[Entity Analytics][Lead Generation][2] Add Risk, Temporal State, and behavorial observation modules#256156
Merged
abhishekbhatia1710 merged 32 commits intoelastic:mainfrom Mar 27, 2026
Conversation
…red types, index templates, observation module interface
…ation directory and fix nested mappings - Move all code from entity_lead_generation/ into lead_generation/ to eliminate duplicate directory structures between foundation and observation modules PRs - Change entities and observations mapping from nested to object since we don't query multiple fields of array elements simultaneously - Merge barrel exports and update all import paths
Contributor
|
Pinging @elastic/security-entity-analytics (Team:Entity Analytics) |
3 tasks
…modules # Conflicts: # x-pack/solutions/security/plugins/security_solution/common/entity_analytics/lead_generation/constants.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/lead_generation/index.ts # x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/lead_generation/observation_modules/index.ts
ymao1
reviewed
Mar 9, 2026
Contributor
ymao1
left a comment
There was a problem hiding this comment.
Did a first pass code review. Left a comment about reading all the entities into memory and a few places where unit tests would be great. Maybe there is a plan to add functional tests in a followup?
...ugins/security_solution/server/lib/entity_analytics/lead_generation/routes/generate_leads.ts
Outdated
Show resolved
Hide resolved
...ugins/security_solution/server/lib/entity_analytics/lead_generation/routes/generate_leads.ts
Show resolved
Hide resolved
...ugins/security_solution/server/lib/entity_analytics/lead_generation/routes/generate_leads.ts
Outdated
Show resolved
Hide resolved
...ugins/security_solution/server/lib/entity_analytics/lead_generation/routes/generate_leads.ts
Outdated
Show resolved
Hide resolved
...ugins/security_solution/server/lib/entity_analytics/lead_generation/routes/generate_leads.ts
Outdated
Show resolved
Hide resolved
...ugins/security_solution/server/lib/entity_analytics/lead_generation/routes/generate_leads.ts
Outdated
Show resolved
Hide resolved
...ugins/security_solution/server/lib/entity_analytics/lead_generation/routes/generate_leads.ts
Outdated
Show resolved
Hide resolved
...ty/plugins/security_solution/server/lib/entity_analytics/lead_generation/routes/get_leads.ts
Outdated
Show resolved
Hide resolved
...curity_solution/server/lib/entity_analytics/lead_generation/engine/lead_generation_engine.ts
Outdated
Show resolved
Hide resolved
...s/security_solution/server/lib/entity_analytics/lead_generation/observation_modules/index.ts
Outdated
Show resolved
Hide resolved
…persistLeads - Replace hardcoded alerts index pattern with DEFAULT_ALERTS_INDEX scoped to the current spaceId for proper data isolation - Add size/from query parameters to GET /leads with Zod validation (default 50, max 200) and track_total_hits for accurate totals - Export and add unit tests for persistLeads (bulk upsert + stale cleanup) and formatLeadForResponse Addresses review comments from elastic#256156
Engine tests (16): - Pipeline: empty entities, no observations, disabled modules, module errors, maxLeads cap, minObservations threshold - Priority scoring: severity rank formula (low=1, medium=3, high=5, critical=7), count bonus capped at +4, overall cap at 10 - Output: priority ordering, staleness, chatRecommendations Risk score module tests (12): - Current risk level tiers (critical/high/medium/low thresholds) - Privileged entity bonus (privileged + high risk → critical) - Risk escalation detection from time-series history - Entities without risk data are skipped Temporal state module tests (6): - Privilege escalation detection from entity snapshots - Already-privileged entities produce no observation - Non-privileged entities skip ES query entirely - Multi entity-type handling, error resilience Behavioral analysis module tests (13): - Severity tier selection (critical > high > medium > low) - Alert volume spike thresholds (10 = medium, 30 = high) - Multi-tactic detection (3 rules = high, 6 = critical) - Enabled/disabled based on alertsIndexPattern, error handling Addresses review comments from elastic#256156
Limits fields fetched from Entity Store to only those needed by observation modules (identity, risk, attributes, behaviors, lifecycle). Excludes large nested fields like raw log data that are not used in the lead generation pipeline. Addresses memory concern from review comment on elastic#256156
The Entity Store V2 EUID PR (elastic#250951) is merged. This migrates the lead generation pipeline from V1 per-entity-type indices to V2's unified index pattern (.entities.v2.latest.security_{namespace}). - fetchAllEntityStoreRecords now queries a single V2 index instead of looping over separate user/host V1 indices - entityRecordToLeadEntity falls back to entity.id (EUID) when entity.name is absent - temporal_state_module uses V2 history snapshot pattern and filters by entity.type/entity.name instead of V1 entity-type-specific fields - De-duplicated entityToKey by importing from shared utils - Added unit tests for fetchAllEntityStoreRecords, entityRecordToLeadEntity, and getEntityStoreLatestIndex
…ULT_ALERTS_INDEX DEFAULT_ALERTS_INDEX is not re-exported from the common barrel. Use the existing getAlertsIndex(spaceId) from entity_analytics/utils which encapsulates the same pattern.
ymao1
approved these changes
Mar 13, 2026
Contributor
ymao1
left a comment
There was a problem hiding this comment.
LGTM. Thanks for addressing my comments. The primary followup that I don't want to get lost in all the comments is breaking down the entity query so we're not bringing all entities back into memory unnecessarily.
...ugins/security_solution/server/lib/entity_analytics/lead_generation/routes/generate_leads.ts
Show resolved
Hide resolved
...lution/server/lib/entity_analytics/lead_generation/routes/register_lead_generation_routes.ts
Show resolved
Hide resolved
...curity_solution/server/lib/entity_analytics/lead_generation/engine/lead_generation_engine.ts
Show resolved
Hide resolved
hop-dev
reviewed
Mar 20, 2026
...ugins/security_solution/server/lib/entity_analytics/lead_generation/routes/generate_leads.ts
Outdated
Show resolved
Hide resolved
… modules - Delete llm_synthesize.ts and all chatModel/InferenceChatModel plumbing - Fix buildDescription joining with \n instead of space - Fix usedTitleTracker: move from module-level mutable state to local scope - Fix staleness at generation time: hardcode 'fresh' (real calc at read time) - Export calculateStaleness for use by GET route - Remove dead PATTERN_CATALOG entries (investigation_status, watchlist_inclusion, bare risk_escalation, low_risk_score) - Inline groupByObservationPattern stub and buildRuleBasedTitle - Pre-build observationsByEntityId map to avoid O(N×M) filter scans - Fix groupEntitiesByType spread-in-reduce with push-based loop - Parallelize risk score time-series queries with Promise.all - Remove low_risk_score tier from risk score module - Remove deprecated createAlertAnalysisModule alias
…on-modules' of github.com:abhishekbhatia1710/kibana into ea-15947-observation-modules
…ionEnabled - Remove chatModel / InferenceChatModel / connectorId from generate_leads route since LLM synthesis was removed in an earlier refactor commit - Rename entityThreatHuntingEnabled → leadGenerationEnabled to match the current experimental feature flag name
...ugins/security_solution/server/lib/entity_analytics/lead_generation/routes/generate_leads.ts
Show resolved
Hide resolved
Return early from persistLeads when the leads array is empty. Previously the deleteByQuery ran unconditionally, deleting all existing leads in the index because no documents carried the new executionId.
...ugins/security_solution/server/lib/entity_analytics/lead_generation/routes/generate_leads.ts
Outdated
Show resolved
Hide resolved
Revert the early return when leads is empty. The gap-free replace pattern requires deleteByQuery to run unconditionally so stale docs from previous executions are cleaned up even when the engine produces zero leads. Only the bulk upsert is guarded by leads.length > 0.
