Comments (5)
Known issue for Threshold rule:
If manual rule run cover the date range, which was already covered by scheduled rule executions it can produce duplicate errors.
Use case:
Let's say I have 4 events: 13:00, 14:00, 15:00, 16:00
Threshold rule - with 5 minute interval and 10 hours lookback time and threshold = 2
Normal rule execution - give me 2 alerts (14:00, 16:00)
If I run manual rule run from 12:00-16:10
I will have 2 alerts generated at 14:00 and 16:00.
Probably user should expect 0 alerts from manual rule run, as it was already covered by scheduled rule execution
from security-docs.
Known issue 2:
Suppression count for custom query rule can be updated wrong
https://github.com/elastic/security-team/issues/9870
from security-docs.
General notes from today's feature sync:
- @nastasha-solomon will aim to have docs done in time for the Monday, July 29, 2024 Serverless release.
- @nkhristinin will check if it's possible to only enable the feature flag for this feature in ESS.
- @nkhristinin or @e40pud to provide a test env for docs testing and screenshots either this week, or after Nastasha is back from PTO (which is the week of July 15)
from security-docs.
We should mention Manual rule limitations - to users in docs
from security-docs.
API docs impact
We need to update next sections:
- Bulk action > Request body: add
run
as a new possible action's value - Bulk action > Request body: add new property
Name | Type | Description | Required |
---|---|---|---|
run | BulkManualRuleRun[] | Object that describes applying an manual rule run action. | No. Yes, if action is run . |
- We should add new type description similar to BulkDuplicateAction object and BulkEditAction object:
BulkManualRuleRun
start_date
field: (String, Required). Defines start date of the manual rule run.end_date
field: (String, Optional). Defines end date of the manual rule run.
- Response payload: add
run
to the actions list. Also, we should mention that we useattributes.results.updated
to return rule objects that were scheduled for manual rule run during therun
action execution.
from security-docs.
Related Issues (20)
- 8.15 Endpoint release notes
- 8.15.0 Release notes
- [BUG] Update D4C overview intro / tag
- [Request] Duplicate connector docs: cross-link and add any missing info
- [Request] Gen AI section, use-cases docs, parity
- [Detections] Placeholder for documenting new system actions feature for detection rules
- [Request] Document Sysdig falco integration
- [Request] Connect Elastic AI Assistant to Google Vertex HOT 1
- [UI copy]: Attack Discovery Notification HOT 1
- [UI copy]: Stack Management Security AI Assistant Settings
- [Enhancement]: Register as AV, now enabled by default
- Bring Your Own: Local Large Language Model (BYOL LLM) HOT 1
- Update Attack Discovery Docs Page[Request] HOT 1
- [Request] Document filtering out cold/frozen data tiers during rule execution
- [UI copy]: [Security Solution] Flyout navigation copy HOT 5
- [Enhancement]: Entity Analytics troubleshooting guide is outdated should be removed HOT 5
- [Request] Add note on alert suppression limitation for timeline HOT 2
- `7.17.23` Release Notes
- [Request] Permissions for alert suppression in machine learning rules HOT 1
- `8.15.1` Release Notes HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from security-docs.