diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/cti/cti.ts b/x-pack/plugins/security_solution/common/api/search_strategy/cti/cti.ts new file mode 100644 index 0000000000000..19d949c171a49 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/cti/cti.ts @@ -0,0 +1,10 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export * from './event_enrichment'; + +export * from './threat_intel_source'; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/cti/event_enrichment.ts b/x-pack/plugins/security_solution/common/api/search_strategy/cti/event_enrichment.ts new file mode 100644 index 0000000000000..ecf86bc742e6e --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/cti/event_enrichment.ts @@ -0,0 +1,23 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { CtiQueries } from '../model/factory_query_type'; +import { requestBasicOptionsSchema } from '../model/request_basic_options'; +import { timerange } from '../model/timerange'; + +export const eventEnrichmentRequestOptionsSchema = requestBasicOptionsSchema.extend({ + eventFields: z.record(z.unknown()), + timerange, + factoryQueryType: z.literal(CtiQueries.eventEnrichment), +}); + +export type EventEnrichmentRequestOptionsInput = z.input< + typeof eventEnrichmentRequestOptionsSchema +>; + +export type EventEnrichmentRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/cti/threat_intel_source.ts b/x-pack/plugins/security_solution/common/api/search_strategy/cti/threat_intel_source.ts new file mode 100644 index 0000000000000..ad82371bdda62 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/cti/threat_intel_source.ts @@ -0,0 +1,20 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { CtiQueries } from '../model/factory_query_type'; +import { requestBasicOptionsSchema } from '../model/request_basic_options'; + +export const threatIntelSourceRequestOptionsSchema = requestBasicOptionsSchema.extend({ + factoryQueryType: z.literal(CtiQueries.dataSource), +}); + +export type ThreatIntelSourceRequestOptionsInput = z.input< + typeof threatIntelSourceRequestOptionsSchema +>; + +export type ThreatIntelSourceRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/endpoint_fields/endpoint_fields.ts b/x-pack/plugins/security_solution/common/api/search_strategy/endpoint_fields/endpoint_fields.ts index d4e9ce80710ca..cdef3c0716d7f 100644 --- a/x-pack/plugins/security_solution/common/api/search_strategy/endpoint_fields/endpoint_fields.ts +++ b/x-pack/plugins/security_solution/common/api/search_strategy/endpoint_fields/endpoint_fields.ts @@ -12,4 +12,6 @@ export const endpointFieldsRequestSchema = z.object({ onlyCheckIfIndicesExist: z.boolean(), }); +export type EndpointFieldsRequestSchemaInput = z.input; + export type EndpointFieldsRequestSchema = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/first_seen_last_seen/first_seen_last_seen.ts b/x-pack/plugins/security_solution/common/api/search_strategy/first_seen_last_seen/first_seen_last_seen.ts index d161aac9af18f..52a6afe56a604 100644 --- a/x-pack/plugins/security_solution/common/api/search_strategy/first_seen_last_seen/first_seen_last_seen.ts +++ b/x-pack/plugins/security_solution/common/api/search_strategy/first_seen_last_seen/first_seen_last_seen.ts @@ -11,28 +11,27 @@ import type { IKibanaSearchResponse } from '@kbn/data-plugin/common'; import { order } from '../model/order'; import { requestBasicOptionsSchema } from '../model/request_basic_options'; +import { inspect } from '../model/inspect'; +import { FirstLastSeenQuery } from '../model/factory_query_type'; + +export const firstLastSeenRequestOptionsSchema = requestBasicOptionsSchema.extend({ + order, + field: z.string(), + value: z.string(), + factoryQueryType: z.literal(FirstLastSeenQuery), +}); -export const firstLastSeenRequestOptionsSchema = z - .object({ - order, - field: z.string(), - value: z.string(), - }) - .extend(requestBasicOptionsSchema.partial().shape); +export type FirstLastSeenRequestOptionsInput = z.input; export type FirstLastSeenRequestOptions = z.infer; -const inspectSchema = z.object({ - dsl: z.array(z.string()), -}); - export const firstLastSeenResponseSchema = z .object({ firstSeen: z.string().nullable(), lastSeen: z.string().nullable(), - inspect: inspectSchema, + inspect, }) .partial(); -export type FirstLastSeenStrategyResponse = z.infer & +export type FirstLastSeenStrategyResponse = z.input & IKibanaSearchResponse; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/hosts/all.ts b/x-pack/plugins/security_solution/common/api/search_strategy/hosts/all.ts new file mode 100644 index 0000000000000..b79c4b3afe93d --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/hosts/all.ts @@ -0,0 +1,25 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { HostsQueries } from '../model/factory_query_type'; +import { pagination } from '../model/pagination'; +import { requestBasicOptionsSchema } from '../model/request_basic_options'; +import { timerange } from '../model/timerange'; +import { sort } from './model/sort'; + +export const allHostsSchema = requestBasicOptionsSchema.extend({ + sort, + pagination, + timerange, + isNewRiskScoreModuleAvailable: z.boolean().default(false), + factoryQueryType: z.literal(HostsQueries.hosts), +}); + +export type HostsRequestOptionsInput = z.input; + +export type HostsRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/hosts/details.ts b/x-pack/plugins/security_solution/common/api/search_strategy/hosts/details.ts new file mode 100644 index 0000000000000..01aedce487772 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/hosts/details.ts @@ -0,0 +1,28 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { HostsQueries } from '../model/factory_query_type'; +import { inspect } from '../model/inspect'; +import { pagination } from '../model/pagination'; +import { requestBasicOptionsSchema } from '../model/request_basic_options'; +import { timerange } from '../model/timerange'; +import { sort } from './model/sort'; + +export const hostDetailsSchema = requestBasicOptionsSchema.extend({ + hostName: z.string(), + skip: z.boolean().optional(), + inspect, + pagination: pagination.optional(), + timerange, + sort, + factoryQueryType: z.literal(HostsQueries.details), +}); + +export type HostDetailsRequestOptionsInput = z.input; + +export type HostDetailsRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/hosts/hosts.ts b/x-pack/plugins/security_solution/common/api/search_strategy/hosts/hosts.ts new file mode 100644 index 0000000000000..a5931bd42972e --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/hosts/hosts.ts @@ -0,0 +1,18 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export * from './all'; + +export * from './details'; + +export * from './overview'; + +export * from './uncommon_processes'; + +export * from './kpi_hosts'; + +export * from './kpi_unique_ips'; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/hosts/kpi_hosts.ts b/x-pack/plugins/security_solution/common/api/search_strategy/hosts/kpi_hosts.ts new file mode 100644 index 0000000000000..e49741efe0d24 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/hosts/kpi_hosts.ts @@ -0,0 +1,24 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { