Description
Description
We are introducing the following indicators for rule executions for a selected time range:
- Success rate
- Amount of successful, failed and warning outcomes for the last execution of each rule.
Example:
We have 3 rules called 'A', 'B' and 'C'. Each rule has been executed 10 times, for a total of 30 executions. Rule 'C' is always failing its execution, therefore out of those 30 executions, 10 were failures. Rule 'B' had warnings in its last execution.
Given these conditions we have the following summary displayed to the users:
- Total execution success: 66% (20 successful / 30 total)
- Last execution summary: Success: 2 (rules 'A' and 'B'), Failed: 1 ('C' is always failing), Warning: 1 ('B' had warnings)
The indicators are displayed in the Rule Monitoring tab in the Rules page as indicated in the images:
Resources
This feature is implemented in this PR: elastic/kibana#219630
The issue for the feature can be found here: https://github.com/elastic/security-team/issues/12148
Which documentation set does this change impact?
Elastic On-Prem and Cloud (all)
Feature differences
The feature is identical on all deployment methods.
What release is this request related to?
8.19/9.1
Serverless TBD
Collaboration model
The documentation team
Point of contact.
Main contact: @denar50 (author) / @nkhristinin
Stakeholders: @approksiu, @yctercero