Skip to content

[EDR Workflows][Osquery] Use newly added action responses data stream#183892

Merged
szwarckonrad merged 5 commits intoelastic:mainfrom
szwarckonrad:osquery-new-datastream-index
May 24, 2024
Merged

[EDR Workflows][Osquery] Use newly added action responses data stream#183892
szwarckonrad merged 5 commits intoelastic:mainfrom
szwarckonrad:osquery-new-datastream-index

Conversation

@szwarckonrad
Copy link
Copy Markdown
Contributor

@szwarckonrad szwarckonrad commented May 21, 2024
edited
Loading

Prerequisite: elastic/elasticsearch#108849

Follow-up: elastic/integrations#9661

This PR introduces a new index logs-osquery_manager.action.responses-default for action responses. This index will be added in Osquery Manager integration version 1.12 and will replace the existing .logs-osquery_manager.action.responses-default, which is currently populated by a transform from .fleet-actions.

Since most users will still be using the old integration package, we ensured that the implementation checks the old index first and returns the response from there unless the new index is available. If the new index is available, the response will come from it. This change ensures compatibility with all user scenarios.

@szwarckonrad szwarckonrad added release_note:skip Skip the PR/issue when compiling release notes backport:skip This PR does not require backporting Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v8.15.0 labels May 21, 2024
@szwarckonrad szwarckonrad self-assigned this May 21, 2024
@szwarckonrad szwarckonrad requested a review from a team as a code owner May 21, 2024 08:20
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented May 21, 2024

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

@szwarckonrad szwarckonrad mentioned this pull request May 21, 2024
Merged
@kibana-ci
Copy link
Copy Markdown

kibana-ci commented May 22, 2024

💚 Build Succeeded

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @szwarckonrad

tomsonpl
tomsonpl approved these changes May 23, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@tomsonpl tomsonpl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

@szwarckonrad szwarckonrad merged commit 9bafd06 into elastic:main May 24, 2024
@szwarckonrad szwarckonrad mentioned this pull request May 24, 2024
Merged
szwarckonrad added a commit that referenced this pull request May 27, 2024
@szwarckonrad
[EDR Workflows][Osquery] Use newly added action responses data stream (
efd4887 
…#184209)

Follow up to #183892 with a commit
that got lost during local rebase.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@patrykkopycinski patrykkopycinski patrykkopycinski approved these changes

@tomsonpl tomsonpl tomsonpl approved these changes

@aleksmaus aleksmaus Awaiting requested review from aleksmaus

Assignees

@szwarckonrad szwarckonrad

Labels

backport:skip This PR does not require backporting release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v8.15.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@szwarckonrad @elasticmachine @kibana-ci @patrykkopycinski @tomsonpl