Skip to content

[Security Solution] Change default index pattern #70797

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jul 6, 2020
Merged

[Security Solution] Change default index pattern #70797

merged 4 commits into from
Jul 6, 2020

Conversation

@oatkiller
Copy link
Contributor

@oatkiller oatkiller commented Jul 6, 2020
edited
Loading

Add logs-* to the Security Solution default index pattern. This should
allow the app to recognize events from the Elastic Endpoint.

manual validation

First I (think) i delete my local ES data

rm -rf .es

Next I started my local dev env up

yarn es snapshot
# other terminal
yarn start --no-base-path

Then I added Resolver data

cd x-pack/plugins/security_solution/scripts/endpoint
nvm use
yarn test:generate --ch 10 --gen 5

Then I viewed the data in the security solution:
image
image

I also validated that logs-* was found in the advanced security settings:
image

Questions

  • Does this require something in release notes? It could have a big (and unexpected) impact on users otherwise.
  • Does this require a documentation change? Probably not?
  • This will change the way the app behaves in some cases. Do we need to address anything right away?

Checklist

For maintainers

[Security Solution] Change default index pattern
3b458ff 
Add `logs-*` to the Security Solution default index pattern. This should
allow the app to recognize events from the Elastic Endpoint.
@oatkiller oatkiller requested review from a team as code owners July 6, 2020 13:27
@EricDavisX
Copy link
Contributor

EricDavisX commented Jul 6, 2020

nice

@kibanamachine
Copy link
Contributor

kibanamachine commented Jul 6, 2020

💚 Build Succeeded

Build metrics

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@oatkiller oatkiller merged commit 610bff1 into elastic:master Jul 6, 2020
@oatkiller oatkiller mentioned this pull request Jul 7, 2020
Merged
oatkiller pushed a commit to oatkiller/kibana that referenced this pull request Jul 7, 2020
[Security Solution] Change default index pattern (elastic#70797)
945de5a 
* [Security Solution] Change default index pattern

Add `logs-*` to the Security Solution default index pattern. This should
allow the app to recognize events from the Elastic Endpoint.
oatkiller pushed a commit that referenced this pull request Jul 7, 2020
[Security Solution] Change default index pattern (#70797) (#70902)
aaed0fc 
* [Security Solution] Change default index pattern

Add `logs-*` to the Security Solution default index pattern. This should
allow the app to recognize events from the Elastic Endpoint.
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jul 7, 2020
@gmmorris
Merge branch 'master' into alerting/consumer-based-rbac
ae3c7a7 
* master: (53 commits)
  [Composable template] Details panel + delete functionality (elastic#70814)
  [Uptime] Ping list body scroll (elastic#70781)
  moving indexPattern.delete() to indexPatterns.delete(indexPattern) (elastic#70430)
  Adapt expected response of advanced settings feature control for cloud tests (elastic#70793)
  skip flaky suite (elastic#70885)
  skip flaky suite (elastic#67814)
  skip flaky suite (elastic#70906)
  Revert "reenable regression and classification functional tests (elastic#70661)" (elastic#70908)
  Added UI validation when creating a Webhook connector with invalid URL (elastic#70025)
  [Security Solution] Change default index pattern (elastic#70797)
  ServiceNow push to Incident generic implementation (supporting both Case specific and generic Alerts) (elastic#68464)
  add button link to ingest (elastic#70142)
  reenable regression and classification functional tests (elastic#70661)
  [Component templates] Form wizard (elastic#69732)
  [Ingest Manager] Copy changes (elastic#70828)
  Adding test user to maps functional tests - PR 1 (elastic#70649)
  [Ingest Manager] Support limiting integrations on an agent config (elastic#70542)
  skip flaky suite (elastic#70880)
  [Metrics UI] Fix a bug in Metric Threshold query filter construction (elastic#70672)
  upgrade caniuse-lite database (elastic#70833)
  ...
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jul 7, 2020
@gmmorris
Merge branch 'master' into actions/feature
61626a0 
* master: (46 commits)
  [Composable template] Details panel + delete functionality (elastic#70814)
  [Uptime] Ping list body scroll (elastic#70781)
  moving indexPattern.delete() to indexPatterns.delete(indexPattern) (elastic#70430)
  Adapt expected response of advanced settings feature control for cloud tests (elastic#70793)
  skip flaky suite (elastic#70885)
  skip flaky suite (elastic#67814)
  skip flaky suite (elastic#70906)
  Revert "reenable regression and classification functional tests (elastic#70661)" (elastic#70908)
  Added UI validation when creating a Webhook connector with invalid URL (elastic#70025)
  [Security Solution] Change default index pattern (elastic#70797)
  ServiceNow push to Incident generic implementation (supporting both Case specific and generic Alerts) (elastic#68464)
  add button link to ingest (elastic#70142)
  reenable regression and classification functional tests (elastic#70661)
  [Component templates] Form wizard (elastic#69732)
  [Ingest Manager] Copy changes (elastic#70828)
  Adding test user to maps functional tests - PR 1 (elastic#70649)
  [Ingest Manager] Support limiting integrations on an agent config (elastic#70542)
  skip flaky suite (elastic#70880)
  [Metrics UI] Fix a bug in Metric Threshold query filter construction (elastic#70672)
  upgrade caniuse-lite database (elastic#70833)
  ...
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jul 7, 2020
@gmmorris
Merge branch 'actions/feature' into actions/feature-and-rbac
a73fff5 
* actions/feature: (46 commits)
  [Composable template] Details panel + delete functionality (elastic#70814)
  [Uptime] Ping list body scroll (elastic#70781)
  moving indexPattern.delete() to indexPatterns.delete(indexPattern) (elastic#70430)
  Adapt expected response of advanced settings feature control for cloud tests (elastic#70793)
  skip flaky suite (elastic#70885)
  skip flaky suite (elastic#67814)
  skip flaky suite (elastic#70906)
  Revert "reenable regression and classification functional tests (elastic#70661)" (elastic#70908)
  Added UI validation when creating a Webhook connector with invalid URL (elastic#70025)
  [Security Solution] Change default index pattern (elastic#70797)
  ServiceNow push to Incident generic implementation (supporting both Case specific and generic Alerts) (elastic#68464)
  add button link to ingest (elastic#70142)
  reenable regression and classification functional tests (elastic#70661)
  [Component templates] Form wizard (elastic#69732)
  [Ingest Manager] Copy changes (elastic#70828)
  Adding test user to maps functional tests - PR 1 (elastic#70649)
  [Ingest Manager] Support limiting integrations on an agent config (elastic#70542)
  skip flaky suite (elastic#70880)
  [Metrics UI] Fix a bug in Metric Threshold query filter construction (elastic#70672)
  upgrade caniuse-lite database (elastic#70833)
  ...
@MindyRS MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Sep 23, 2021
@elasticmachine
Copy link
Contributor

elasticmachine commented Sep 23, 2021

Pinging @elastic/security-solution (Team: SecuritySolution)

@oatkiller oatkiller deleted the default-index-change branch March 31, 2022 11:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@james-elastic james-elastic james-elastic approved these changes

Assignees

No one assigned

Labels

release_note:enhancement Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM v7.9.0 v8.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@oatkiller @EricDavisX @kibanamachine @elasticmachine @james-elastic @MindyRS @LeeDr