[Epic][Security Solution][Detection Engine] add request logging on preview for the rest of rule types #202545
Open
4 of 5 tasks
Assignees
Labels
enhancement
New value added to drive a business result
Feature:Detection Rule Preview
Security Solution Detection Rule Preview feature
Team:Detection Engine
Security Solution Detection Engine Area
Team:Detections and Resp
Security Detection Response Team
Comments
vitaliidm
added
Team:Detections and Resp
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-detection-engine (Team:Detection Engine) |
4 tasks
yctercero
added
enhancement
vitaliidm
added a commit
that referenced
this issue
Jan 28, 2025
…r new terms, threshold, query, ML rule types (#203320) ## Summary - partially addresses #202545 (except of IM rule type) - extends logged requests preview for: - [x] New terms - [x] Query - [x] ML - [x] Threshold - For Threshold, Query, New terms rule type introduced Page view, where each loop of rule execution is presented as a separate page - Only first 2 search queries requests of each type are logged for performance reasons(rule can have very a large and multiple requests). That's why property **request** was made not mandatory in `rule_preview.schema.yaml` ### DEMO https://github.com/user-attachments/assets/abfbd3ff-d06c-4892-b805-0f05084042ed --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Jan 28, 2025
…r new terms, threshold, query, ML rule types (elastic#203320) ## Summary - partially addresses elastic#202545 (except of IM rule type) - extends logged requests preview for: - [x] New terms - [x] Query - [x] ML - [x] Threshold - For Threshold, Query, New terms rule type introduced Page view, where each loop of rule execution is presented as a separate page - Only first 2 search queries requests of each type are logged for performance reasons(rule can have very a large and multiple requests). That's why property **request** was made not mandatory in `rule_preview.schema.yaml` ### DEMO https://github.com/user-attachments/assets/abfbd3ff-d06c-4892-b805-0f05084042ed --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> (cherry picked from commit 0f996c3)
yctercero
changed the title
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
PR #191107 has introduced logging of ES requests during preview for ES|QL and EQL rule types.
Extend this feature to the rest of rules:
The text was updated successfully, but these errors were encountered: