Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ML] Fixes errors in JSON of SIEM module job configurations #48508

Merged
merged 2 commits into from
Oct 17, 2019
Merged

[ML] Fixes errors in JSON of SIEM module job configurations #48508

merged 2 commits into from
Oct 17, 2019

Conversation

peteharverson
Copy link
Contributor

@peteharverson peteharverson commented Oct 17, 2019
edited
Loading

Summary

Fixes errors in the JSON of five of the SIEM module job configration files, introduced in #48123, which was preventing the jobs loading and running correctly.

Also removes the job and datafeed configuration files for the suspicious_login_activity_ecs job which had been incorrectly left inside the siem_auditbeat module when that job was moved to the new siem_auditbeat_auth module (note this job was had already been removed from the manifest.json file so the job was no longer loaded in the siem_auditbeat module).

Plus a fix for the custom URLs for linux_anomalous_network_port_activity_ecs and windows_anomalous_user_name_ecs, to ensure the anomalous process / user name is passed in the right format for the query bar on the SIEM dashboard.

@peteharverson peteharverson added :ml Feature:Anomaly Detection ML anomaly detection v8.0.0 release_note:skip Skip the PR/issue when compiling release notes v7.5.0 v7.6.0 labels Oct 17, 2019
@peteharverson peteharverson requested a review from a team as a code owner October 17, 2019 11:05
@elasticmachine
Copy link
Contributor

Pinging @elastic/ml-ui (:ml)

jgowdyelastic
jgowdyelastic approved these changes Oct 17, 2019
View reviewed changes
Copy link
Member

@jgowdyelastic jgowdyelastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@elasticmachine
Copy link
Contributor

💚 Build Succeeded

@peteharverson peteharverson requested a review from XavierM October 17, 2019 13:35
@elasticmachine
Copy link
Contributor

💚 Build Succeeded

XavierM
XavierM approved these changes Oct 17, 2019
View reviewed changes
Copy link
Contributor

@XavierM XavierM left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thank you for fixing these links!!!

walterra
walterra approved these changes Oct 17, 2019
View reviewed changes
Copy link
Contributor

@walterra walterra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, tested the jobs with recognizer. With the datasets I used I got running jobs + anomalies for all jobs, except windows_rare_user_runas_event.json didn't come up with any results, but the job ran successfully.

@peteharverson peteharverson merged commit 5a743d1 into elastic:master Oct 17, 2019
@peteharverson peteharverson deleted the ml-siem-modules-json-fixes branch October 17, 2019 15:41
@peteharverson peteharverson mentioned this pull request Oct 17, 2019
Merged
peteharverson added a commit to peteharverson/kibana that referenced this pull request Oct 17, 2019
@peteharverson
[ML] Fixes errors in JSON of SIEM module job configurations (elastic#…
4ffd394 
…48508)

* [ML] Fixes errors in JSON of SIEM module job configurations

* [ML] Fixes queries in custom URLs for two SIEM jobs
peteharverson added a commit to peteharverson/kibana that referenced this pull request Oct 17, 2019
@peteharverson
[ML] Fixes errors in JSON of SIEM module job configurations (elastic#…
b7888ee 
…48508)

* [ML] Fixes errors in JSON of SIEM module job configurations

* [ML] Fixes queries in custom URLs for two SIEM jobs
@peteharverson peteharverson mentioned this pull request Oct 17, 2019
Merged
@elasticmachine
Copy link
Contributor

💚 Build Succeeded

peteharverson added a commit that referenced this pull request Oct 17, 2019
@peteharverson
[ML] Fixes errors in JSON of SIEM module job configurations (#48508) (#…
8ff906a 
…48541)

* [ML] Fixes errors in JSON of SIEM module job configurations

* [ML] Fixes queries in custom URLs for two SIEM jobs
peteharverson added a commit that referenced this pull request Oct 18, 2019
@peteharverson
[ML] Fixes errors in JSON of SIEM module job configurations (#48508) (#…
b06d553 
…48543)

* [ML] Fixes errors in JSON of SIEM module job configurations

* [ML] Fixes queries in custom URLs for two SIEM jobs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@XavierM XavierM XavierM approved these changes

@walterra walterra walterra approved these changes

@jgowdyelastic jgowdyelastic jgowdyelastic approved these changes

@blaklaybul blaklaybul Awaiting requested review from blaklaybul

Assignees
No one assigned
Labels
Feature:Anomaly Detection ML anomaly detection :ml release_note:skip Skip the PR/issue when compiling release notes v7.5.0 v7.6.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@peteharverson @elasticmachine @XavierM @walterra @jgowdyelastic