github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 17:59:23 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/oas_docs
History
Pablo Machado 1fbd86f199
[SecuritySolution] Update Entity analytics BE to support service entity type (#203409) 
## Summary

Update Entity Analytics BE to support the new entity type "service".
* Hide all functionality behind an Experimental Flag
(`serviceEntityStoreEnabled`)
* Update asset criticality assignment
* Update Bulk upload logic
* Update Risk score calculation
* Create plugin setup mappings migration
  * Add service to risk score indices and templates
  * Add service to asset criticality index
* Create a reusable migration workflow where we only need to update the
mappings and bump the version
* Add a risk score transform migration when the schedule is now called
  * It will delete and reinstall the transform to apply the changes 

### issues
* I had to update the API doc to include service even though it is
behind an Experimental Flag
* The risk scope mappings migration runs on every space. If the users
have thousands of spaces, it could take some time.

### What is not included?
* UI changes


## Documentation for Entity Analytics future migrations

### How to add a new field to the risk score index and template
mappings?
* Update the mapping object
[here](6f8b5f6c51/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/configurations.ts (L102))
* Pump the `mappingsVersion` version
[here](8333bea86f/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/utils/saved_object_configuration.ts (L31))

### How to add a new field to the asset criticality index?
* Update the mapping object
[here](8333bea86f/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/constants.ts (L22))
* Pump the `ASSET_CRITICALITY_MAPPINGS_VERSIONS` version
[here](8333bea86f/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/constants.ts (L20))

### How to update the risk score transform config?
* Update the transform config
[here](6f8b5f6c51/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/configurations.ts (L162))
* Pump the `version`
[here](6f8b5f6c51/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/configurations.ts (L190))

*note: If you change the `latest` property, the transform will reinstall
after the engine task runs

## How to test it?
* Enable the fla `serviceEntityStoreEnabled`
* Start ES and an old version of Kibana
* Populate it with data, start the risk engine
  * You could also run the document generator `yarn start entity-store` 
*  Make sure you have some alerts with `service.name` field populated
* Migrate to the version on this PR
* Run the risk engine
* You should see risk score documents created for service entities
* All asset criticality API should support `service` entities

## Checklist
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
2025-01-02 13:50:08 +01:00
..
examples [DOCS] Remove inference connector docs (#198633) 2024-11-12 11:56:37 -06:00
linters [OpenAPI] Add redocly lint configuration (#199360) 2024-11-08 14:07:55 -06:00
output [SecuritySolution] Update Entity analytics BE to support service entity type (#203409) 2025-01-02 13:50:08 +01:00
overlays Sustainable Kibana Architecture: Move modules owned by @elastic/obs-ux-infra_services-team (#202830) 2024-12-29 09:58:37 +01:00
scripts Sustainable Kibana Architecture: Move modules owned by @elastic/kibana-data-discovery (#203152) 2024-12-30 13:23:47 +01:00
bundle.json [Discover] Rename Saved Search to Discover Session (#202217) 2024-12-18 13:45:32 +01:00
bundle.serverless.json [OAS] Remove Elastic-Api-Version (#202923) 2024-12-05 17:05:42 +01:00
kibana.info.serverless.yaml [DOCS] Remove technical preview from serverless APIs (#201054) 2024-11-21 09:45:10 +01:00
kibana.info.yaml [OpenAPI] Fix Serverless API base URL (#202373) 2024-12-02 12:09:03 -08:00
makefile [OAS] Publish OAS bundles to bump.sh (#197482) 2024-11-14 09:15:47 +01:00
package-lock.json Update dependency @redocly/cli to ^1.26.0 (main) (#204435) 2024-12-16 22:41:31 -06:00
package.json Update dependency @redocly/cli to ^1.26.0 (main) (#204435) 2024-12-16 22:41:31 -06:00
README.md [OAS] Publish OAS bundles to bump.sh (#197482) 2024-11-14 09:15:47 +01:00

README.md

Kibana API reference documentation

Documentation about our OpenAPI bundling workflow and configuration. See Kibana's hosted stateful and serverless docs.

Workflow

The final goal of this workflow is to produce an OpenAPI bundle containing all Kibana's public APIs.

Step 0

OAS from Kibana's APIs are continuously extracted and captured in bundle.json and bundle.serverless.json as fully formed OAS documentation. See node scripts/capture_oas_snapshot --help for more info.

These bundles form the basis of our OpenAPI bundles to which we append and layer extra information before publishing.

Step 1

Append pre-existing bundles not extracted from code using kbn-openapi-bundler to produce the final resulting bundles.

To add more files into the final bundle, edit the appropriate oas_docs/scripts/merge*.js files.

Step 2

Apply any final overalys to the document that might include examples or final tweaks (see the "Scripts" section for more details).

Scripts

The oas_docs/scripts folder contains scripts that point to the source domain-specific OpenAPI bundles and specify additional parameters for producing the final output bundle. Currently, there are the following scripts:

  • merge_ess_oas.js script produces production an output bundle for ESS

  • merge_serverless_oas.js script produces production an output bundle for Serverless

Output Kibana OpenAPI bundles

The oas_docs/output folder contains the final resulting Kibana OpenAPI bundles

  • kibana.yaml production ready ESS OpenAPI bundle
  • kibana.serverless.yaml production ready Serverless OpenAPI bundle

Bundling commands

Besides the scripts in the oas_docs/scripts folder, there is an oas_docs/makefile to simplify the workflow. Use make help to see available commands.