artifacts manifest update age, snapshot date

[intxgo]

Change Summary

Add artifact snapshot date indicator. When artifacts are not pinned to any specific snapshot date the keyword 'latest' is used.

Add artifact up-to-date age indicator. It's equal to number of days since the local artifacts copy at Endpoint side was last time deemed up-to-date (the date when either Endpoint updated the artifacts or verified that it's artifacts are up-to-date with Elastic CDN).

Note, when artifacts are pinned to a specific snapshot date, the age always equal to the numbers of days since that date. In addition the initial artifacts shipped with the installation package age is equal to the number of days since the package creation date (endpoint build date).

Sample values

Artifacts made or verified to be up-to-date today:
"Endpoint.policy.applied.artifacts.global.update_age": 0
Artifacts 50 days old
"Endpoint.policy.applied.artifacts.global.update_age": 50

Artifacts pinned to 2023-09-26 snapshot date:
"Endpoint.policy.applied.artifacts.global.snapshot": "2023-09-26"

Artifacts not pinned to any snapshot date:
"Endpoint.policy.applied.artifacts.global.snapshot": "latest"

Sample document:

Endpoint altert and Endpoint policy response:

{
    "Endpoint": {
        "policy": {
            "applied": {
                "artifacts": {
                    "global": {
                        "update_age": 0,
                        "snapshot": "latest",
                    },
}

Release Target

Q/A

For mapping changes:

• I ran make after making the schema changes, and committed all changes
• If these field(s) are "exception"-able, I made a companion PR to Kibana adding it (see Readme)
• If this is a metadata change, I also updated both transform destination schemas to match

For Transform changes:

• The new transform successfully starts in Kibana
• The corresponding transform destination schema was updated if necessary

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-10-12T14:11:49.260+0000

• Duration: 7 min 3 sec

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[intxgo]

@pzl @ferullo I've retargeted the PR against main and added make generated files.

[pzl]

Changes look good; can you please add the sample value to:

package/endpoint/data_stream/alerts/sample_event.json and package/endpoint/data_stream/policy/sample_event.json?

[intxgo]

Changes look good; can you please add the sample value to:

package/endpoint/data_stream/alerts/sample_event.json and package/endpoint/data_stream/policy/sample_event.json?

done, thanks

[intxgo]

is there anything else I should do for this PR to make it reviewable?

[intxgo]

can anyone advise me if the remaining two Required checks are going to resolve itself with time or could I do anything to help it? I don't see any documentation in the repo how to deal with it.

[kevinlog]

/test

[kevinlog]

@intxgo - I'm seeing to following in the build logs:

05:24:00  FAILURE DETAILS:
05:24:00  endpoint/alerts Verify sample_event.json:
05:24:00  [0] field "Endpoint.policy.applied.artifacts.user.update_age" is undefined
05:24:00  [1] field "Endpoint.policy.applied.artifacts.user.snapshot" is undefined

it looks like the names should contain global, i.e. Endpoint.policy.applied.artifacts.global.snapshot. Could you check the sample doc again for alerts?

[elasticmachine]

Package endpoint - 8.11.1 containing this change is available at https://epr.elastic.co/search?package=endpoint

[elasticmachine]

Package endpoint - 8.12.0 containing this change is available at https://epr.elastic.co/search?package=endpoint

[elasticmachine]

Package endpoint - 8.13.0 containing this change is available at https://epr.elastic.co/search?package=endpoint