HostsKpiQueries } from '../model/factory_query_type'; +import { pagination } from '../model/pagination'; +import { requestBasicOptionsSchema } from '../model/request_basic_options'; +import { timerange } from '../model/timerange'; +import { sort } from './model/sort'; + +export const kpiHostsSchema = requestBasicOptionsSchema.extend({ + sort, + pagination, + timerange, + factoryQueryType: z.literal(HostsKpiQueries.kpiHosts), +}); + +export type KpiHostsRequestOptionsInput = z.input; + +export type KpiHostsRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/hosts/kpi_unique_ips.ts b/x-pack/plugins/security_solution/common/api/search_strategy/hosts/kpi_unique_ips.ts new file mode 100644 index 0000000000000..998b6a076bd9a --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/hosts/kpi_unique_ips.ts @@ -0,0 +1,24 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { HostsKpiQueries } from '../model/factory_query_type'; +import { pagination } from '../model/pagination'; +import { requestBasicOptionsSchema } from '../model/request_basic_options'; +import { timerange } from '../model/timerange'; +import { sort } from './model/sort'; + +export const kpiUniqueIpsSchema = requestBasicOptionsSchema.extend({ + sort, + pagination, + timerange, + factoryQueryType: z.literal(HostsKpiQueries.kpiUniqueIps), +}); + +export type KpiUniqueIpsRequestOptionsInput = z.input; + +export type KpiUniqueIpsRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/hosts/model/sort.ts b/x-pack/plugins/security_solution/common/api/search_strategy/hosts/model/sort.ts new file mode 100644 index 0000000000000..8a547765fe266 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/hosts/model/sort.ts @@ -0,0 +1,16 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export enum HostsFields { + lastSeen = 'lastSeen', + hostName = 'hostName', + success = 'success', +} + +import { sort as baseSort } from '../../model/sort'; + +export const sort = baseSort; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/hosts/overview.ts b/x-pack/plugins/security_solution/common/api/search_strategy/hosts/overview.ts new file mode 100644 index 0000000000000..1b85066860388 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/hosts/overview.ts @@ -0,0 +1,20 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { HostsQueries } from '../model/factory_query_type'; +import { requestBasicOptionsSchema } from '../model/request_basic_options'; +import { timerange } from '../model/timerange'; + +export const hostOverviewSchema = requestBasicOptionsSchema.extend({ + factoryQueryType: z.literal(HostsQueries.overview), + timerange, +}); + +export type HostOverviewRequestOptionsInput = z.input; + +export type HostOverviewRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/hosts/uncommon_processes.ts b/x-pack/plugins/security_solution/common/api/search_strategy/hosts/uncommon_processes.ts new file mode 100644 index 0000000000000..0a24abab5be7c --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/hosts/uncommon_processes.ts @@ -0,0 +1,24 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { HostsQueries } from '../model/factory_query_type'; +import { pagination } from '../model/pagination'; +import { requestBasicOptionsSchema } from '../model/request_basic_options'; +import { sort } from '../model/sort'; +import { timerange } from '../model/timerange'; + +export const hostUncommonProcessesSchema = requestBasicOptionsSchema.extend({ + sort, + pagination, + timerange, + factoryQueryType: z.literal(HostsQueries.uncommonProcesses), +}); + +export type HostUncommonProcessesRequestOptionsInput = z.input; + +export type HostUncommonProcessesRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/index.ts b/x-pack/plugins/security_solution/common/api/search_strategy/index.ts index 31945f4bbf7ec..54baa7c46ed2d 100644 --- a/x-pack/plugins/security_solution/common/api/search_strategy/index.ts +++ b/x-pack/plugins/security_solution/common/api/search_strategy/index.ts @@ -5,4 +5,114 @@ * 2.0. */ +import { z } from 'zod'; + +import { + threatIntelSourceRequestOptionsSchema, + eventEnrichmentRequestOptionsSchema, +} from './cti/cti'; + +import { firstLastSeenRequestOptionsSchema } from './first_seen_last_seen/first_seen_last_seen'; +import { + allHostsSchema, + hostDetailsSchema, + hostOverviewSchema, + hostUncommonProcessesSchema, + kpiHostsSchema, + kpiUniqueIpsSchema, +} from './hosts/hosts'; +import { matrixHistogramSchema } from './matrix_histogram/matrix_histogram'; +import { networkDetailsSchema } from './network/details'; +import { networkDnsSchema } from './network/dns'; +import { networkHttpSchema } from './network/http'; +import { + networkKpiDns, + networkKpiEvents, + networkKpiTlsHandshakes, + networkKpiUniqueFlows, + networkKpiUniquePrivateIps, +} from './network/kpi'; +import { networkOverviewSchema } from './network/overview'; +import { networkTlsSchema } from './network/tls'; +import { networkTopCountriesSchema } from './network/top_countries'; +import { networkTopNFlowSchema } from './network/top_n_flow'; +import { networkUsersSchema } from './network/users'; + +import { + relatedHostsRequestOptionsSchema, + relatedUsersRequestOptionsSchema, +} from './related_entities/related_entities'; + +import { + hostsRiskScoreRequestOptionsSchema, + riskScoreKpiRequestOptionsSchema, + usersRiskScoreRequestOptionsSchema, +} from './risk_score/risk_score'; + +import { + authenticationsKpiSchema, + managedUserDetailsSchema, + observedUserDetailsSchema, + totalUsersKpiSchema, + userAuthenticationsSchema, + usersSchema, +} from './users/users'; + export * from './first_seen_last_seen/first_seen_last_seen'; + +export * from './hosts/hosts'; + +export * from './users/users'; + +export * from './matrix_histogram/matrix_histogram'; + +export * from './network/network'; + +export * from './related_entities/related_entities'; + +export * from './risk_score/risk_score'; + +export * from './cti/cti'; + +export * from './model/pagination'; + +export * from './model/factory_query_type'; + +export * from './model/runtime_mappings'; + +export const searchStrategyRequestSchema = z.discriminatedUnion('factoryQueryType', [ + firstLastSeenRequestOptionsSchema, + allHostsSchema, + hostDetailsSchema, + kpiHostsSchema, + kpiUniqueIpsSchema, + hostOverviewSchema, + hostUncommonProcessesSchema, + usersSchema, + observedUserDetailsSchema, + managedUserDetailsSchema, + totalUsersKpiSchema, + authenticationsKpiSchema, + userAuthenticationsSchema, + hostsRiskScoreRequestOptionsSchema, + usersRiskScoreRequestOptionsSchema, + riskScoreKpiRequestOptionsSchema, + relatedHostsRequestOptionsSchema, + relatedUsersRequestOptionsSchema, + networkDetailsSchema, + networkDnsSchema, + networkHttpSchema, + networkOverviewSchema, + networkTlsSchema, + networkTopCountriesSchema, + networkTopNFlowSchema, + networkUsersSchema, + networkKpiDns, + networkKpiEvents, + networkKpiTlsHandshakes, + networkKpiUniqueFlows, + networkKpiUniquePrivateIps, + matrixHistogramSchema, + threatIntelSourceRequestOptionsSchema, + eventEnrichmentRequestOptionsSchema, +]); diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/matrix_histogram/matrix_histogram.ts