Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] fix endpoint metadata API list sorting #154638

Merged
merged 5 commits into from
Apr 11, 2023
Merged

[Security Solution] fix endpoint metadata API list sorting #154638

merged 5 commits into from
Apr 11, 2023

Conversation

joeypoon
Copy link
Member

@joeypoon joeypoon commented Apr 10, 2023
edited by kibanamachine
Loading

Summary

fixes endpoint metadata list API not correctly sorting

Issues:

For maintainers

@joeypoon joeypoon added release_note:fix Team:Defend Workflows “EDR Workflows” sub-team of Security Solution labels Apr 10, 2023
@joeypoon joeypoon requested a review from a team as a code owner April 10, 2023 03:24
@joeypoon joeypoon requested review from pzl and parkiino April 10, 2023 03:24
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

@joeypoon
Copy link
Member Author

@elasticmachine merge upstream

1 similar comment
@kevinlog
Copy link
Contributor

@elasticmachine merge upstream

@kevinlog
Copy link
Contributor

I'm proposing to push up a change to use united.agent.enrolled_at instead of united.endpoint.event.created because it will be a more consistent sort term. See some reasoning below:

  1. The initial problem arose because of isolating hosts which will cause Endpoint to send new events. If we sort by united.endpoint.event.created, then Endpoint records in the table will still move when they update
  2. united.agent.enrolled_at will keep the same order even when Endpoints send new events after isolating, actions, policy changes, etc. It will alleviate the problem where Endpoints in the list jump with event updates and give a consistent sort since the enrolled_at will only change if an Agent is remove and added back
  3. united.agent.enrolled_at will still give first time users a better experience because any newly enrolled Agents/Endpoints will appear at the top of the list. In addition, I believe enrolled_at is what the Fleet Agents table is sorted with.

Below is a gif with some events coming in due to isolation and the order is remaining consistent with united.agent.enrolled_at:

sorting

@joeypoon joeypoon force-pushed the fix/metadata-sorting branch from 98b9b48 to 9df2897 Compare April 10, 2023 14:10
@joeypoon joeypoon enabled auto-merge (squash) April 10, 2023 14:23
@kevinlog
Copy link
Contributor

@elasticmachine merge upstream

@kevinlog kevinlog mentioned this pull request Apr 10, 2023
Merged
@kevinlog
Copy link
Contributor

@elasticmachine merge upstream

@kevinlog
Copy link
Contributor

@elasticmachine merge upstream

@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Unknown metric groups

ESLint disabled line counts

id before after diff
securitySolution 433 436 +3

Total ESLint disabled count

id before after diff
securitySolution 513 516 +3

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@joeypoon joeypoon merged commit 979cb73 into elastic:main Apr 11, 2023
@kibanamachine kibanamachine mentioned this pull request Apr 11, 2023
Merged
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Apr 11, 2023
@joeypoon
[Security Solution] fix endpoint metadata API list sorting (elastic#1…
7f5a39b 
…54638)

(cherry picked from commit 979cb73)
@kibanamachine
Copy link
Contributor

💚 All backports created successfully

Status Branch Result
8.7

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

@nicpenning
Copy link

👍🏻

@joeypoon joeypoon deleted the fix/metadata-sorting branch April 11, 2023 01:40
kibanamachine added a commit that referenced this pull request Apr 11, 2023
@kibanamachine @joeypoon
[8.7] [Security Solution] fix endpoint metadata API list sorting (#15…
d9e302e 
…4638) (#154698)

# Backport

This will backport the following commits from `main` to `8.7`:
- [[Security Solution] fix endpoint metadata API list sorting
(#154638)](#154638)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Joey F.
Poon","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-04-11T00:35:22Z","message":"[Security
Solution] fix endpoint metadata API list sorting
(#154638)","sha":"979cb7350e19b4651e845a629af0da754e171b07","branchLabelMapping":{"^v8.8.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:Defend
Workflows","v8.8.0","v8.7.1"],"number":154638,"url":"https://github.com/elastic/kibana/pull/154638","mergeCommit":{"message":"[Security
Solution] fix endpoint metadata API list sorting
(#154638)","sha":"979cb7350e19b4651e845a629af0da754e171b07"}},"sourceBranch":"main","suggestedTargetBranches":["8.7"],"targetPullRequestStates":[{"branch":"main","label":"v8.8.0","labelRegex":"^v8.8.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/154638","number":154638,"mergeCommit":{"message":"[Security
Solution] fix endpoint metadata API list sorting
(#154638)","sha":"979cb7350e19b4651e845a629af0da754e171b07"}},{"branch":"8.7","label":"v8.7.1","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Joey F. Poon <[email protected]>
majagrubic pushed a commit to majagrubic/kibana that referenced this pull request Apr 11, 2023
@joeypoon
[Security Solution] fix endpoint metadata API list sorting (elastic#1…
d8ba69c 
…54638)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pzl pzl pzl approved these changes

@kevinlog kevinlog kevinlog approved these changes

@parkiino parkiino Awaiting requested review from parkiino parkiino was automatically assigned from elastic/security-defend-workflows

Assignees
No one assigned
Labels
release_note:fix Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v8.7.1 v8.8.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Manage Endpoint] Shifting Endpoints Can Cause Improper Isolation and Other Actions
7 participants
@joeypoon @elasticmachine @kevinlog @kibana-ci @kibanamachine @nicpenning @pzl