Update security ML jobs to include MITRE ATT&CK framework tactics and technique metdata#19220
Conversation
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
TL;DR
Remediation
Investigation detailsRoot CauseThe transform definition uses a hard-coded versioned pipeline name:
Buildkite attempted to build package Evidence
Verification
Follow-up
Note 🔒 Integrity filter blocked 3 itemsThe following items were blocked because they don't meet the GitHub integrity level.
To allow these resources, lower tools:
github:
min-integrity: approved # merged | approved | unapproved | noneWhat is this? | From workflow: PR Buildkite Detective Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not. |
|
@elasticmachine merge upstream |
…-jobs-with-threat-categories
💚 Build Succeeded
History
|
sodhikirti07
left a comment
There was a problem hiding this comment.
@ymao1 Changes looks good to me
|
LGTM! All ITP tests pass. |
|
Pinging @elastic/sec-applied-ml (Team:Security-Applied ML) |
… technique metdata (#271300) ## Summary Adding MITRE ATT&CK framework tactic and technique codes to the `custom_settings` field for all security ML jobs. These mappings were derived from the prebuilt detection ML rules that include the mapping within the rule definitions. Techniques and subtechniques are stored in the same array. Integrations PR here: elastic/integrations#19220 --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
|
Package ded - 3.1.1 containing this change is available at https://epr.elastic.co/package/ded/3.1.1/ |
|
Package dga - 3.0.1 containing this change is available at https://epr.elastic.co/package/dga/3.0.1/ |
|
Package lmd - 3.1.2 containing this change is available at https://epr.elastic.co/package/lmd/3.1.2/ |
|
Package pad - 2.1.1 containing this change is available at https://epr.elastic.co/package/pad/2.1.1/ |
|
Package problemchild - 3.0.2 containing this change is available at https://epr.elastic.co/package/problemchild/3.0.2/ |
…ly section on entity flyout (#277095) ## Summary We updated all of the Kibana EA ML jobs to include MITRE ATT&CK mappings in #271300 and elastic/integrations#19220. For the jobs in the integrations repo, the user needs the latest version of the integration in order to have the mappings. This adds a check to determine whether any integrations ML configs are missing those mappings and shows a warning with a link to the integrations page. <img width="936" height="242" alt="Screenshot 2026-07-08 at 4 31 29 PM" src="https://github.com/user-attachments/assets/a6e1ad7a-b867-467c-9f57-f8b9f85c59a7" /> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
… anomaly section on entity flyout (#277095) (#277192) # Backport This will backport the following commits from `main` to `9.5`: - [[Entity Analytics] Showing warning for missing MITRE tactics in anomaly section on entity flyout (#277095)](#277095) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Ying Mao","email":"ying.mao@elastic.co"},"sourceCommit":{"committedDate":"2026-07-09T13:16:36Z","message":"[Entity Analytics] Showing warning for missing MITRE tactics in anomaly section on entity flyout (#277095)\n\n## Summary\n\nWe updated all of the Kibana EA ML jobs to include MITRE ATT&CK mappings\nin #271300 and\nhttps://github.com/elastic/integrations/pull/19220. For the jobs in the\nintegrations repo, the user needs the latest version of the integration\nin order to have the mappings. This adds a check to determine whether\nany integrations ML configs are missing those mappings and shows a\nwarning with a link to the integrations page.\n\n \n<img width=\"936\" height=\"242\" alt=\"Screenshot 2026-07-08 at 4 31 29 PM\"\nsrc=\"https://github.com/user-attachments/assets/a6e1ad7a-b867-467c-9f57-f8b9f85c59a7\"\n/>\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"08e163a2166ad369d1e0a128c4ab5ee6020cd801","branchLabelMapping":{"^v9.6.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Entity Analytics","backport:version","v9.5.0","v9.6.0"],"title":"[Entity Analytics] Showing warning for missing MITRE tactics in anomaly section on entity flyout","number":277095,"url":"https://github.com/elastic/kibana/pull/277095","mergeCommit":{"message":"[Entity Analytics] Showing warning for missing MITRE tactics in anomaly section on entity flyout (#277095)\n\n## Summary\n\nWe updated all of the Kibana EA ML jobs to include MITRE ATT&CK mappings\nin #271300 and\nhttps://github.com/elastic/integrations/pull/19220. For the jobs in the\nintegrations repo, the user needs the latest version of the integration\nin order to have the mappings. This adds a check to determine whether\nany integrations ML configs are missing those mappings and shows a\nwarning with a link to the integrations page.\n\n \n<img width=\"936\" height=\"242\" alt=\"Screenshot 2026-07-08 at 4 31 29 PM\"\nsrc=\"https://github.com/user-attachments/assets/a6e1ad7a-b867-467c-9f57-f8b9f85c59a7\"\n/>\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"08e163a2166ad369d1e0a128c4ab5ee6020cd801"}},"sourceBranch":"main","suggestedTargetBranches":["9.5"],"targetPullRequestStates":[{"branch":"9.5","label":"v9.5.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.6.0","branchLabelMappingKey":"^v9.6.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/277095","number":277095,"mergeCommit":{"message":"[Entity Analytics] Showing warning for missing MITRE tactics in anomaly section on entity flyout (#277095)\n\n## Summary\n\nWe updated all of the Kibana EA ML jobs to include MITRE ATT&CK mappings\nin #271300 and\nhttps://github.com/elastic/integrations/pull/19220. For the jobs in the\nintegrations repo, the user needs the latest version of the integration\nin order to have the mappings. This adds a check to determine whether\nany integrations ML configs are missing those mappings and shows a\nwarning with a link to the integrations page.\n\n \n<img width=\"936\" height=\"242\" alt=\"Screenshot 2026-07-08 at 4 31 29 PM\"\nsrc=\"https://github.com/user-attachments/assets/a6e1ad7a-b867-467c-9f57-f8b9f85c59a7\"\n/>\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"08e163a2166ad369d1e0a128c4ab5ee6020cd801"}}]}] BACKPORT--> --------- Co-authored-by: Ying Mao <ying.mao@elastic.co> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Proposed commit message
Adding MITRE ATT&CK framework tactic and technique codes to the custom_settings field for all security ML jobs. These mappings were derived from the prebuilt detection ML rules that include the mapping within the rule definitions. Techniques and subtechniques are stored in the same array.
Kibana PR here: elastic/kibana#271300
Checklist
changelog.ymlfile.Author's Checklist
How to test this PR locally
Related issues
Screenshots