b/x-pack/plugins/security_solution/common/api/search_strategy/matrix_histogram/matrix_histogram.ts new file mode 100644 index 0000000000000..7ad60f8d8b6fc --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/matrix_histogram/matrix_histogram.ts @@ -0,0 +1,56 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { MatrixHistogramQuery } from '../model/factory_query_type'; +import { inspect } from '../model/inspect'; +import { requestBasicOptionsSchema } from '../model/request_basic_options'; +import { runtimeMappings } from '../model/runtime_mappings'; +import { timerange } from '../model/timerange'; + +export enum MatrixHistogramType { + authentications = 'authentications', + anomalies = 'anomalies', + events = 'events', + alerts = 'alerts', + dns = 'dns', + preview = 'preview', +} + +export const matrixHistogramSchema = requestBasicOptionsSchema.extend({ + histogramType: z.enum([ + MatrixHistogramType.alerts, + MatrixHistogramType.anomalies, + MatrixHistogramType.authentications, + MatrixHistogramType.dns, + MatrixHistogramType.events, + MatrixHistogramType.preview, + ]), + stackByField: z.string().optional(), + threshold: z + .object({ + field: z.array(z.string()), + value: z.string(), + cardinality: z + .object({ + field: z.array(z.string()), + value: z.string(), + }) + .optional(), + }) + .optional(), + inspect, + isPtrIncluded: z.boolean().default(false), + includeMissingData: z.boolean().default(true), + runtimeMappings, + timerange, + factoryQueryType: z.literal(MatrixHistogramQuery), +}); + +export type MatrixHistogramRequestOptionsInput = z.input; + +export type MatrixHistogramRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/model/factory_query_type.ts b/x-pack/plugins/security_solution/common/api/search_strategy/model/factory_query_type.ts new file mode 100644 index 0000000000000..b71296af8482f --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/model/factory_query_type.ts @@ -0,0 +1,78 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export enum HostsQueries { + details = 'hostDetails', + hosts = 'hosts', + overview = 'overviewHost', + uncommonProcesses = 'uncommonProcesses', +} + +export enum NetworkKpiQueries { + dns = 'networkKpiDns', + networkEvents = 'networkKpiNetworkEvents', + tlsHandshakes = 'networkKpiTlsHandshakes', + uniqueFlows = 'networkKpiUniqueFlows', + uniquePrivateIps = 'networkKpiUniquePrivateIps', +} + +export enum HostsKpiQueries { + kpiHosts = 'hostsKpiHosts', + kpiUniqueIps = 'hostsKpiUniqueIps', +} + +export enum UsersQueries { + observedDetails = 'observedUserDetails', + managedDetails = 'managedUserDetails', + kpiTotalUsers = 'usersKpiTotalUsers', + users = 'allUsers', + authentications = 'authentications', + kpiAuthentications = 'usersKpiAuthentications', +} + +export enum NetworkQueries { + details = 'networkDetails', + dns = 'dns', + http = 'http', + overview = 'overviewNetwork', + tls = 'tls', + topCountries = 'topCountries', + topNFlow = 'topNFlow', + users = 'users', +} + +export enum RiskQueries { + hostsRiskScore = 'hostsRiskScore', + usersRiskScore = 'usersRiskScore', + kpiRiskScore = 'kpiRiskScore', +} + +export enum CtiQueries { + eventEnrichment = 'eventEnrichment', + dataSource = 'dataSource', +} + +export const MatrixHistogramQuery = 'matrixHistogram'; + +export const FirstLastSeenQuery = 'firstlastseen'; + +export enum RelatedEntitiesQueries { + relatedHosts = 'relatedHosts', + relatedUsers = 'relatedUsers', +} + +export type FactoryQueryTypes = + | HostsQueries + | HostsKpiQueries + | UsersQueries + | NetworkQueries + | NetworkKpiQueries + | RiskQueries + | CtiQueries + | typeof MatrixHistogramQuery + | typeof FirstLastSeenQuery + | RelatedEntitiesQueries; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/model/filter_query.ts b/x-pack/plugins/security_solution/common/api/search_strategy/model/filter_query.ts index 89c6e24dad231..73bcf041aadf9 100644 --- a/x-pack/plugins/security_solution/common/api/search_strategy/model/filter_query.ts +++ b/x-pack/plugins/security_solution/common/api/search_strategy/model/filter_query.ts @@ -71,7 +71,7 @@ export type ESQuery = | ESBoolQuery | JsonObject; -const esQuerySchema = z.union([ +export const esQuerySchema = z.union([ esRangeQuerySchema, esQueryStringQuerySchema, esMatchQuerySchema, @@ -80,4 +80,4 @@ const esQuerySchema = z.union([ jsonObjectSchema, ]); -export const filterQuery = z.union([z.string(), z.undefined(), esQuerySchema]); +export const filterQuery = z.union([z.string(), z.any()]).optional(); diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/model/inspect.ts b/x-pack/plugins/security_solution/common/api/search_strategy/model/inspect.ts new file mode 100644 index 0000000000000..d6aa7aa9782e2 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/model/inspect.ts @@ -0,0 +1,19 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; + +export const inspect = z + .union([ + z + .object({ + dsl: z.array(z.string()), + }) + .nullable(), + z.boolean(), + ]) + .optional(); diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/model/order.ts b/x-pack/plugins/security_solution/common/api/search_strategy/model/order.ts index d93aa97188ee2..e163c82cef737 100644 --- a/x-pack/plugins/security_solution/common/api/search_strategy/model/order.ts +++ b/x-pack/plugins/security_solution/common/api/search_strategy/model/order.ts @@ -7,6 +7,8 @@ import { Direction } from '@kbn/timelines-plugin/common'; +export { Direction }; + import { z } from 'zod'; export const order = z.enum([Direction.asc, Direction.desc]); diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/model/pagination.ts b/x-pack/plugins/security_solution/common/api/search_strategy/model/pagination.ts new file mode 100644 index 0000000000000..8a0e0dcbb1340 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/model/pagination.ts @@ -0,0 +1,28 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; + +export type PaginationInputPaginatedInput = z.input; + +export const pagination = z + .object({ + /** The activePage parameter defines the page of results you want to fetch */ + activePage: z.number(), + /** The cursorStart parameter defines the start of the results to be displayed */ + cursorStart: z.number(), + /** The fakePossibleCount parameter determines the total count in order to show 5 additional pages */ + fakePossibleCount: z.number(), + /** The querySize parameter is the number of items to be returned */ + querySize: z.number(), + }) + .default({ + activePage: 0, + cursorStart: 0, + fakePossibleCount: 0, + querySize: 0, + }); diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/model/request_basic_options.ts b/x-pack/plugins/security_solution/common/api/search_strategy/model/request_basic_options.ts index 49227ac1de509..6226efded40c6 100644 --- a/x-pack/plugins/security_solution/common/api/search_strategy/model/request_basic_options.ts +++ b/x-pack/plugins/security_solution/common/api/search_strategy/model/request_basic_options.ts @@ -7,20 +7,16 @@ import { z } from 'zod'; import { filterQuery } from './filter_query'; +import { timerange } from './timerange'; export const requestBasicOptionsSchema = z.object({ - timerange: z.object({ - interval: z.string(), - from: z.string(), - to: z.string(), - }), + timerange: timerange.optional(), filterQuery, - defaultIndex: z.array(z.string()), - - // This comes from the IKibanaSearchRequest - factoryQueryType: z.union([z.string(), z.undefined()]), - id: z.union([z.string(), z.undefined()]), - params: z.union([z.object({}), z.undefined()]), + defaultIndex: z.array(z.string()).optional(), + id: z.string().optional(), + params: z.any().optional(), }); +export type RequestBasicOptionsInput = z.input; + export type RequestBasicOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/model/request_paginated_options.ts b/x-pack/plugins/security_solution/common/api/search_strategy/model/request_paginated_options.ts new file mode 100644 index 0000000000000..3edff2596f0f3 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/model/request_paginated_options.ts @@ -0,0 +1,15 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { sort } from '../hosts/model/sort'; +import { pagination } from './pagination'; +import { requestBasicOptionsSchema } from './request_basic_options'; + +export const requestOptionsPaginatedSchema = requestBasicOptionsSchema.extend({ + pagination, + sort, +}); diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/model/runtime_mappings.ts b/x-pack/plugins/security_solution/common/api/search_strategy/model/runtime_mappings.ts new file mode 100644 index 0000000000000..b3f16c1ed1236 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/model/runtime_mappings.ts @@ -0,0 +1,49 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; + +export type MappingRuntimeFieldType = + | 'boolean' + | 'date' + | 'double' + | 'geo_point' + | 'ip' + | 'keyword' + | 'long' + | 'lookup'; + +export const runtimeMappings = z + .record( + z.object({ + type: z.union([ + z.literal('boolean'), + z.literal('date'), + z.literal('double'), + z.literal('geo_point'), + z.literal('ip'), + z.literal('keyword'), + z.literal('long'), + z.literal('lookup'), + ]), + script: z + .union([ + z.string(), + z.object({ source: z.string() }), + z.object({ id: z.string(), params: z.record(z.any()) }), + ]) + .optional(), + fetch_fields: z.array(z.string()).optional(), + format: z.string().optional(), + input_field: z.string().optional(), + target_field: z.string().optional(), + target_index: z.string().optional(), + }) + ) + .optional(); + +export type RunTimeMappings = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/model/sort.ts b/x-pack/plugins/security_solution/common/api/search_strategy/model/sort.ts new file mode 100644 index 0000000000000..a7ed1e44c1260 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/model/sort.ts @@ -0,0 +1,16 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { Direction, order } from './order'; + +export const sort = z + .object({ + direction: order.default(Direction.desc), + field: z.string().default('@timestamp'), + }) + .default({ direction: Direction.desc, field: '@timestamp' }); diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/model/timerange.ts b/x-pack/plugins/security_solution/common/api/search_strategy/model/timerange.ts new file mode 100644 index 0000000000000..f04ad37a82839 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/model/timerange.ts @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; + +export const timerange = z.object({ + interval: z.string(), + from: z.string(), + to: z.string(), +}); diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/network/details.ts b/x-pack/plugins/security_solution/common/api/search_strategy/network/details.ts new file mode 100644 index 0000000000000..5cabd022eebcd --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/network/details.ts @@ -0,0 +1,19 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { NetworkQueries } from '../model/factory_query_type'; +import { requestBasicOptionsSchema } from '../model/request_basic_options'; + +export const networkDetailsSchema = requestBasicOptionsSchema.extend({ + ip: z.string().ip(), + factoryQueryType: z.literal(NetworkQueries.details), +}); + +export type NetworkDetailsRequestOptionsInput = z.input; + +export type NetworkDetailsRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/network/dns.ts b/x-pack/plugins/security_solution/common/api/search_strategy/network/dns.ts new file mode 100644 index 0000000000000..95b914a277ae9 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/network/dns.ts @@ -0,0 +1,32 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { NetworkQueries } from '../model/factory_query_type'; +import { requestOptionsPaginatedSchema } from '../model/request_paginated_options'; +import { sort } from '../model/sort'; +import { timerange } from '../model/timerange'; + +export enum NetworkDnsFields { + dnsName = 'dnsName', + queryCount = 'queryCount', + uniqueDomains = 'uniqueDomains', + dnsBytesIn = 'dnsBytesIn', + dnsBytesOut = 'dnsBytesOut', +} + +export const networkDnsSchema = requestOptionsPaginatedSchema.extend({ + isPtrIncluded: z.boolean().default(false), + stackByField: z.string().optional(), + sort, + timerange, + factoryQueryType: z.literal(NetworkQueries.dns), +}); + +export type NetworkDnsRequestOptionsInput = z.input; + +export type NetworkDnsRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/network/http.ts b/x-pack/plugins/security_solution/common/api/search_strategy/network/http.ts new file mode 100644 index 0000000000000..42e2096c92fd1 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/network/http.ts @@ -0,0 +1,25 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { NetworkQueries } from '../model/factory_query_type'; + +import { requestOptionsPaginatedSchema } from '../model/request_paginated_options'; +import { sort } from '../model/sort'; +import { timerange } from '../model/timerange'; + +export const networkHttpSchema = requestOptionsPaginatedSchema.extend({ + ip: z.string().ip().optional(), + defaultIndex: z.array(z.string()).min(1).optional(), + timerange, + sort, + factoryQueryType: z.literal(NetworkQueries.http), +}); + +export type NetworkHttpRequestOptionsInput = z.input; + +export type NetworkHttpRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/network/kpi/dns.ts b/x-pack/plugins/security_solution/common/api/search_strategy/network/kpi/dns.ts new file mode 100644 index 0000000000000..fd614dd76e224 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/network/kpi/dns.ts @@ -0,0 +1,21 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { NetworkKpiQueries } from '../../model/factory_query_type'; + +import { requestBasicOptionsSchema } from '../../model/request_basic_options'; +import { timerange } from '../../model/timerange'; + +export const networkKpiDns = requestBasicOptionsSchema.extend({ + timerange, + factoryQueryType: z.literal(NetworkKpiQueries.dns), +}); + +export type NetworkKpiDnsRequestOptionsInput = z.input; + +export type NetworkKpiDnsRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/network/kpi/events.ts b/x-pack/plugins/security_solution/common/api/search_strategy/network/kpi/events.ts new file