Endpoint Telemetry: Agents Metrics + Policy Config / Response#102171
Merged
Endpoint Telemetry: Agents Metrics + Policy Config / Response#102171
Conversation
Contributor
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Contributor
Author
|
@elasticmachine merge upstream |
…ana into pjhampton/endpoint-telemetry
Bamieh
reviewed
Jun 28, 2021
Contributor
Author
|
@elasticmachine merge upstream |
|
|
||
| const endpointPolicyCache = new Map<string, FullAgentPolicyInput>(); | ||
| for (const policyInfo of fleetAgents.values()) { | ||
| if (policyInfo.policy_id !== null && policyInfo.policy_id !== undefined) { |
Contributor
There was a problem hiding this comment.
Just a personal preference here, but might make it a bit easier to read intent if we store the boolean logic in a variable
const shouldCachePolicy =
policyInfo.policy_id !== null &&
policyInfo.policy_id !== undefined &&
!endpointPolicyCache.has(policyInfo.policy_id)
Contributor
Author
There was a problem hiding this comment.
Yeah, that is slick. Thanks for the feedback!
michaelolo24
approved these changes
Jun 29, 2021
Contributor
michaelolo24
left a comment
There was a problem hiding this comment.
Looks good! Thanks for making these changes. We can work on performance improvements on a follow up PR 👍🏾
Contributor
Author
|
@elasticmachine merge upstream |
Contributor
💚 Build Succeeded
Metrics [docs]
History
To update your PR or re-run it, just comment with: |
kibanamachine
added a commit
to kibanamachine/kibana
that referenced
this pull request
Jun 30, 2021
…c#102171) * [PH] Initial setup for endpoint task telemetry. * Refactor / Add daily task for collecting fleet detail / policy resp / EP metrics * [PH CD] Code walkthrough. Start fetching fleet policy configs. * [PH] pass in fleet agent service rather than homebrew kuerys. * [PH] prepare to move away from legacy es client. Get fleet ep agents. * Fetch agent policy configs. * Stub ep policy responses. * Fix CI + Types. Fix dep injection. Reimagine SO client creation. * Create SO client properly * Fetch EP Policy responses. * Fetch EP Policy responses. * Remove unused import * Fetch failed policy responses from EP data stream. * Remove unused imports. * Combine failed policy responses with policy configs. * Attach fleet agent + ep agent ids * Add dedicated channel sender. Temp disable with feature flag. * Remove ublock from the failed policy response. * Fetch endpoint metrics. * Fix bad merge commit. * Get EP telemetry. * Record last execution time of endpoint task * Remove send on demand feature flag. * Simplify cache conditional. * Refactor into Promise.allSettled * Fix type error. * Bail if there is no endpoint metrics * Bump interval to 24h. Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Contributor
💚 Backport successful
This backport PR will be merged automatically after passing CI. |
kibanamachine
added a commit
that referenced
this pull request
Jun 30, 2021
… (#103851) * [PH] Initial setup for endpoint task telemetry. * Refactor / Add daily task for collecting fleet detail / policy resp / EP metrics * [PH CD] Code walkthrough. Start fetching fleet policy configs. * [PH] pass in fleet agent service rather than homebrew kuerys. * [PH] prepare to move away from legacy es client. Get fleet ep agents. * Fetch agent policy configs. * Stub ep policy responses. * Fix CI + Types. Fix dep injection. Reimagine SO client creation. * Create SO client properly * Fetch EP Policy responses. * Fetch EP Policy responses. * Remove unused import * Fetch failed policy responses from EP data stream. * Remove unused imports. * Combine failed policy responses with policy configs. * Attach fleet agent + ep agent ids * Add dedicated channel sender. Temp disable with feature flag. * Remove ublock from the failed policy response. * Fetch endpoint metrics. * Fix bad merge commit. * Get EP telemetry. * Record last execution time of endpoint task * Remove send on demand feature flag. * Simplify cache conditional. * Refactor into Promise.allSettled * Fix type error. * Bail if there is no endpoint metrics * Bump interval to 24h. Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Pete Hampton <pjhampton@users.noreply.github.com>
jloleysens
added a commit
to jloleysens/kibana
that referenced
this pull request
Jun 30, 2021
…-png-pdf-report-type * 'master' of github.com:elastic/kibana: (178 commits) [test] Migrating to kbn_archiver from es_archiver - for the Maps app (elastic#103028) [Reporting] Reintroduce "ILM policy for managing reporting indices" (elastic#103850) [Security Solution][Endpoint] Allow activity log scrolling on small screens (elastic#103852) Allow zero (0) to unset unenroll_timeout field (elastic#103790) [TSVB] Metric count is depicted as `-` instead of 0 (elastic#103717) [Query] Es query/field base (elastic#103177) Remove add data button from nav (elastic#103810) Fix telemetry advanced setting style (elastic#103838) [Transform] Fix default naming and sorting fields suggestion for `top_metrics` agg (elastic#103690) [APM] use conventional error rate color for correlations (elastic#103500) Endpoint Telemetry: Agents Metrics + Policy Config / Response (elastic#102171) [Alerting] Fixed search results are not updated when search term is removed on Rules and Connectors page (elastic#103663) fix too many rernders (elastic#103672) [APM] Add “Analyze Data” button (elastic#103485) [Lens] Fix value popover spacing (elastic#103081) [TSVB] Fix TSVB is not reporting all categories of Elasticsearch error (elastic#102926) [SECURITY] Adds security links to doc link service (elastic#102676) Update dependency @elastic/charts to v31 (elastic#102078) [Security Solution][CTI] Investigation time enrichment UI (elastic#103383) Adds ECS guide to doc links service (elastic#102246) ... # Conflicts: # x-pack/plugins/reporting/public/share_context_menu/register_pdf_png_reporting.tsx
2 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR retrieves and transmits Endpoint agent telemetry if cluster permissions permit.
There have been auxiliary PRs / Issues opened:
kibana_systemuser to.ds-metrics-endpoint.policy-*kibana_systemuser to.ds-metrics-endpoint.metrics-*We are currently sharing the telemetry with the Endpoint team. We will be making changes to the final payload.
Implementation
The implementation is not that straightforward - here is a high level of how it works
endpoint, add to a cache associating the fleet agent id with the policy idendpoint-metatelemetry channelFollow up
I'm hosting a call week beginning 28/Jun re this telemetry + design.
Let me know if you want me to swing you an invite.
Checklist