New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Entity Analytics] Move scripted metric painless scripts to static file & remove category based weighting #182038
Conversation
…based weighting the category based weighting, like all weighting, isn't used and we probably won't re-implement it in the next version of risk scoring this commit probably doesn't work. i can't get integration tests running locally I put the painless scripts in a directory and I load them from the file system at runtime. We should figure out how to bundle the scripts possibly. I'm not sure that it matters a lot, but I would like any static analysis processes to be able to work with this code as usual. e.g. i'd like to get a static-time error if a file is missing vs needing to run the risk engine task to find out a file is missing
Pinging @elastic/security-entity-analytics (Team:Entity Analytics) |
@elasticmachine merge upstream |
…stic/kibana into risk-score-painless-refactor
…stic/kibana into risk-score-painless-refactor
...curity_solution/server/lib/entity_analytics/risk_score/painless/risk_scoring_reduce.painless
Outdated
Show resolved
Hide resolved
...curity_solution/server/lib/entity_analytics/risk_score/painless/risk_scoring_reduce.painless
Outdated
Show resolved
Hide resolved
...curity_solution/server/lib/entity_analytics/risk_score/painless/risk_scoring_reduce.painless
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks great! 👏
💚 Build Succeeded
Metrics [docs]Async chunks
Unknown metric groupsESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: cc @hop-dev |
Summary
The scripted metric aggregation is being deprecated but an exception is being made for our team, moving the painless to static files allows for this exception to be made. We have had to remove category weighting to make the script less dynamic, weights weren't used anyway so not a breaking change.
The scripts are loaded once when they are first used and then cached. A unit test verifies the content of the script hasnt changed.
Tested locally with hosts and users with 100 alerts, risk score docs the same before and after.
Here is a diff of the scripted metric before and after https://www.diffchecker.com/gefuBoYK/