...ugins/security_solution/server/lib/entity_analytics/lead_generation/routes/generate_leads.ts
Show resolved
Hide resolved
Contributor
💚 Build Succeeded
Metrics [docs]Module Count
History
|
hop-dev
approved these changes
Mar 26, 2026
abhishekbhatia1710
added a commit
that referenced
this pull request
Mar 27, 2026
…t to get data for lead generation (#256628) ## Summary - Introduces a shared **Entity Retriever** that centralises Entity Store V2 fetching, paginated via `search_after` for all users/hosts, or targeted by name, replacing duplicated inline logic in the generate-leads route - Introduces an **Entity Enricher** that pre-fetches risk score history (90-day daily averages), alert summaries (severity breakdown, top rules, top alerts), asset criticality, and privileged status for a batch of entities - Refactors the generate-leads route to delegate entity fetching to the retriever, removing ~70 lines of inline code - Updates the barrel file to export both new services and their types Closes : elastic/security-team#15948 This PR is 3rd part of the lead generation feature being built under the [Entity Analytics Lead Generation epic](elastic/security-team#14401). It builds on the foundation and observation modules from #255272 and #256156. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [ ] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels.
abhishekbhatia1710
added a commit
to abhishekbhatia1710/kibana
that referenced
this pull request
Mar 27, 2026
…n LLM prompt - Replace `computeStaleness(now, now)` with literal `'fresh'` since staleness is recalculated at read time in LeadDataClient - Add anti-hallucination instruction for rule names in LLM synthesis prompt - Rename alert_analysis_module/ to behavioral_analysis_module/ to match MODULE_ID = 'behavioral_analysis' (restoring consistency from PR elastic#256156) - Remove deprecated createAlertAnalysisModule alias - Update all import paths to reference behavioral_analysis_module
kelvtanv
pushed a commit
to kelvtanv/kibana
that referenced
this pull request
Mar 27, 2026
…t to get data for lead generation (elastic#256628) ## Summary - Introduces a shared **Entity Retriever** that centralises Entity Store V2 fetching, paginated via `search_after` for all users/hosts, or targeted by name, replacing duplicated inline logic in the generate-leads route - Introduces an **Entity Enricher** that pre-fetches risk score history (90-day daily averages), alert summaries (severity breakdown, top rules, top alerts), asset criticality, and privileged status for a batch of entities - Refactors the generate-leads route to delegate entity fetching to the retriever, removing ~70 lines of inline code - Updates the barrel file to export both new services and their types Closes : elastic/security-team#15948 This PR is 3rd part of the lead generation feature being built under the [Entity Analytics Lead Generation epic](elastic/security-team#14401). It builds on the foundation and observation modules from elastic#255272 and elastic#256156. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [ ] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels.
SoniaSanzV
pushed a commit
to SoniaSanzV/kibana
that referenced
this pull request
Mar 30, 2026
…t to get data for lead generation (elastic#256628) ## Summary - Introduces a shared **Entity Retriever** that centralises Entity Store V2 fetching, paginated via `search_after` for all users/hosts, or targeted by name, replacing duplicated inline logic in the generate-leads route - Introduces an **Entity Enricher** that pre-fetches risk score history (90-day daily averages), alert summaries (severity breakdown, top rules, top alerts), asset criticality, and privileged status for a batch of entities - Refactors the generate-leads route to delegate entity fetching to the retriever, removing ~70 lines of inline code - Updates the barrel file to export both new services and their types Closes : elastic/security-team#15948 This PR is 3rd part of the lead generation feature being built under the [Entity Analytics Lead Generation epic](elastic/security-team#14401). It builds on the foundation and observation modules from elastic#255272 and elastic#256156. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [ ] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels.
abhishekbhatia1710
added a commit
to abhishekbhatia1710/kibana
that referenced
this pull request
Mar 31, 2026
Resolve conflicts after PRs elastic#255272 (Foundation), elastic#256156 (Observation Modules), elastic#256628 (Entity Retrieval), and elastic#257046 (CRUD API Routes) were merged into main. Key resolutions: - Keep main's authoritative versions of observation modules with data-driven tier tables and RiskScoreDataClient integration - Add scheduling-specific weight properties to module configs - Wire RiskScoreDataClient through RunPipelineParams via dependency injection (route uses context, task creates from CoreStart) - Preserve main's .keyword suffix fixes in lead_data_client ES queries - Keep scheduling branch's single-file behavioral_analysis_module (consolidated from subdirectory structure) and remove stale subdir - Delete generate_leads.test.ts (coverage moved to run_pipeline.test.ts) - Preserve Task Manager registration, enable/disable route wiring, and run_pipeline shared orchestration from scheduling branch Note: pre-commit hook bypassed because ESLint failures are from upstream kbn-evals-suite-significant-events package (pre-existing in main), not from lead generation changes.
jeramysoucy
pushed a commit
to jeramysoucy/kibana
that referenced
this pull request
Apr 1, 2026
…behavorial observation modules (elastic#256156) ## Summary This PR adds three pluggable observation modules to the lead generation pipeline. Each module collects signals about entities (users and hosts) from different data sources. The engine combines these observations to score and rank leads, and uses them when generating titles, tags, and chat recommendations. - **Risk Analysis** : Uses current risk scores on entity records and (where available) risk score history. Flags entities that are high- or critical-risk, and those with meaningful risk increases over 24 hours, 7 days, or 90 days. Privileged entities with elevated risk are called out separately. - **Temporal State Analysis** : Looks at how entity state changes over time. Right now it focuses on **privilege escalation**: entities that were not privileged in the past but are privileged in the latest view (using Entity Store history). Other temporal signals (e.g. investigation status, watchlist) are left as hooks for later. - **Behavorial Analysis** : Uses security alerts tied to each entity over a 7 day window. It highlights severity (critical/high vs medium vs low), alert volume spikes, and cases where many distinct detection rules fire on the same entity (multi-tactic style activity). All three modules are registered with the lead generation engine and contribute to the same pipeline: entity retrieval -> observation collection -> scoring -> grouping and synthesis. No new API surface; this builds on the existing generate/find lead routes and the foundation from elastic#255272. Till the foundation PR gets merge, use the below comparison link to only see the changes for observation modules abhishekbhatia1710/kibana@ea-15946-lead-gen-foundation...ea-15947-observation-modules Testing Steps : The `POST /internal/entity_analytics/leads/generate` and `GET /internal/entity_analytics/leads` are only available for now. 1. Entity Store V2 enabled with some user/host entities. 2. Risk Engine enabled and risk score data (for the risk analysis module to find scores). (document generator) 3. Some detection rules firing alerts against those entities (for the alert analysis module). (This i created using gemini) Then call `POST /internal/entity_analytics/leads/generate`. Generated leads show up via `GET /internal/entity_analytics/leads`. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [ ] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels.
jeramysoucy
pushed a commit
to jeramysoucy/kibana
that referenced
this pull request
Apr 1, 2026
…t to get data for lead generation (elastic#256628) ## Summary - Introduces a shared **Entity Retriever** that centralises Entity Store V2 fetching, paginated via `search_after` for all users/hosts, or targeted by name, replacing duplicated inline logic in the generate-leads route - Introduces an **Entity Enricher** that pre-fetches risk score history (90-day daily averages), alert summaries (severity breakdown, top rules, top alerts), asset criticality, and privileged status for a batch of entities - Refactors the generate-leads route to delegate entity fetching to the retriever, removing ~70 lines of inline code - Updates the barrel file to export both new services and their types Closes : elastic/security-team#15948 This PR is 3rd part of the lead generation feature being built under the [Entity Analytics Lead Generation epic](elastic/security-team#14401). It builds on the foundation and observation modules from elastic#255272 and elastic#256156. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [ ] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels.
paulinashakirova
pushed a commit
to paulinashakirova/kibana
that referenced
this pull request
Apr 2, 2026
…behavorial observation modules (elastic#256156) ## Summary This PR adds three pluggable observation modules to the lead generation pipeline. Each module collects signals about entities (users and hosts) from different data sources. The engine combines these observations to score and rank leads, and uses them when generating titles, tags, and chat recommendations. - **Risk Analysis** : Uses current risk scores on entity records and (where available) risk score history. Flags entities that are high- or critical-risk, and those with meaningful risk increases over 24 hours, 7 days, or 90 days. Privileged entities with elevated risk are called out separately. - **Temporal State Analysis** : Looks at how entity state changes over time. Right now it focuses on **privilege escalation**: entities that were not privileged in the past but are privileged in the latest view (using Entity Store history). Other temporal signals (e.g. investigation status, watchlist) are left as hooks for later. - **Behavorial Analysis** : Uses security alerts tied to each entity over a 7 day window. It highlights severity (critical/high vs medium vs low), alert volume spikes, and cases where many distinct detection rules fire on the same entity (multi-tactic style activity). All three modules are registered with the lead generation engine and contribute to the same pipeline: entity retrieval -> observation collection -> scoring -> grouping and synthesis. No new API surface; this builds on the existing generate/find lead routes and the foundation from elastic#255272. Till the foundation PR gets merge, use the below comparison link to only see the changes for observation modules abhishekbhatia1710/kibana@ea-15946-lead-gen-foundation...ea-15947-observation-modules Testing Steps : The `POST /internal/entity_analytics/leads/generate` and `GET /internal/entity_analytics/leads` are only available for now. 1. Entity Store V2 enabled with some user/host entities. 2. Risk Engine enabled and risk score data (for the risk analysis module to find scores). (document generator) 3. Some detection rules firing alerts against those entities (for the alert analysis module). (This i created using gemini) Then call `POST /internal/entity_analytics/leads/generate`. Generated leads show up via `GET /internal/entity_analytics/leads`. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [ ] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels.
paulinashakirova
pushed a commit
to paulinashakirova/kibana
that referenced
this pull request
Apr 2, 2026
…t to get data for lead generation (elastic#256628) ## Summary - Introduces a shared **Entity Retriever** that centralises Entity Store V2 fetching, paginated via `search_after` for all users/hosts, or targeted by name, replacing duplicated inline logic in the generate-leads route - Introduces an **Entity Enricher** that pre-fetches risk score history (90-day daily averages), alert summaries (severity breakdown, top rules, top alerts), asset criticality, and privileged status for a batch of entities - Refactors the generate-leads route to delegate entity fetching to the retriever, removing ~70 lines of inline code - Updates the barrel file to export both new services and their types Closes : elastic/security-team#15948 This PR is 3rd part of the lead generation feature being built under the [Entity Analytics Lead Generation epic](elastic/security-team#14401). It builds on the foundation and observation modules from elastic#255272 and elastic#256156. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [ ] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds three pluggable observation modules to the lead generation pipeline. Each module collects signals about entities (users and hosts) from different data sources. The engine combines these observations to score and rank leads, and uses them when generating titles, tags, and chat recommendations.
Risk Analysis : Uses current risk scores on entity records and (where available) risk score history. Flags entities that are high- or critical-risk, and those with meaningful risk increases over 24 hours, 7 days, or 90 days. Privileged entities with elevated risk are called out separately.
Temporal State Analysis : Looks at how entity state changes over time. Right now it focuses on privilege escalation: entities that were not privileged in the past but are privileged in the latest view (using Entity Store history). Other temporal signals (e.g. investigation status, watchlist) are left as hooks for later.
Behavorial Analysis : Uses security alerts tied to each entity over a 7 day window. It highlights severity (critical/high vs medium vs low), alert volume spikes, and cases where many distinct detection rules fire on the same entity (multi-tactic style activity).
All three modules are registered with the lead generation engine and contribute to the same pipeline: entity retrieval -> observation collection -> scoring -> grouping and synthesis. No new API surface; this builds on the existing generate/find lead routes and the foundation from #255272.
Till the foundation PR gets merge, use the below comparison link to only see the changes for observation modules
abhishekbhatia1710/kibana@ea-15946-lead-gen-foundation...ea-15947-observation-modules
Testing Steps :
The
POST /internal/entity_analytics/leads/generateandGET /internal/entity_analytics/leadsare only available for now.Then call
POST /internal/entity_analytics/leads/generate. Generated leads show up viaGET /internal/entity_analytics/leads.Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
release_note:*label is applied per the guidelinesbackport:*labels.