiller merged commit 610bff1 into elastic:master Jul 6, 2020

oatkiller mentioned this pull request Jul 7, 2020

[7.x] [Security Solution] Change default index pattern (#70797) #70902

Merged

LeeDr added the Team:SIEM label Jul 16, 2020

MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Sep 23, 2021

oatkiller deleted the default-index-change branch March 31, 2022 11:02

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Security Solution] Change default index pattern #70797

[Security Solution] Change default index pattern #70797

oatkiller commented Jul 6, 2020 •

edited

Loading

EricDavisX commented Jul 6, 2020

kibanamachine commented Jul 6, 2020

elasticmachine commented Sep 23, 2021

[Security Solution] Change default index pattern #70797

[Security Solution] Change default index pattern #70797

Conversation

oatkiller commented Jul 6, 2020 • edited Loading

manual validation

Questions

Checklist

For maintainers

EricDavisX commented Jul 6, 2020

kibanamachine commented Jul 6, 2020

💚 Build Succeeded

Build metrics

History

elasticmachine commented Sep 23, 2021

oatkiller commented Jul 6, 2020 •

edited

Loading