mode 100644 index 0000000000000..7aef866065f29 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/network/kpi/events.ts @@ -0,0 +1,21 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { NetworkKpiQueries } from '../../model/factory_query_type'; + +import { requestBasicOptionsSchema } from '../../model/request_basic_options'; +import { timerange } from '../../model/timerange'; + +export const networkKpiEvents = requestBasicOptionsSchema.extend({ + timerange, + factoryQueryType: z.literal(NetworkKpiQueries.networkEvents), +}); + +export type NetworkKpiEventsRequestOptionsInput = z.input; + +export type NetworkKpiEventsRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/network/kpi/index.ts b/x-pack/plugins/security_solution/common/api/search_strategy/network/kpi/index.ts new file mode 100644 index 0000000000000..2fce614035fd6 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/network/kpi/index.ts @@ -0,0 +1,16 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export * from './dns'; + +export * from './events'; + +export * from './tls_handshakes'; + +export * from './unique_flows'; + +export * from './unique_private_ips'; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/network/kpi/tls_handshakes.ts b/x-pack/plugins/security_solution/common/api/search_strategy/network/kpi/tls_handshakes.ts new file mode 100644 index 0000000000000..6847824032390 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/network/kpi/tls_handshakes.ts @@ -0,0 +1,21 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { NetworkKpiQueries } from '../../model/factory_query_type'; + +import { requestBasicOptionsSchema } from '../../model/request_basic_options'; +import { timerange } from '../../model/timerange'; + +export const networkKpiTlsHandshakes = requestBasicOptionsSchema.extend({ + timerange, + factoryQueryType: z.literal(NetworkKpiQueries.tlsHandshakes), +}); + +export type NetworkKpiTlsHandshakesRequestOptionsInput = z.input; + +export type NetworkKpiTlsHandshakesRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/network/kpi/unique_flows.ts b/x-pack/plugins/security_solution/common/api/search_strategy/network/kpi/unique_flows.ts new file mode 100644 index 0000000000000..2ecc2f9d699de --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/network/kpi/unique_flows.ts @@ -0,0 +1,21 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { NetworkKpiQueries } from '../../model/factory_query_type'; + +import { requestBasicOptionsSchema } from '../../model/request_basic_options'; +import { timerange } from '../../model/timerange'; + +export const networkKpiUniqueFlows = requestBasicOptionsSchema.extend({ + timerange, + factoryQueryType: z.literal(NetworkKpiQueries.uniqueFlows), +}); + +export type NetworkKpiUniqueFlowsRequestOptionsInput = z.input; + +export type NetworkKpiUniqueFlowsRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/network/kpi/unique_private_ips.ts b/x-pack/plugins/security_solution/common/api/search_strategy/network/kpi/unique_private_ips.ts new file mode 100644 index 0000000000000..f870cd921c308 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/network/kpi/unique_private_ips.ts @@ -0,0 +1,23 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { NetworkKpiQueries } from '../../model/factory_query_type'; + +import { requestBasicOptionsSchema } from '../../model/request_basic_options'; +import { timerange } from '../../model/timerange'; + +export const networkKpiUniquePrivateIps = requestBasicOptionsSchema.extend({ + timerange, + factoryQueryType: z.literal(NetworkKpiQueries.uniquePrivateIps), +}); + +export type NetworkKpiUniquePrivateIpsRequestOptionsInput = z.input< + typeof networkKpiUniquePrivateIps +>; + +export type NetworkKpiUniquePrivateIpsRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/network/model/flow_target.ts b/x-pack/plugins/security_solution/common/api/search_strategy/network/model/flow_target.ts new file mode 100644 index 0000000000000..6064af231675b --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/network/model/flow_target.ts @@ -0,0 +1,15 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; + +export enum FlowTargetSourceDest { + destination = 'destination', + source = 'source', +} + +export const flowTarget = z.enum([FlowTargetSourceDest.destination, FlowTargetSourceDest.source]); diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/network/model/top_tables_fields.ts b/x-pack/plugins/security_solution/common/api/search_strategy/network/model/top_tables_fields.ts new file mode 100644 index 0000000000000..ce7951c7229ee --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/network/model/top_tables_fields.ts @@ -0,0 +1,24 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; + +export enum NetworkTopTablesFields { + bytes_in = 'bytes_in', + bytes_out = 'bytes_out', + flows = 'flows', + destination_ips = 'destination_ips', + source_ips = 'source_ips', +} + +export const topTablesFields = z.enum([ + NetworkTopTablesFields.bytes_in, + NetworkTopTablesFields.bytes_out, + NetworkTopTablesFields.flows, + NetworkTopTablesFields.destination_ips, + NetworkTopTablesFields.source_ips, +]); diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/network/network.ts b/x-pack/plugins/security_solution/common/api/search_strategy/network/network.ts new file mode 100644 index 0000000000000..82cb6f78e8875 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/network/network.ts @@ -0,0 +1,24 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export * from './details'; + +export * from './dns'; + +export * from './http'; + +export * from './kpi'; + +export * from './overview'; + +export * from './tls'; + +export * from './top_countries'; + +export * from './top_n_flow'; + +export * from './users'; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/network/overview.ts b/x-pack/plugins/security_solution/common/api/search_strategy/network/overview.ts new file mode 100644 index 0000000000000..275ac5fa8146e --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/network/overview.ts @@ -0,0 +1,21 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { NetworkQueries } from '../model/factory_query_type'; + +import { requestBasicOptionsSchema } from '../model/request_basic_options'; +import { timerange } from '../model/timerange'; + +export const networkOverviewSchema = requestBasicOptionsSchema.extend({ + timerange, + factoryQueryType: z.literal(NetworkQueries.overview), +}); + +export type NetworkOverviewRequestOptionsInput = z.input; + +export type NetworkOverviewRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/network/tls.ts b/x-pack/plugins/security_solution/common/api/search_strategy/network/tls.ts new file mode 100644 index 0000000000000..e1c0edcd5a3c7 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/network/tls.ts @@ -0,0 +1,29 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { NetworkQueries } from '../model/factory_query_type'; +import { requestOptionsPaginatedSchema } from '../model/request_paginated_options'; +import { sort } from '../model/sort'; +import { timerange } from '../model/timerange'; +import { flowTarget } from './model/flow_target'; + +export enum NetworkTlsFields { + _id = '_id', +} + +export const networkTlsSchema = requestOptionsPaginatedSchema.extend({ + ip: z.string().optional(), + flowTarget, + sort, + timerange, + factoryQueryType: z.literal(NetworkQueries.tls), +}); + +export type NetworkTlsRequestOptionsInput = z.input; + +export type NetworkTlsRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/network/top_countries.ts b/x-pack/plugins/security_solution/common/api/search_strategy/network/top_countries.ts new file mode 100644 index 0000000000000..2c8a5d6b60e93 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/network/top_countries.ts @@ -0,0 +1,27 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { NetworkQueries } from '../model/factory_query_type'; +import { filterQuery } from '../model/filter_query'; +import { requestOptionsPaginatedSchema } from '../model/request_paginated_options'; +import { sort } from '../model/sort'; +import { timerange } from '../model/timerange'; +import { flowTarget } from './model/flow_target'; + +export const networkTopCountriesSchema = requestOptionsPaginatedSchema.extend({ + ip: z.string().ip().optional(), + flowTarget, + sort, + filterQuery, + timerange, + factoryQueryType: z.literal(NetworkQueries.topCountries), +}); + +export type NetworkTopCountriesRequestOptionsInput = z.input; + +export type NetworkTopCountriesRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/network/top_n_flow.ts b/x-pack/plugins/security_solution/common/api/search_strategy/network/top_n_flow.ts new file mode 100644 index 0000000000000..afd5bba1bbc47 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/network/top_n_flow.ts @@ -0,0 +1,25 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { NetworkQueries } from '../model/factory_query_type'; +import { requestOptionsPaginatedSchema } from '../model/request_paginated_options'; +import { sort } from '../model/sort'; +import { timerange } from '../model/timerange'; +import { flowTarget } from './model/flow_target'; + +export const networkTopNFlowSchema = requestOptionsPaginatedSchema.extend({ + ip: z.string().ip().nullable().optional(), + flowTarget, + sort, + timerange, + factoryQueryType: z.literal(NetworkQueries.topNFlow), +}); + +export type NetworkTopNFlowRequestOptionsInput = z.input; + +export type NetworkTopNFlowRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/network/users.ts b/x-pack/plugins/security_solution/common/api/search_strategy/network/users.ts new file mode 100644 index 0000000000000..eed52071ceaca --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/network/users.ts @@ -0,0 +1,30 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { NetworkQueries } from '../model/factory_query_type'; +import { requestOptionsPaginatedSchema } from '../model/request_paginated_options'; +import { sort } from '../model/sort'; +import { timerange } from '../model/timerange'; +import { flowTarget } from './model/flow_target'; + +export enum NetworkUsersFields { + name = 'name', + count = 'count', +} + +export const networkUsersSchema = requestOptionsPaginatedSchema.extend({ + ip: z.string().ip(), + flowTarget, + sort, + timerange, + factoryQueryType: z.literal(NetworkQueries.users), +}); + +export type NetworkUsersRequestOptionsInput = z.input; + +export type NetworkUsersRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/related_entities/related_entities.ts b/x-pack/plugins/security_solution/common/api/search_strategy/related_entities/related_entities.ts new file mode 100644 index 0000000000000..75de66e7f40cb --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/related_entities/related_entities.ts @@ -0,0 +1,10 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export * from './related_hosts'; + +export * from './related_users'; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/related_entities/related_hosts.ts b/x-pack/plugins/security_solution/common/api/search_strategy/related_entities/related_hosts.ts new file mode 100644 index 0000000000000..0db0effe8e3b1 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/related_entities/related_hosts.ts @@ -0,0 +1,24 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { RelatedEntitiesQueries } from '../model/factory_query_type'; +import { inspect } from '../model/inspect'; +import { requestBasicOptionsSchema } from '../model/request_basic_options'; + +export const relatedHostsRequestOptionsSchema = requestBasicOptionsSchema.extend({ + userName: z.string(), + skip: z.boolean().optional(), + from: z.string(), + inspect, + isNewRiskScoreModuleAvailable: z.boolean().default(false), + factoryQueryType: z.literal(RelatedEntitiesQueries.relatedHosts), +}); + +export type RelatedHostsRequestOptionsInput = z.input; + +export type RelatedHostsRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/related_entities/related_users.ts b/x-pack/plugins/security_solution/common/api/search_strategy/related_entities/related_users.ts new file mode 100644 index 0000000000000..f1386591836ba --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/related_entities/related_users.ts @@ -0,0 +1,24 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { RelatedEntitiesQueries } from '../model/factory_query_type'; +import { inspect } from '../model/inspect'; +import { requestBasicOptionsSchema } from '../model/request_basic_options'; + +export const relatedUsersRequestOptionsSchema = requestBasicOptionsSchema.extend({ + hostName: z.string(), + skip: z.boolean().optional(), + from: z.string(), + inspect, + isNewRiskScoreModuleAvailable: z.boolean().default(false), + factoryQueryType: z.literal(RelatedEntitiesQueries.relatedUsers), +}); + +export type RelatedUsersRequestOptionsInput = z.input; + +export type RelatedUsersRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/risk_score/all.ts b/x-pack/plugins/security_solution/common/api/search_strategy/risk_score/all.ts new file mode 100644 index 0000000000000..fcd7bc8601490 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/risk_score/all.ts @@ -0,0 +1,69 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { RiskQueries } from '../model/factory_query_type'; +import { requestBasicOptionsSchema } from '../model/request_basic_options'; +import { sort } from '../model/sort'; +import { timerange } from '../model/timerange'; +import { riskScoreEntity } from './model/risk_score_entity'; + +export enum RiskScoreFields { + timestamp = '@timestamp', + hostName = 'host.name', + hostRiskScore = 'host.risk.calculated_score_norm', + hostRisk = 'host.risk.calculated_level', + userName = 'user.name', + userRiskScore = 'user.risk.calculated_score_norm', + userRisk = 'user.risk.calculated_level', + alertsCount = 'alertsCount', +} + +const baseRiskScoreRequestOptionsSchema = requestBasicOptionsSchema.extend({ + alertsTimerange: timerange.optional(), + riskScoreEntity, + includeAlertsCount: z.boolean().optional(), + onlyLatest: z.boolean().optional(), + pagination: z + .object({ + cursorStart: z.number(), + querySize: z.number(), + }) + .optional(), + sort: sort + .removeDefault() + .extend({ + field: z.enum([ + RiskScoreFields.timestamp, + RiskScoreFields.hostName, + RiskScoreFields.hostRiskScore, + RiskScoreFields.hostRisk, + RiskScoreFields.userName, + RiskScoreFields.userRiskScore, + RiskScoreFields.userRisk, + RiskScoreFields.alertsCount, + ]), + }) + .optional(), +}); + +export const hostsRiskScoreRequestOptionsSchema = baseRiskScoreRequestOptionsSchema.extend({ + factoryQueryType: z.literal(RiskQueries.hostsRiskScore), +}); + +export const usersRiskScoreRequestOptionsSchema = baseRiskScoreRequestOptionsSchema.extend({ + factoryQueryType: z.literal(RiskQueries.usersRiskScore), +}); + +export const riskScoreRequestOptionsSchema = z.union([ + hostsRiskScoreRequestOptionsSchema, + usersRiskScoreRequestOptionsSchema, +]); + +export type RiskScoreRequestOptionsInput = z.input; + +export type RiskScoreRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/risk_score/kpi.ts b/x-pack/plugins/security_solution/common/api/search_strategy/risk_score/kpi.ts new file mode 100644 index 0000000000000..062556f86c95f --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/risk_score/kpi.ts @@ -0,0 +1,20 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { RiskQueries } from '../model/factory_query_type'; +import { requestBasicOptionsSchema } from '../model/request_basic_options'; +import { riskScoreEntity } from './model/risk_score_entity'; + +export const riskScoreKpiRequestOptionsSchema = requestBasicOptionsSchema.extend({ + entity: riskScoreEntity, + factoryQueryType: z.literal(RiskQueries.kpiRiskScore), +}); + +export type RiskScoreKpiRequestOptionsInput = z.input; + +export type RiskScoreKpiRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/risk_score/model/risk_score_entity.ts b/x-pack/plugins/security_solution/common/api/search_strategy/risk_score/model/risk_score_entity.ts new file mode 100644 index 0000000000000..6c9e8682140f6 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/risk_score/model/risk_score_entity.ts @@ -0,0 +1,15 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; + +export enum RiskScoreEntity { + host = 'host', + user = 'user', +} + +export const riskScoreEntity = z.enum([RiskScoreEntity.host, RiskScoreEntity.user]); diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/risk_score/risk_score.ts b/x-pack/plugins/security_solution/common/api/search_strategy/risk_score/risk_score.ts new file mode 100644 index 0000000000000..05cd9bed8f979 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/risk_score/risk_score.ts @@ -0,0 +1,10 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export * from './all'; + +export * from './kpi'; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/users/all.ts b/x-pack/plugins/security_solution/common/api/search_strategy/users/all.ts new file mode 100644 index 0000000000000..433c0ca7259cc --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/users/all.ts @@ -0,0 +1,31 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { UsersQueries } from '../model/factory_query_type'; +import { requestOptionsPaginatedSchema } from '../model/request_paginated_options'; +import { sort } from '../model/sort'; +import { timerange } from '../model/timerange'; + +export enum UsersFields { + name = 'name', + domain = 'domain', + lastSeen = 'lastSeen', +} + +export const usersSchema = requestOptionsPaginatedSchema.extend({ + sort: sort.removeDefault().extend({ + field: z.enum([UsersFields.name, UsersFields.lastSeen]), + }), + timerange, + isNewRiskScoreModuleAvailable: z.boolean().default(false), + factoryQueryType: z.literal(UsersQueries.users), +}); + +export type UsersRequestOptionsInput = z.input; + +export type UsersRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/users/authentications.ts b/x-pack/plugins/security_solution/common/api/search_strategy/users/authentications.ts new file mode 100644 index 0000000000000..684dea6c83349 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/users/authentications.ts @@ -0,0 +1,27 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { UsersQueries } from '../model/factory_query_type'; + +import { requestOptionsPaginatedSchema } from '../model/request_paginated_options'; +import { timerange } from '../model/timerange'; + +export enum AuthStackByField { + userName = 'user.name', + hostName = 'host.name', +} + +export const userAuthenticationsSchema = requestOptionsPaginatedSchema.extend({ + stackByField: z.enum([AuthStackByField.userName, AuthStackByField.hostName]), + timerange, + factoryQueryType: z.literal(UsersQueries.authentications), +}); + +export type UserAuthenticationsRequestOptionsInput = z.input; + +export type UserAuthenticationsRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/users/kpi/authentications.ts b/x-pack/plugins/security_solution/common/api/search_strategy/users/kpi/authentications.ts new file mode 100644 index 0000000000000..42919d8c5111f --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/users/kpi/authentications.ts @@ -0,0 +1,21 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { UsersQueries } from '../../model/factory_query_type'; + +import { requestBasicOptionsSchema } from '../../model/request_basic_options'; +import { timerange } from '../../model/timerange'; + +export const authenticationsKpiSchema = requestBasicOptionsSchema.extend({ + timerange, + factoryQueryType: z.literal(UsersQueries.kpiAuthentications), +}); + +export type AuthenticationsKpiRequestOptionsInput = z.input; + +export type AuthenticationsKpiRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/users/kpi/total_users.ts b/x-pack/plugins/security_solution/common/api/search_strategy/users/kpi/total_users.ts new file mode 100644 index 0000000000000..3822845cc58ac --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/users/kpi/total_users.ts @@ -0,0 +1,21 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { UsersQueries } from '../../model/factory_query_type'; + +import { requestBasicOptionsSchema } from '../../model/request_basic_options'; +import { timerange } from '../../model/timerange'; + +export const totalUsersKpiSchema = requestBasicOptionsSchema.extend({ + timerange, + factoryQueryType: z.literal(UsersQueries.kpiTotalUsers), +}); + +export type TotalUsersKpiRequestOptionsInput = z.input; + +export type TotalUsersKpiRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/users/managed_details.ts b/x-pack/plugins/security_solution/common/api/search_strategy/users/managed_details.ts new file mode 100644 index 0000000000000..b4d7d3bcb2a4f --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/users/managed_details.ts @@ -0,0 +1,20 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { UsersQueries } from '../model/factory_query_type'; + +import { requestBasicOptionsSchema } from '../model/request_basic_options'; + +export const managedUserDetailsSchema = requestBasicOptionsSchema.extend({ + userName: z.string(), + factoryQueryType: z.literal(UsersQueries.managedDetails), +}); + +export type ManagedUserDetailsRequestOptionsInput = z.input; + +export type ManagedUserDetailsRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/users/observed_details.ts b/x-pack/plugins/security_solution/common/api/search_strategy/users/observed_details.ts