Update detection rule telemetry field name. (#100256)
* Changing variable name of cases_count_daily to cases_count_total. * Taking comments out of tests and reverting tests to previosu state. * Changing meta description to be more descriptive. * Changing meta description to be more descriptive. Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
Claire Burn
GitHub
parent
55b95ea8a1
commit
6f31c10baf
|
|
@ -216,9 +216,9 @@ export const registerCollector: RegisterCollector = ({
|
|||
type: 'long',
|
||||
_meta: { description: 'The number of daily alerts generated by a rule' },
|
||||
},
|
||||
cases_count_daily: {
|
||||
cases_count_total: {
|
||||
type: 'long',
|
||||
_meta: { description: 'The number of daily cases generated by a rule' },
|
||||
_meta: { description: 'The number of total cases generated by a rule' },
|
||||
},
|
||||
},
|
||||
},
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ const createStubRule = (
|
|||
created_on: uuid(),
|
||||
updated_on: uuid(),
|
||||
alert_count_daily: alertCount,
|
||||
cases_count_daily: caseCount,
|
||||
cases_count_total: caseCount,
|
||||
});
|
||||
|
||||
describe('Detections Usage and Metrics', () => {
|
||||
|
|
|
|||
|
|
@ -190,7 +190,7 @@ describe('Detections Usage and Metrics', () => {
|
|||
detection_rule_detail: [
|
||||
{
|
||||
alert_count_daily: 3400,
|
||||
cases_count_daily: 1,
|
||||
cases_count_total: 1,
|
||||
created_on: '2021-03-23T17:15:59.634Z',
|
||||
elastic_rule: true,
|
||||
enabled: false,
|
||||
|
|
@ -327,7 +327,7 @@ describe('Detections Usage and Metrics', () => {
|
|||
detection_rule_detail: [
|
||||
{
|
||||
alert_count_daily: 0,
|
||||
cases_count_daily: 1,
|
||||
cases_count_total: 1,
|
||||
created_on: '2021-03-23T17:15:59.634Z',
|
||||
elastic_rule: true,
|
||||
enabled: false,
|
||||
|
|
|
|||
|
|
@ -85,7 +85,7 @@ export const updateDetectionRuleUsage = (
|
|||
enabled: detectionRuleMetric.enabled ? usage.query.enabled + 1 : usage.query.enabled,
|
||||
disabled: !detectionRuleMetric.enabled ? usage.query.disabled + 1 : usage.query.disabled,
|
||||
alerts: usage.query.alerts + detectionRuleMetric.alert_count_daily,
|
||||
cases: usage.query.cases + detectionRuleMetric.cases_count_daily,
|
||||
cases: usage.query.cases + detectionRuleMetric.cases_count_total,
|
||||
},
|
||||
};
|
||||
} else if (detectionRuleMetric.rule_type === 'threshold') {
|
||||
|
|
@ -100,7 +100,7 @@ export const updateDetectionRuleUsage = (
|
|||
? usage.threshold.disabled + 1
|
||||
: usage.threshold.disabled,
|
||||
alerts: usage.threshold.alerts + detectionRuleMetric.alert_count_daily,
|
||||
cases: usage.threshold.cases + detectionRuleMetric.cases_count_daily,
|
||||
cases: usage.threshold.cases + detectionRuleMetric.cases_count_total,
|
||||
},
|
||||
};
|
||||
} else if (detectionRuleMetric.rule_type === 'eql') {
|
||||
|
|
@ -111,7 +111,7 @@ export const updateDetectionRuleUsage = (
|
|||
enabled: detectionRuleMetric.enabled ? usage.eql.enabled + 1 : usage.eql.enabled,
|
||||
disabled: !detectionRuleMetric.enabled ? usage.eql.disabled + 1 : usage.eql.disabled,
|
||||
alerts: usage.eql.alerts + detectionRuleMetric.alert_count_daily,
|
||||
