Skip to content

[Security Solution] DE Server Type Refactor #117229

New issue
New issue
Open
Open
[Security Solution] DE Server Type Refactor#117229

Description

@madirey

madirey
openedon Nov 2, 2021

Summary

There are a number of duplicate, misleading, and inconsistent types across the DE backend. This issue will outline some potential problems and solutions as we work toward a more consistent type framework.

Work Items

  • SignalHit - Uses ES hit terminology, but is not actually a hit (it's used to build alerts in build_bulk_body.ts)... there is also a different type named SignalHit in the cases plugin => Remove in favor of AlertBody below.
  • SignalSource - TODO
  • SignalSourceHit - Like above, uses hit terminology, but is used to construct alerts.
  • WrappedSignalHit - Same as above.
  • RACAlert - This is the new type to replace SignalHit, but should be renamed to AlertBody.
  • WrappedRACAlert - Rename to WrappedAlertBody.
  • SimpleHit - Fairly useless type... just BaseHit parameterized with an optional @timestamp.
  • Signal - Will be deprecated.
  • SignalRuleAlertTypeDefinition - Remove. (Need to wait for rule preview work)
  • Threshold types - move to different location.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    Feature:Detection AlertsSecurity Solution Detection Alerts FeatureTeam: SecuritySolutionSecurity Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.technical debtImprovement of the software architecture and operational architecture

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions