Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Index cleanup on deleting space #175616

Open
e40pud opened this issue Jan 25, 2024 · 2 comments
Open

[Security Solution] Index cleanup on deleting space #175616

e40pud opened this issue Jan 25, 2024 · 2 comments
Assignees
@yctercero
Labels
discuss impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. Project:Serverless Work as part of the Serverless project for its initial release Team:Detection Engine Security Solution Detection Engine Area Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.

Comments

@e40pud
Copy link
Contributor

e40pud commented Jan 25, 2024

Enhancement:

Related SDH: https://github.com/elastic/sdh-security-team/issues/839

One of our users asked if they can safely remove space related indices after they deleted a space. Historically, we've never removed those indices and left them in case user need them in case of restoring data.

Here are the details of what is being removed one deleting space from the core team:

If a saved object only exists in that space, it will be deleted. If a SO is shared with the space and other spaces, it will still exist after the space is deleted.
Please keep in mind that elasticsearch indices are not saved objects. In Kibana, data views are.
Since indices are not SO, we never remove them.

It would be nice to allow users to decide whether they want to purge all space related data or just do that by default.

cc @yctercero @paulewing
@e40pud e40pud added discuss Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Jan 25, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@yctercero yctercero added the Team:Detection Engine Security Solution Detection Engine Area label Feb 14, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-engine (Team:Detection Engine)

@yctercero yctercero added impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. Project:Serverless Work as part of the Serverless project for its initial release labels Apr 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yctercero yctercero

Labels
discuss impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. Project:Serverless Work as part of the Serverless project for its initial release Team:Detection Engine Security Solution Detection Engine Area Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@e40pud @yctercero @elasticmachine