[SIEM] [ML] Adds new jobs for SIEM ML Integration (#44301)
## Summary Adds the below new ML Jobs from https://github.com/elastic/kibana/pull/43783 and https://github.com/elastic/kibana/pull/44383 for the SIEM ML Integration. Note: This also removes the `siem-api-` prefix added when jobs are initially created. As a result, upgrading users who have any of the three original jobs (`rare_process_linux_ecs`, `suspicious_login_activity_ecs`, `rare_process_windows_ecs`) installed, will have the latest version of them installed without the prefix. The old `siem-api-` prefixed jobs will then show up in the `Custom jobs` tab within the UI. This was going to happen with the `rare_process_linux_ecs` anyway, as it was renamed to `rare_process_by_host_linux_ecs`, so we took the opportunity to clean up naming while the job count is low. Job versioning/migration will be addressed in 7.5. ``` ts { name: 'siem_auditbeat_ecs', defaultIndexPattern: 'auditbeat-*', jobs: [ 'rare_process_by_host_linux_ecs', 'suspicious_login_activity_ecs', 'linux_anomalous_network_activity_ecs', 'linux_anomalous_network_port_activity_ecs', 'linux_anomalous_network_service', 'linux_anomalous_network_url_activity_ecs', 'linux_anomalous_process_all_hosts_ecs', 'linux_anomalous_user_name_ecs', ], }, { name: 'siem_winlogbeat_ecs', defaultIndexPattern: 'winlogbeat-*', jobs: [ 'rare_process_by_host_windows_ecs', 'windows_anomalous_network_activity_ecs', 'windows_anomalous_path_activity_ecs', 'windows_anomalous_process_all_hosts_ecs', 'windows_anomalous_process_creation', 'windows_anomalous_script', 'windows_anomalous_service', 'windows_anomalous_user_name_ecs', ], }, ``` ### Checklist Use ~~strikethroughs~~ to remove checklist items you don't feel are applicable to this PR. - [ ] ~This was checked for cross-browser compatibility, [including a check against IE11](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility)~ - [ ] ~Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md)~ - [ ] [Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials * Will work with @benskelker to update the job list in the [SIEM Guide](https://www.elastic.co/guide/en/siem/guide/current/machine-learning.html). @randomuserid, is there any additional documentation you would like to add? - [ ] ~[Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios~ - [ ] ~This was checked for [keyboard-only and screenreader accessibility](https://developer.mozilla.org/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Accessibility#Accessibility_testing_checklist)~ ### For maintainers - [ ] ~This was checked for breaking API changes and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)~ - [ ] ~This includes a feature addition or change that requires a release note and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)~
This commit is contained in:
parent
3c68c98e2c
commit
195be6022e
|
@ -6,8 +6,6 @@
|
||||||
|
|
||||||
import { ConfigTemplate } from './types';
|
import { ConfigTemplate } from './types';
|
||||||
|
|
||||||
export const siemJobPrefix = 'siem-api-';
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Config Templates w/ corresponding defaultIndexPattern and jobId's of the SIEM Jobs embedded
|
* Config Templates w/ corresponding defaultIndexPattern and jobId's of the SIEM Jobs embedded
|
||||||
* in ML. Added as part of: https://github.com/elastic/kibana/pull/39678/files
|
* in ML. Added as part of: https://github.com/elastic/kibana/pull/39678/files
|
||||||
|
@ -17,13 +15,28 @@ export const configTemplates: ConfigTemplate[] = [
|
||||||
name: 'siem_auditbeat_ecs',
|
name: 'siem_auditbeat_ecs',
|
||||||
defaultIndexPattern: 'auditbeat-*',
|
defaultIndexPattern: 'auditbeat-*',
|
||||||
jobs: [
|
jobs: [
|
||||||
`${siemJobPrefix}rare_process_linux_ecs`,
|
'rare_process_by_host_linux_ecs',
|
||||||
`${siemJobPrefix}suspicious_login_activity_ecs`,
|
'suspicious_login_activity_ecs',
|
||||||
|
'linux_anomalous_network_activity_ecs',
|
||||||
|
'linux_anomalous_network_port_activity_ecs',
|
||||||
|
'linux_anomalous_network_service',
|
||||||
|
'linux_anomalous_network_url_activity_ecs',
|
||||||
|
'linux_anomalous_process_all_hosts_ecs',
|
||||||
|
'linux_anomalous_user_name_ecs',
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: 'siem_winlogbeat_ecs',
|
name: 'siem_winlogbeat_ecs',
|
||||||
defaultIndexPattern: 'winlogbeat-*',
|
defaultIndexPattern: 'winlogbeat-*',
|
||||||
jobs: [`${siemJobPrefix}rare_process_windows_ecs`],
|
jobs: [
|
||||||
|
'rare_process_by_host_windows_ecs',
|
||||||
|
'windows_anomalous_network_activity_ecs',
|
||||||
|
'windows_anomalous_path_activity_ecs',
|
||||||
|
'windows_anomalous_process_all_hosts_ecs',
|
||||||
|
'windows_anomalous_process_creation',
|
||||||
|
'windows_anomalous_script',
|
||||||
|
'windows_anomalous_service',
|
||||||
|
'windows_anomalous_user_name_ecs',
|
||||||
|
],
|
||||||
},
|
},
|
||||||
];
|
];
|
||||||
|
|
|
@ -27,7 +27,7 @@ import {
|
||||||
getJobsToDisplay,
|
getJobsToDisplay,
|
||||||
getJobsToInstall,
|
getJobsToInstall,
|
||||||
} from './helpers';
|
} from './helpers';
|
||||||
import { configTemplates, siemJobPrefix } from './config_templates';
|
import { configTemplates } from './config_templates';
|
||||||
import { useStateToaster } from '../toasters';
|
import { useStateToaster } from '../toasters';
|
||||||
import { errorToToaster } from '../ml/api/error_to_toaster';
|
import { errorToToaster } from '../ml/api/error_to_toaster';
|
||||||
import { useKibanaUiSetting } from '../../lib/settings/use_kibana_ui_setting';
|
import { useKibanaUiSetting } from '../../lib/settings/use_kibana_ui_setting';
|
||||||
|
@ -176,7 +176,6 @@ export const MlPopover = React.memo(() => {
|
||||||
configTemplate: configTemplate.name,
|
configTemplate: configTemplate.name,
|
||||||
indexPatternName: configTemplate.defaultIndexPattern,
|
indexPatternName: configTemplate.defaultIndexPattern,
|
||||||
groups: ['siem'],
|
groups: ['siem'],
|
||||||
prefix: siemJobPrefix,
|
|
||||||
headers,
|
headers,
|
||||||
});
|
});
|
||||||
})
|
})
|
||||||
|
|
Loading…
Reference in a new issue