Skip to content

[9.1] [Security Solution][EDR] Fix import of endpoint exceptions (#233142)#233890

Merged
paul-tavares merged 4 commits intoelastic:9.1from
paul-tavares:backport/9.1/pr-233142
Sep 4, 2025
Merged

[9.1] [Security Solution][EDR] Fix import of endpoint exceptions (#233142)#233890
paul-tavares merged 4 commits intoelastic:9.1from
paul-tavares:backport/9.1/pr-233142

Conversation

@paul-tavares
Copy link
Copy Markdown
Contributor

@paul-tavares paul-tavares commented Sep 3, 2025

Backport

This will backport the following commits from main to 9.1:

Questions ?

Please refer to the Backport tool documentation

@paul-tavares
[Security Solution][EDR] Fix import of endpoint exceptions (elastic#2…
8e41fbf 
…33142)

## Summary

- Fix import of Endpoint Exceptions to ensure they are made visible and
accessible via API
- A bug was introduced with `v9.1.0`, as part of support for Spaces,
that made imported endpoint exceptions unaccessible after import. Items
were imported into the index, but they did not include a `tag`
indicating that the exception is Global. This was a new requirement with
`v9.1.0`

(cherry picked from commit 5be7a8f)

# Conflicts:
#	x-pack/solutions/security/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_import_handler.ts
#	x-pack/solutions/security/test/security_solution_endpoint/services/endpoint_artifacts.ts
@paul-tavares paul-tavares added the backport This PR is a backport of another PR label Sep 3, 2025
@paul-tavares paul-tavares enabled auto-merge (squash) September 3, 2025 15:50
@paul-tavares paul-tavares mentioned this pull request Sep 3, 2025
Merged
1 task
@paul-tavares paul-tavares merged commit b925273 into elastic:9.1 Sep 4, 2025
12 checks passed
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Sep 4, 2025

💚 Build Succeeded

Metrics [docs]

Saved Objects .kibana field count

Every field in each saved object type adds overhead to Elasticsearch. Kibana needs to keep the total field count below Elasticsearch's default limit of 1000 fields. Only specify field mappings for the fields you wish to search on or query. See https://www.elastic.co/guide/en/kibana/master/saved-objects-service.html#_mappings

id before after diff
_data_stream_timestamp 1 - -1
_doc_count 1 - -1
_ignored_source 1 - -1
_index_mode 1 - -1
_inference_fields 1 - -1
_tier 1 - -1
apm-custom-dashboards 5 - -5
apm-server-schema 2 - -2
apm-service-group 5 - -5
application_usage_daily 2 - -2
config 2 - -2
config-global 2 - -2
coreMigrationVersion 1 - -1
created_at 1 - -1
created_by 1 - -1
entity-definition 9 - -9
entity-discovery-api-key 2 - -2
event_loop_delays_daily 2 - -2
favorites 4 - -4
file 11 - -11
file-upload-usage-collection-telemetry 3 - -3
fileShare 5 - -5
guided-onboarding-guide-state 3 - -3
infra-custom-dashboards 4 - -4
infrastructure-monitoring-log-view 2 - -2
intercept_trigger_record 5 - -5
legacy-url-alias 7 - -7
managed 1 - -1
ml-job 6 - -6
ml-module 13 - -13
ml-trained-model 7 - -7
monitoring-telemetry 2 - -2
namespace 1 - -1
namespaces 1 - -1
observability-onboarding-state 2 - -2
originId 1 - -1
product-doc-install-status 7 - -7
references 4 - -4
sample-data-telemetry 3 - -3
security-ai-prompt 8 - -8
slo 11 - -11
space 5 - -5
synthetics-monitor 34 - -34
synthetics-monitor-multi-space 34 - -34
tag 4 - -4
type 1 - -1
typeMigrationVersion 1 - -1
ui-metric 2 - -2
updated_at 1 - -1
updated_by 1 - -1
upgrade-assistant-ml-upgrade-operation 3 - -3
upgrade-assistant-reindex-operation 3 - -3
uptime-synthetics-api-key 2 - -2
url 5 - -5
usage-counters 2 - -2
total -249

History

@paul-tavares paul-tavares deleted the backport/9.1/pr-233142 branch September 4, 2025 14:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@joeypoon joeypoon joeypoon approved these changes

@tomsonpl tomsonpl tomsonpl approved these changes

@kibanamachine kibanamachine Awaiting requested review from kibanamachine kibanamachine is a code owner

Assignees

No one assigned

Labels

backport This PR is a backport of another PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@paul-tavares @elasticmachine @joeypoon @tomsonpl