Comments (5)
Pinging @elastic/response-ops (Team:ResponseOps)
from kibana.
I guess one of the odd things about this will be if the "muted" state / reason changes during the lifetime of an alert. Do we update it each time? Just record the first one? Presumably we will have a list of changes here from the alerting "audit trail" once that's going.
from kibana.
Thinking about it a little more ...
My read from the OC use case is as a a kind of meta-analysis: 'Being able to distinguish between alerts that were actively suppressed and those that triggered actions allows for a more accurate assessment of alert "noise".'
For that purpose, if you're trying to tune your rules/actions/conditions, it would be good to record the "mute state/reason" on alert creation - how it changes over time may be of less importance. Guessing this will simplify adding the fields here, as we wouldn't have to update the alert doc ...
Though I can also read that as a "point in time" kind of analysis, which would point to keeping it updated.
If it's not too much work, perhaps we can record both - the initial "mute state/reason", and the "current mute state/reason".
from kibana.
Initial requester for this indicated they were more interested in the initial muting state, as opposed to tracking the current muting state, in the alert docs.
from kibana.
cc @shanisagiv1
from kibana.
Related Issues (20)
- Failing test: Security Solution Cypress.x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/roles/complete_with_endpoint_roles·cy·ts - User Roles for Security Complete PLI with Endpoint Complete addon for role: endpoint_operations_analyst should have access to response action: kill-process should have access to response action: kill-process HOT 2
- Failing test: Security Solution Cypress.x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/roles/complete_with_endpoint_roles·cy·ts - User Roles for Security Complete PLI with Endpoint Complete addon for role: soc_manager Response Actions access "before each" hook for "should have access to execute action: release" "before each" hook for "should have access to execute action: release" HOT 1
- Dev console - ability to download response as a file HOT 2
- Failing test: Security Solution Cypress.x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/roles/complete_with_endpoint_roles·cy·ts - User Roles for Security Complete PLI with Endpoint Complete addon for role: t2_analyst should NOT have access to execute response actions should NOT have access to execute response actions HOT 1
- Failing test: Security Solution Cypress.x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/roles/complete_with_endpoint_roles·cy·ts - User Roles for Security Complete PLI with Endpoint Complete addon for role: t3_analyst Response Actions access "before each" hook for "should have access to execute action: get-file" "before each" hook for "should have access to execute action: get-file" HOT 3
- Failing test: Security Solution Cypress.x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/roles/complete_with_endpoint_roles·cy·ts - User Roles for Security Complete PLI with Endpoint Complete addon for role: soc_manager Response Actions access "before each" hook for "should have access to execute action: suspend-process" "before each" hook for "should have access to execute action: suspend-process" HOT 1
- [Embeddables Rebuild] O11y Migrate Stack Traces HOT 1
- [Embeddables Rebuild] O11y Migrate Embeddable Search Bar HOT 1
- [Embeddables Rebuild] O11y Migrate Embeddable Functions HOT 1
- [Embeddables Rebuild] O11y Migrate Flame Graph HOT 2
- [Embeddables Rebuild] O11y Migrate SLO Error Budget HOT 1
- [Embeddables Rebuild] O11y Migrate SLO Alerts HOT 1
- [Embeddables Rebuild] O11y Migrate SLO Overview HOT 2
- Failing test: Chrome UI Functional Tests.test/functional/apps/discover/group4/_runtime_fields_editor·ts - discover/group4 discover integration with runtime fields editor allows creation of a new field HOT 7
- [ML] Update Get Trained Models Statistics API to have common deployment stats between Serverless & ESS HOT 1
- Failing test: Chrome UI Functional Tests.test/functional/apps/discover/group2/_data_grid_row_height·ts - discover/group2 discover data grid row height should allow to change row height HOT 3
- Add TaskManager service to FtrProviderContext HOT 2
- [Cloud Security] Handle missing cloud.account.id in Kibana assets HOT 2
- Failing test: Chrome X-Pack UI Functional Tests.x-pack/test/functional/apps/lens/open_in_lens/tsvb/dashboard·ts - lens app - TSVB Open in Lens Dashboard to TSVB to Lens should convert a by reference TSVB viz to a Lens viz HOT 15
- Failing test: Chrome UI Functional Tests.test/functional/apps/discover/group4/_runtime_fields_editor·ts - discover/group4 discover integration with runtime fields editor allows adding custom description to existing fields HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kibana.