-
Notifications
You must be signed in to change notification settings - Fork 8.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
…02402) # Backport This will backport the following commits from `main` to `8.x`: - [[Rules Migration] Add yarn command to draw graphs (#201753)](#201753) <!--- Backport version: 8.9.8 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Marius Iversen","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-29T14:59:17Z","message":"[Rules Migration] Add yarn command to draw graphs (#201753)\n\n## Summary\r\n\r\nThis PR implements a simple yarn command that is identical to the ones\r\nused in Elastic Assistant and Automatic Import, which draws the relevant\r\nLanggraph components used and places them in the docs folder under the\r\ncorrect subfolder.\r\n\r\nIt also adds a tiny unit test to only ensure that the graph compiles\r\nitself, which can be easy to miss during smaller fixes to the graph.\r\n\r\nThis is meant to be run manually and is not part of any CI process, but\r\nprovides benefits to navigate graphs when they become more complex.","sha":"06bc18bad8fc38d966e2617b5ee58bcd3b9b33ba","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team: SecuritySolution","backport:version","v8.18.0"],"number":201753,"url":"https://github.com/elastic/kibana/pull/201753","mergeCommit":{"message":"[Rules Migration] Add yarn command to draw graphs (#201753)\n\n## Summary\r\n\r\nThis PR implements a simple yarn command that is identical to the ones\r\nused in Elastic Assistant and Automatic Import, which draws the relevant\r\nLanggraph components used and places them in the docs folder under the\r\ncorrect subfolder.\r\n\r\nIt also adds a tiny unit test to only ensure that the graph compiles\r\nitself, which can be easy to miss during smaller fixes to the graph.\r\n\r\nThis is meant to be run manually and is not part of any CI process, but\r\nprovides benefits to navigate graphs when they become more complex.","sha":"06bc18bad8fc38d966e2617b5ee58bcd3b9b33ba"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/201753","number":201753,"mergeCommit":{"message":"[Rules Migration] Add yarn command to draw graphs (#201753)\n\n## Summary\r\n\r\nThis PR implements a simple yarn command that is identical to the ones\r\nused in Elastic Assistant and Automatic Import, which draws the relevant\r\nLanggraph components used and places them in the docs folder under the\r\ncorrect subfolder.\r\n\r\nIt also adds a tiny unit test to only ensure that the graph compiles\r\nitself, which can be easy to miss during smaller fixes to the graph.\r\n\r\nThis is meant to be run manually and is not part of any CI process, but\r\nprovides benefits to navigate graphs when they become more complex.","sha":"06bc18bad8fc38d966e2617b5ee58bcd3b9b33ba"}},{"branch":"8.x","label":"v8.18.0","labelRegex":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Marius Iversen <[email protected]>
- Loading branch information
Showing
7 changed files
with
159 additions
and
5 deletions.
There are no files selected for viewing
17 changes: 17 additions & 0 deletions
17
x-pack/plugins/security_solution/docs/siem_migration/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
# SIEM Migration Library | ||
|
||
## Migration Process | ||
|
||
The SIEM migration library defines a set of UI components and services that are used to migrate third party SIEM resources like detection rules and translate them into resources that can be used in the Elastic Security app. | ||
|
||
## Graphs: | ||
|
||
The below images are generated by running the following command from the security_solution directory: | ||
|
||
```bash | ||
yarn siem-migrations:graph:draw | ||
``` | ||
|
||
Main agent graph: | ||
|
||
![Agent Graph](./img/agent_graph.png) |
Binary file added
BIN
+22.8 KB
x-pack/plugins/security_solution/docs/siem_migration/img/agent_graph.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -27,6 +27,7 @@ | |
"test:generate:serverless-dev": "NODE_TLS_REJECT_UNAUTHORIZED=0 node --no-warnings scripts/endpoint/resolver_generator --node https://elastic_serverless:[email protected]:9200 --kibana http://elastic_serverless:[email protected]:5601", | ||
"mappings:generate": "node scripts/mappings/mappings_generator", | ||
"mappings:load": "node scripts/mappings/mappings_loader", | ||
"siem-migrations:graph:draw": "node scripts/siem_migration/draw_graphs", | ||
"junit:transform": "node scripts/junit_transformer --pathPattern '../../../target/kibana-security-solution/cypress/results/*.xml' --rootDirectory ../../../ --reportName 'Security Solution Cypress' --writeInPlace", | ||
"openapi:generate": "node scripts/openapi/generate", | ||
"openapi:generate:debug": "node --inspect-brk scripts/openapi/generate", | ||
|
@@ -35,4 +36,4 @@ | |
"openapi:bundle:entity-analytics": "node scripts/openapi/bundle_entity_analytics", | ||
"openapi:bundle:endpoint-management": "node scripts/openapi/bundle_endpoint_management" | ||
