mirror of
https://github.com/elastic/kibana.git
synced 2025-06-27 18:51:07 -04:00
e1a280f602
## Use legacy risk score indices if the new risks engine wasn't
installed
Legacy risk scores indices:
- `ml_user_risk_score_latest_default`
- `ml_host_risk_score_latest_default`
New risk score indices:
- `risk-score.risk-score-latest-default`
Which parts use risk score indices?
- Entity Analytics dashboard
- All host/user risk tab
- Single host/user risk tab
- Alert enrichment UI
- Alert enrichment Backend
All these components can use only one risk score data source at a time,
a new or legacy one.
Previously we started to use the new risk score indices if FF -
`['riskScoringPersistence', 'riskScoringRoutesEnabled'] ` was present
and there was no possibility for the client to see old risk score data
in UI, or use it for alert enrichments
This PR, changes the way, that clients will use legacy risk score
indices until they specifically choose to upgrade the risk engine.
In this video legacy risk transforms are installed, but user risk
transforms are not installed.
16acf38a-5694-4706-9426-cdea58b70a9b
### Cypress tests
I modify those tests in a way that we test that it works still with
legacy risk scores, but also with new risk scores.
Also, add some tests for upgrade workflow.
Also, some risk scores a different in legacy and new indices for the
same entities. So we can show in the tests, that they use different
indices.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
45 lines
1.6 KiB
TypeScript
45 lines
1.6 KiB
TypeScript
/*
|
|
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
|
* or more contributor license agreements. Licensed under the Elastic License
|
|
* 2.0; you may not use this file except in compliance with the Elastic License
|
|
* 2.0.
|
|
*/
|
|
|
|
import { FtrConfigProviderContext } from '@kbn/test';
|
|
import { SecuritySolutionConfigurableCypressTestRunner } from './runner';
|
|
|
|
export default async function ({ readConfigFile }: FtrConfigProviderContext) {
|
|
const svlSharedConfig = await readConfigFile(
|
|
require.resolve('../../test_serverless/shared/config.base.ts')
|
|
);
|
|
|
|
return {
|
|
...svlSharedConfig.getAll(),
|
|
esTestCluster: {
|
|
...svlSharedConfig.get('esTestCluster'),
|
|
serverArgs: [
|
|
...svlSharedConfig.get('esTestCluster.serverArgs'),
|
|
// define custom es server here
|
|
// API Keys is enabled at the top level
|
|
],
|
|
},
|
|
kbnTestServer: {
|
|
...svlSharedConfig.get('kbnTestServer'),
|
|
serverArgs: [
|
|
...svlSharedConfig.get('kbnTestServer.serverArgs'),
|
|
'--serverless=security',
|
|
'--xpack.encryptedSavedObjects.encryptionKey="abcdefghijklmnopqrstuvwxyz123456"',
|
|
`--xpack.securitySolution.enableExperimental=${JSON.stringify([
|
|
'riskScoringRoutesEnabled',
|
|
'riskScoringPersistence',
|
|
])}`,
|
|
`--xpack.securitySolutionServerless.productTypes=${JSON.stringify([
|
|
{ product_line: 'security', product_tier: 'complete' },
|
|
{ product_line: 'endpoint', product_tier: 'complete' },
|
|
{ product_line: 'cloud', product_tier: 'complete' },
|
|
])}`,
|
|
],
|
|
},
|
|
testRunner: SecuritySolutionConfigurableCypressTestRunner,
|
|
};
|
|
}
|