cases: usage.eql.cases + detectionRuleMetric.cases_count_daily,
|
||||
cases: usage.eql.cases + detectionRuleMetric.cases_count_total,
|
||||
},
|
||||
};
|
||||
} else if (detectionRuleMetric.rule_type === 'machine_learning') {
|
||||
|
|
@ -126,7 +126,7 @@ export const updateDetectionRuleUsage = (
|
|||
? usage.machine_learning.disabled + 1
|
||||
: usage.machine_learning.disabled,
|
||||
alerts: usage.machine_learning.alerts + detectionRuleMetric.alert_count_daily,
|
||||
cases: usage.machine_learning.cases + detectionRuleMetric.cases_count_daily,
|
||||
cases: usage.machine_learning.cases + detectionRuleMetric.cases_count_total,
|
||||
},
|
||||
};
|
||||
} else if (detectionRuleMetric.rule_type === 'threat_match') {
|
||||
|
|
@ -141,7 +141,7 @@ export const updateDetectionRuleUsage = (
|
|||
? usage.threat_match.disabled + 1
|
||||
: usage.threat_match.disabled,
|
||||
alerts: usage.threat_match.alerts + detectionRuleMetric.alert_count_daily,
|
||||
cases: usage.threat_match.cases + detectionRuleMetric.cases_count_daily,
|
||||
cases: usage.threat_match.cases + detectionRuleMetric.cases_count_total,
|
||||
},
|
||||
};
|
||||
}
|
||||
|
|
@ -158,7 +158,7 @@ export const updateDetectionRuleUsage = (
|
|||
? updatedUsage.elastic_total.disabled + 1
|
||||
: updatedUsage.elastic_total.disabled,
|
||||
alerts: updatedUsage.elastic_total.alerts + detectionRuleMetric.alert_count_daily,
|
||||
cases: updatedUsage.elastic_total.cases + detectionRuleMetric.cases_count_daily,
|
||||
cases: updatedUsage.elastic_total.cases + detectionRuleMetric.cases_count_total,
|
||||
},
|
||||
};
|
||||
} else {
|
||||
|
|
@ -173,7 +173,7 @@ export const updateDetectionRuleUsage = (
|
|||
? updatedUsage.custom_total.disabled + 1
|
||||
: updatedUsage.custom_total.disabled,
|
||||
alerts: updatedUsage.custom_total.alerts + detectionRuleMetric.alert_count_daily,
|
||||
cases: updatedUsage.custom_total.cases + detectionRuleMetric.cases_count_daily,
|
||||
cases: updatedUsage.custom_total.cases + detectionRuleMetric.cases_count_total,
|
||||
},
|
||||
};
|
||||
}
|
||||
|
|
@ -263,7 +263,7 @@ export const getDetectionRuleMetrics = async (
|
|||
created_on: hit._source?.alert.createdAt,
|
||||
updated_on: hit._source?.alert.updatedAt,
|
||||
alert_count_daily: alertsCache.get(ruleId) || 0,
|
||||
cases_count_daily: casesCache.get(ruleId) || 0,
|
||||
cases_count_total: casesCache.get(ruleId) || 0,
|
||||
} as DetectionRuleMetric;
|
||||
});
|
||||
|
||||
|
|
|
|||
|
|
@ -106,7 +106,7 @@ export interface DetectionRuleMetric {
|
|||
created_on: string;
|
||||
updated_on: string;
|
||||
alert_count_daily: number;
|
||||
cases_count_daily: number;
|
||||
cases_count_total: number;
|
||||
}
|
||||
|
||||
export interface DetectionRuleAdoption {
|
||||
|
|
|
|||
|
|
@ -4862,10 +4862,10 @@
|
|||
"description": "The number of daily alerts generated by a rule"
|
||||
}
|
||||
},
|
||||
"cases_count_daily": {
|
||||
"cases_count_total": {
|
||||
"type": "long",
|
||||
"_meta": {
|
||||
"description": "The number of daily cases generated by a rule"
|
||||
"description": "The number of total cases generated by a rule"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue