Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[8.x] [Security Solution][Detection Engine] adds legacy siem signals …
…telemetry (#202671) (#203744) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution][Detection Engine] adds legacy siem signals telemetry (#202671)](#202671) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Vitalii Dmyterko","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-12-11T10:03:19Z","message":"[Security Solution][Detection Engine] adds legacy siem signals telemetry (#202671)\n\n## Summary\r\n\r\n- partly addresses https://github.com/elastic/kibana/issues/195523\r\n- adds snapshot telemetry that shows number of legacy siem signals and\r\nnumber of spaces they are in\r\n- while working on PR, discovered and fixed few issues in APIs\r\n- get migration status API did not work correctly with new `.alerts-*`\r\nindices, listing them as outdated\r\n- finalize migration API did account for spaces, when adding alias to\r\nmigrated index\r\n- remove migration API failed due to lack of permissions to removed\r\nmigration task from `.tasks` index\r\n\r\n### How to test\r\n\r\n#### How to create legacy siem index?\r\n\r\nrun script that used for FTR tests\r\n\r\n```bash\r\nnode scripts/es_archiver --kibana-url=http://elastic:changeme@localhost:5601 --es-url=http://elastic:changeme@localhost:9200 load x-pack/test/functional/es_archives/signals/legacy_signals_index\r\n\r\n```\r\nThese would create legacy siem indices. But be aware, it might break\r\nKibana .alerts indices creation. But sufficient for testing\r\n\r\n\r\n#### How to test snapshot telemetry\r\n\r\nSnapshot\r\nFor snapshot telemetry use\r\n[API](https://docs.elastic.dev/telemetry/collection/snapshot-telemetry#telemetry-usage-payload-api)\r\ncall\r\nOR\r\nCheck snapshots in Kibana adv settings -> Global Settings Tab -> Usage\r\ncollection section -> Click on cluster data example link -> Check\r\n`legacy_siem_signals ` fields in flyout\r\n\r\n<details>\r\n<summary> Snapshot telemetry </summary>\r\n\r\n\r\n<img width=\"2549\" alt=\"Screenshot 2024-12-03 at 13 08 03\"\r\nsrc=\"https://github.com/user-attachments/assets/28ffe983-01c7-4435-a82a-9a968d32d5e0\">\r\n\r\n\r\n </details>\r\n\r\n---------\r\n\r\nCo-authored-by: Ryland Herrick <[email protected]>","sha":"8821e034e9c6cc4ad42915e54b429defd6b970b5","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","backport:prev-minor","Team:Detection Engine"],"title":"[Security Solution][Detection Engine] adds legacy siem signals telemetry","number":202671,"url":"https://github.com/elastic/kibana/pull/202671","mergeCommit":{"message":"[Security Solution][Detection Engine] adds legacy siem signals telemetry (#202671)\n\n## Summary\r\n\r\n- partly addresses https://github.com/elastic/kibana/issues/195523\r\n- adds snapshot telemetry that shows number of legacy siem signals and\r\nnumber of spaces they are in\r\n- while working on PR, discovered and fixed few issues in APIs\r\n- get migration status API did not work correctly with new `.alerts-*`\r\nindices, listing them as outdated\r\n- finalize migration API did account for spaces, when adding alias to\r\nmigrated index\r\n- remove migration API failed due to lack of permissions to removed\r\nmigration task from `.tasks` index\r\n\r\n### How to test\r\n\r\n#### How to create legacy siem index?\r\n\r\nrun script that used for FTR tests\r\n\r\n```bash\r\nnode scripts/es_archiver --kibana-url=http://elastic:changeme@localhost:5601 --es-url=http://elastic:changeme@localhost:9200 load x-pack/test/functional/es_archives/signals/legacy_signals_index\r\n\r\n```\r\nThese would create legacy siem indices. But be aware, it might break\r\nKibana .alerts indices creation. But sufficient for testing\r\n\r\n\r\n#### How to test snapshot telemetry\r\n\r\nSnapshot\r\nFor snapshot telemetry use\r\n[API](https://docs.elastic.dev/telemetry/collection/snapshot-telemetry#telemetry-usage-payload-api)\r\ncall\r\nOR\r\nCheck snapshots in Kibana adv settings -> Global Settings Tab -> Usage\r\ncollection section -> Click on cluster data example link -> Check\r\n`legacy_siem_signals ` fields in flyout\r\n\r\n<details>\r\n<summary> Snapshot telemetry </summary>\r\n\r\n\r\n<img width=\"2549\" alt=\"Screenshot 2024-12-03 at 13 08 03\"\r\nsrc=\"https://github.com/user-attachments/assets/28ffe983-01c7-4435-a82a-9a968d32d5e0\">\r\n\r\n\r\n </details>\r\n\r\n---------\r\n\r\nCo-authored-by: Ryland Herrick <[email protected]>","sha":"8821e034e9c6cc4ad42915e54b429defd6b970b5"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/202671","number":202671,"mergeCommit":{"message":"[Security Solution][Detection Engine] adds legacy siem signals telemetry (#202671)\n\n## Summary\r\n\r\n- partly addresses https://github.com/elastic/kibana/issues/195523\r\n- adds snapshot telemetry that shows number of legacy siem signals and\r\nnumber of spaces they are in\r\n- while working on PR, discovered and fixed few issues in APIs\r\n- get migration status API did not work correctly with new `.alerts-*`\r\nindices, listing them as outdated\r\n- finalize migration API did account for spaces, when adding alias to\r\nmigrated index\r\n- remove migration API failed due to lack of permissions to removed\r\nmigration task from `.tasks` index\r\n\r\n### How to test\r\n\r\n#### How to create legacy siem index?\r\n\r\nrun script that used for FTR tests\r\n\r\n```bash\r\nnode scripts/es_archiver --kibana-url=http://elastic:changeme@localhost:5601 --es-url=http://elastic:changeme@localhost:9200 load x-pack/test/functional/es_archives/signals/legacy_signals_index\r\n\r\n```\r\nThese would create legacy siem indices. But be aware, it might break\r\nKibana .alerts indices creation. But sufficient for testing\r\n\r\n\r\n#### How to test snapshot telemetry\r\n\r\nSnapshot\r\nFor snapshot telemetry use\r\n[API](https://docs.elastic.dev/telemetry/collection/snapshot-telemetry#telemetry-usage-payload-api)\r\ncall\r\nOR\r\nCheck snapshots in Kibana adv settings -> Global Settings Tab -> Usage\r\ncollection section -> Click on cluster data example link -> Check\r\n`legacy_siem_signals ` fields in flyout\r\n\r\n<details>\r\n<summary> Snapshot telemetry </summary>\r\n\r\n\r\n<img width=\"2549\" alt=\"Screenshot 2024-12-03 at 13 08 03\"\r\nsrc=\"https://github.com/user-attachments/assets/28ffe983-01c7-4435-a82a-9a968d32d5e0\">\r\n\r\n\r\n </details>\r\n\r\n---------\r\n\r\nCo-authored-by: Ryland Herrick <[email protected]>","sha":"8821e034e9c6cc4ad42915e54b429defd6b970b5"}}]}] BACKPORT--> Co-authored-by: Vitalii Dmyterko <[email protected]>
- Loading branch information
1 parent
e0f9cf7
commit cb68426