} | ||
} | ||
} |
9 changes: 9 additions & 0 deletions
9
x-pack/plugins/security_solution/scripts/siem_migration/draw_graphs.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
require('../../../../../src/setup_node_env'); | ||
require('./draw_graphs_script').draw(); |
80 changes: 80 additions & 0 deletions
80
x-pack/plugins/security_solution/scripts/siem_migration/draw_graphs_script.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import type { InferenceClient } from '@kbn/inference-plugin/server'; | ||
import type { | ||
ActionsClientChatOpenAI, | ||
ActionsClientSimpleChatModel, | ||
} from '@kbn/langchain/server/language_models'; | ||
import type { Logger } from '@kbn/logging'; | ||
import { ToolingLog } from '@kbn/tooling-log'; | ||
import { FakeLLM } from '@langchain/core/utils/testing'; | ||
import fs from 'fs/promises'; | ||
import path from 'path'; | ||
import { getRuleMigrationAgent } from '../../server/lib/siem_migrations/rules/task/agent'; | ||
import type { IntegrationRetriever } from '../../server/lib/siem_migrations/rules/task/util/integration_retriever'; | ||
import type { PrebuiltRulesMapByName } from '../../server/lib/siem_migrations/rules/task/util/prebuilt_rules'; | ||
import type { RuleResourceRetriever } from '../../server/lib/siem_migrations/rules/task/util/rule_resource_retriever'; | ||
|
||
interface Drawable { | ||
drawMermaidPng: () => Promise<Blob>; | ||
} | ||
|
||
const mockLlm = new FakeLLM({ | ||
response: JSON.stringify({}, null, 2), | ||
}) as unknown as ActionsClientChatOpenAI | ActionsClientSimpleChatModel; | ||
|
||
const inferenceClient = {} as InferenceClient; | ||
const connectorId = 'draw_graphs'; | ||
const prebuiltRulesMap = {} as PrebuiltRulesMapByName; | ||
const resourceRetriever = {} as RuleResourceRetriever; | ||
const integrationRetriever = {} as IntegrationRetriever; | ||
|
||
const createLlmInstance = () => { | ||
return mockLlm; | ||
}; | ||
|
||
async function getAgentGraph(logger: Logger): Promise<Drawable> { | ||
const model = createLlmInstance(); | ||
const graph = getRuleMigrationAgent({ | ||
model, | ||
inferenceClient, | ||
prebuiltRulesMap, | ||
resourceRetriever, | ||
integrationRetriever, | ||
connectorId, | ||
logger, | ||
}); | ||
return graph.getGraphAsync({ xray: true }); | ||
} | ||
|
||
export const drawGraph = async ({ | ||
getGraphAsync, | ||
outputFilename, | ||
}: { | ||
getGraphAsync: (logger: Logger) => Promise<Drawable>; | ||
outputFilename: string; | ||
}) => { | ||
const logger = new ToolingLog({ | ||
level: 'info', | ||
writeTo: process.stdout, | ||
}) as unknown as Logger; | ||
logger.info('Compiling graph'); | ||
const outputPath = path.join(__dirname, outputFilename); | ||
const graph = await getGraphAsync(logger); | ||
const output = await graph.drawMermaidPng(); | ||
const buffer = Buffer.from(await output.arrayBuffer()); | ||
logger.info(`Writing graph to ${outputPath}`); | ||
await fs.writeFile(outputPath, buffer); | ||
}; | ||
|
||
export const draw = async () => { | ||
await drawGraph({ | ||
getGraphAsync: getAgentGraph, | ||
outputFilename: '../../docs/siem_migration/img/agent_graph.png', | ||
}); | ||
}; |
47 changes: 47 additions & 0 deletions
47
x-pack/plugins/security_solution/server/lib/siem_migrations/rules/task/agent/graph.test.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import type { InferenceClient } from '@kbn/inference-plugin/server'; | ||
import type { | ||
ActionsClientChatOpenAI, | ||
ActionsClientSimpleChatModel, | ||
} from '@kbn/langchain/server/language_models'; | ||
import { loggerMock } from '@kbn/logging-mocks'; | ||
import { FakeLLM } from '@langchain/core/utils/testing'; | ||
import type { IntegrationRetriever } from '../util/integration_retriever'; | ||
import type { PrebuiltRulesMapByName } from '../util/prebuilt_rules'; | ||
import type { RuleResourceRetriever } from '../util/rule_resource_retriever'; | ||
import { getRuleMigrationAgent } from './graph'; | ||
|
||
describe('getRuleMigrationAgent', () => { | ||
const model = new FakeLLM({ | ||
response: JSON.stringify({}, null, 2), | ||
}) as unknown as ActionsClientChatOpenAI | ActionsClientSimpleChatModel; | ||
|
||
const inferenceClient = {} as InferenceClient; | ||
const connectorId = 'draw_graphs'; | ||
const prebuiltRulesMap = {} as PrebuiltRulesMapByName; | ||
const resourceRetriever = {} as RuleResourceRetriever; | ||
const integrationRetriever = {} as IntegrationRetriever; | ||
const logger = loggerMock.create(); | ||
|
||
it('Ensures that the graph compiles', async () => { | ||
try { | ||
await getRuleMigrationAgent({ | ||
model, | ||
inferenceClient, | ||
prebuiltRulesMap, | ||
resourceRetriever, | ||
integrationRetriever, | ||
connectorId, | ||
logger, | ||
}); | ||
} catch (error) { | ||
throw Error(`getRuleMigrationAgent threw an error: ${error}`); | ||
} | ||
}); | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters