Refactor experimental ML CLI and code #1218
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Conflicts: # detection_rules/devtools.py
|
Will need to discuss backporting. This will break compatibility with existing releases. More to follow |
ajosh0504
reviewed
May 21, 2021
| You can also upload files locally using the `-d` option, so long as the naming convention of the files match the | ||
| expected pattern for the filenames. | ||
|
|
||
| #### 2. |
There was a problem hiding this comment.
Is there more to come here?
ajosh0504
reviewed
May 21, 2021
|
|
||
| ### Uploading rules | ||
|
|
||
| You can then individually upload these rules using the [kibana upload-rule](../CLI.md#uploading-rules-to-kibana) command |
There was a problem hiding this comment.
The link to kibana upload-rule does not seem to be working.
There was a problem hiding this comment.
Suggested change
| You can then individually upload these rules using the [kibana upload-rule](../CLI.md#uploading-rules-to-kibana) command | |
| You can then individually upload these rules using the [kibana upload-rule](../../CLI.md#uploading-rules-to-kibana) command |
threat-punter
approved these changes
May 26, 2021
rw-access
reviewed
Jun 1, 2021
rw-access
reviewed
Jun 1, 2021
rw-access
reviewed
Jun 1, 2021
rw-access
reviewed
Jun 1, 2021
rw-access
reviewed
Jun 1, 2021
|
|
||
| #### 2. Update packetbeat configuration | ||
|
|
||
| You will need to update your packebeat.yml config file to point to the enrichment pipeline |
There was a problem hiding this comment.
What if I'm using Fleet?
Suggested change
| You will need to update your packebeat.yml config file to point to the enrichment pipeline | |
| You will need to update your packetbeat.yml config file to point to the enrichment pipeline |
There was a problem hiding this comment.
if fleet, then you should be able to just configure the ingest pipeline in the elasticsearch index config, IINM
rw-access
reviewed
Jun 1, 2021
| You can also upload files locally using the `-d` option, so long as the naming convention of the files match the | ||
| expected pattern for the filenames. | ||
|
|
||
| #### 2. |
rw-access
reviewed
Jun 1, 2021
rw-access
reviewed
Jun 1, 2021
rw-access
reviewed
Jun 1, 2021
rw-access
reviewed
Jun 1, 2021
rw-access
reviewed
Jun 1, 2021
rw-access
reviewed
Jun 1, 2021
rw-access
reviewed
Jun 1, 2021
rw-access
reviewed
Jun 1, 2021
rw-access
reviewed
Jun 1, 2021
rw-access
reviewed
Jun 1, 2021
rw-access
reviewed
Jun 1, 2021
detection_rules/ml.py
Outdated
|
|
||
| @classmethod | ||
| def from_release(cls, es_client: Elasticsearch, release_tag: str, repo: str = 'elastic/detection-rules' | ||
| ) -> 'MachineLearningClient': |
There was a problem hiding this comment.
I stared at this line for several minutes deciding if I wanted to break at str, or here - not a fan of either
rw-access
reviewed
Jun 1, 2021
|
|
||
| def remove(self) -> dict: | ||
| """Remove machine learning files from a stack.""" | ||
| results = dict(script={}, pipeline={}, model={}) |
There was a problem hiding this comment.
think a named tuple or data class would make more sense?
rw-access
reviewed
Jun 1, 2021
rw-access
reviewed
Jun 1, 2021
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
brokensound77
commented
Jun 2, 2021
brokensound77
commented
Jun 2, 2021
rw-access
approved these changes
Jun 2, 2021
There was a problem hiding this comment.
LGTM, pending the TODOs.
thanks for the changes @brokensound77 and @ajosh0504
protectionsmachine
pushed a commit
that referenced
this pull request
Jun 3, 2021
* move github and ml to their own files * refactor release and ml commands * update ML readmes * add unzip_to_dict function * prompt for model ID in remove-model * update experimental rule upload process * update remove-scripts-pipelines to take multiple options Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com> Co-authored-by: Apoorva <appujo@gmail.com> (cherry picked from commit 0ec8d67)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issues
related to https://github.com/elastic/security-team/issues/1204
Summary