Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Alerts] Remove securityRulesCancelEnabled and set shorter default timeouts #129769

Merged
merged 2 commits into from
Apr 12, 2022
Merged

[Security Solution][Alerts] Remove securityRulesCancelEnabled and set shorter default timeouts #129769

merged 2 commits into from
Apr 12, 2022

Conversation

marshallmain
Copy link
Contributor

Summary

Now that #128276 is completed, we're ready to allow security rules to timeout after shorter time periods. This PR removes the ruleTaskTimeout setting from all rule types except indicator match so they will use the default 5m timeout. Indicator match uses a 1h timeout per recommendation from @MikePaquette.

@marshallmain marshallmain added release_note:skip Skip the PR/issue when compiling release notes Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Feature:Detection Alerts Security Solution Detection Alerts Feature auto-backport Deprecated - use backport:version if exact versions are needed Team:Detection Alerts Security Detection Alerts Area Team v8.2.0 v8.3.0 labels Apr 7, 2022
@marshallmain marshallmain requested review from a team April 7, 2022 15:48
@marshallmain marshallmain requested a review from a team as a code owner April 7, 2022 15:48
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@marshallmain marshallmain self-assigned this Apr 7, 2022
@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
securitySolution 251.8KB 251.8KB -30.0B

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @marshallmain

@marshallmain marshallmain merged commit 5fb9576 into elastic:main Apr 12, 2022
@marshallmain marshallmain deleted the security-rules-cancel branch April 12, 2022 18:14
kibanamachine pushed a commit that referenced this pull request Apr 12, 2022
@marshallmain
Remove securityRulesCancelEnabled setting and set shorter default tim…
fd449c1 
…eouts (#129769)

(cherry picked from commit 5fb9576)
@kibanamachine kibanamachine mentioned this pull request Apr 12, 2022
Merged
@kibanamachine
Copy link
Contributor

💚 All backports created successfully

Status Branch Result
8.2

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

kibanamachine added a commit that referenced this pull request Apr 12, 2022
@kibanamachine @marshallmain
Remove securityRulesCancelEnabled setting and set shorter default tim…
4428b67 
…eouts (#129769) (#130048)

(cherry picked from commit 5fb9576)

Co-authored-by: Marshall Main <55718608+marshallmain@users.noreply.github.com>
jloleysens added a commit to jloleysens/kibana that referenced this pull request Apr 13, 2022
@jloleysens
Merge branch 'main' of github.com:elastic/kibana into reporting/soft-…
26b64f9 
…disable-server-side

* 'main' of github.com:elastic/kibana: (35 commits)
  [Uptime] remove latency limit warnings when using monitor management (elastic#129597)
  [Security Solution] [ReponseOps] Executes Cases Cypress test when there is a change on cases plugin (elastic#129992)
  Paramaterized Discover tests (elastic#129684)
  [Security Solution][Investigations] - Minor bug fixes (elastic#130054)
  [DOCS} Adds technical preview to Lens annotations (elastic#130058)
  [Security solution] [Endpoint] Revisit blocklist wrong labels (elastic#128773)
  [Security Solutions] Adds API docs for value lists (elastic#129962)
  [CI] Move jest tests to spot instances, and fix spot retries in PRs (elastic#130045)
  chore(NA): upgrades rules_node_js to v5.4.0 (elastic#130051)
  [SecuritySolution] Remove the cell hovers actions for agent status (elastic#130042)
  Upgrade RxJS to 7 (elastic#129087)
  [SecuritySolution] Clean up CaseContext (elastic#130036)
  Revert "chore(NA): upgrades rules_node_js to v5.4.0 (elastic#130021)"
  Use RuleDataReader to query for threshold signal history (elastic#129763)
  Remove securityRulesCancelEnabled setting and set shorter default timeouts (elastic#129769)
  Upgrade EUI to v54.0.0 (elastic#129653)
  [Security Solution] More Ransomware exceptionable fields (elastic#130039)
  Add e2e for the apm integration policy form (elastic#129860)
  chore(NA): upgrades rules_node_js to v5.4.0 (elastic#130021)
  [ML] Fix Single Metric Viewer chart failing to load if no points during calendar event (elastic#130000)
  ...

# Conflicts:
#	x-pack/plugins/screenshotting/server/screenshots/index.test.ts
jloleysens added a commit to jloleysens/kibana that referenced this pull request Apr 13, 2022
@jloleysens
Merge branch 'main' of github.com:elastic/kibana into reporting/poc-p…
d49e398 
…rint-media-attempt-2

* 'main' of github.com:elastic/kibana: (75 commits)
  [Lens] Hide disabled toolbar entries (elastic#129994)
  Fix explore tables don't display data when a global filter is applied (elastic#130024)
  [Console] Add option to disable keyboard shortcuts (elastic#128887)
  [Discover] Update refreshOnClick flaky test (elastic#130001)
  [Uptime] remove latency limit warnings when using monitor management (elastic#129597)
  [Security Solution] [ReponseOps] Executes Cases Cypress test when there is a change on cases plugin (elastic#129992)
  Paramaterized Discover tests (elastic#129684)
  [Security Solution][Investigations] - Minor bug fixes (elastic#130054)
  [DOCS} Adds technical preview to Lens annotations (elastic#130058)
  [Security solution] [Endpoint] Revisit blocklist wrong labels (elastic#128773)
  [Security Solutions] Adds API docs for value lists (elastic#129962)
  [CI] Move jest tests to spot instances, and fix spot retries in PRs (elastic#130045)
  chore(NA): upgrades rules_node_js to v5.4.0 (elastic#130051)
  [SecuritySolution] Remove the cell hovers actions for agent status (elastic#130042)
  Upgrade RxJS to 7 (elastic#129087)
  [SecuritySolution] Clean up CaseContext (elastic#130036)
  Revert "chore(NA): upgrades rules_node_js to v5.4.0 (elastic#130021)"
  Use RuleDataReader to query for threshold signal history (elastic#129763)
  Remove securityRulesCancelEnabled setting and set shorter default timeouts (elastic#129769)
  Upgrade EUI to v54.0.0 (elastic#129653)
  ...

# Conflicts:
#	x-pack/plugins/screenshotting/server/formats/pdf/index.ts
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@madirey madirey madirey approved these changes

Assignees

@marshallmain marshallmain

Labels
auto-backport Deprecated - use backport:version if exact versions are needed Feature:Detection Alerts Security Solution Detection Alerts Feature release_note:skip Skip the PR/issue when compiling release notes Team:Detection Alerts Security Detection Alerts Area Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.2.0 v8.3.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@marshallmain @elasticmachine @kibana-ci @kibanamachine @madirey