new file mode 100644 index 0000000000000..df48317109856 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/users/observed_details.ts @@ -0,0 +1,25 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; + +import { requestBasicOptionsSchema } from '../model/request_basic_options'; +import { inspect } from '../model/inspect'; +import { timerange } from '../model/timerange'; +import { UsersQueries } from '../model/factory_query_type'; + +export const observedUserDetailsSchema = requestBasicOptionsSchema.extend({ + userName: z.string(), + skip: z.boolean().optional(), + timerange, + inspect, + factoryQueryType: z.literal(UsersQueries.observedDetails), +}); + +export type ObservedUserDetailsRequestOptionsInput = z.input; + +export type ObservedUserDetailsRequestOptions = z.infer; diff --git a/x-pack/plugins/security_solution/common/api/search_strategy/users/users.ts b/x-pack/plugins/security_solution/common/api/search_strategy/users/users.ts new file mode 100644 index 0000000000000..198af6ad7703f --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/search_strategy/users/users.ts @@ -0,0 +1,18 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export * from './observed_details'; + +export * from './managed_details'; + +export * from './kpi/total_users'; + +export * from './kpi/authentications'; + +export * from './all'; + +export * from './authentications'; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/cti/index.mock.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/cti/index.mock.ts index f047d201dfd14..4f6b8c78f86a0 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/cti/index.mock.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/cti/index.mock.ts @@ -6,13 +6,14 @@ */ import type { IEsSearchResponse } from '@kbn/data-plugin/public'; +import type { EventEnrichmentRequestOptions } from '../../../api/search_strategy'; -import type { CtiEnrichment, CtiEventEnrichmentRequestOptions } from '.'; +import type { CtiEnrichment } from '.'; import { CtiQueries } from '.'; export const buildEventEnrichmentRequestOptionsMock = ( - overrides: Partial = {} -): CtiEventEnrichmentRequestOptions => ({ + overrides: Partial = {} +): EventEnrichmentRequestOptions => ({ defaultIndex: ['filebeat-*'], eventFields: { 'file.hash.md5': '1eee2bf3f56d8abed72da2bc523e7431', diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/cti/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/cti/index.ts index f2fe3e3fee37d..fce4e7bdd661d 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/cti/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/cti/index.ts @@ -6,20 +6,11 @@ */ import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; -import type { IEsSearchResponse, IEsSearchRequest } from '@kbn/data-plugin/public'; -import type { FactoryQueryTypes } from '../..'; +import type { IEsSearchResponse } from '@kbn/data-plugin/public'; import { EVENT_ENRICHMENT_INDICATOR_FIELD_MAP } from '../../../cti/constants'; -import type { Inspect, Maybe, TimerangeInput } from '../../common'; -import type { RequestBasicOptions } from '..'; +import type { Inspect, Maybe } from '../../common'; -export enum CtiQueries { - eventEnrichment = 'eventEnrichment', - dataSource = 'dataSource', -} - -export interface CtiEventEnrichmentRequestOptions extends RequestBasicOptions { - eventFields: Record; -} +export { CtiQueries } from '../../../api/search_strategy'; export type CtiEnrichment = Record; export type EventFields = Record; @@ -44,12 +35,6 @@ export const validEventFields = Object.keys(EVENT_ENRICHMENT_INDICATOR_FIELD_MAP export const isValidEventField = (field: string): field is EventField => validEventFields.includes(field as EventField); -export interface CtiDataSourceRequestOptions extends IEsSearchRequest { - defaultIndex: string[]; - factoryQueryType?: FactoryQueryTypes; - timerange?: TimerangeInput; -} - export interface BucketItem { key: string; doc_count: number; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/first_last_seen/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/first_last_seen/index.ts index 3750345091ee1..d71dc2011eb5b 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/first_last_seen/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/first_last_seen/index.ts @@ -5,7 +5,7 @@ * 2.0. */ -export const FirstLastSeenQuery = 'firstlastseen'; +export { FirstLastSeenQuery } from '../../../api/search_strategy'; export type { FirstLastSeenRequestOptions, diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/all/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/all/index.ts index ea7daf750de4a..888aa7a11c7ee 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/all/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/all/index.ts @@ -7,9 +7,9 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; -import type { HostItem, HostsFields } from '../common'; +import type { HostsFields } from '../../../../api/search_strategy/hosts/model/sort'; +import type { HostItem } from '../common'; import type { CursorType, Direction, Inspect, Maybe, PageInfoPaginated } from '../../../common'; -import type { RequestOptionsPaginated } from '../..'; export interface HostsEdges { node: HostItem; @@ -23,11 +23,6 @@ export interface HostsStrategyResponse extends IEsSearchResponse { inspect?: Maybe; } -export interface HostsRequestOptions extends RequestOptionsPaginated { - defaultIndex: string[]; - isNewRiskScoreModuleAvailable: boolean; -} - export interface HostsSortField { field: HostsFields; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/common/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/common/index.ts index 5bd4238ff0fd7..b434ee20cfb03 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/common/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/common/index.ts @@ -17,11 +17,6 @@ export enum HostPolicyResponseActionStatus { unsupported = 'unsupported', } -export enum HostsFields { - lastSeen = 'lastSeen', - hostName = 'hostName', -} - export interface EndpointFields { /** A count of pending endpoint actions against the host */ pendingActions?: Maybe; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/details/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/details/index.ts index 4a1f6384214ca..52a4b2b531717 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/details/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/details/index.ts @@ -8,21 +8,15 @@ import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; import type { IEsSearchResponse } from '@kbn/data-plugin/common'; -import type { Inspect, Maybe, TimerangeInput } from '../../../common'; -import type { HostItem, HostsFields } from '../common'; -import type { RequestOptionsPaginated } from '../..'; +import type { Inspect, Maybe } from '../../../common'; +import type { HostItem } from '../common'; export interface HostDetailsStrategyResponse extends IEsSearchResponse { hostDetails: HostItem; inspect?: Maybe; } -export interface HostDetailsRequestOptions extends Partial> { - hostName: string; - skip?: boolean; - timerange: TimerangeInput; - inspect?: Maybe; -} +export type { HostDetailsRequestOptions } from '../../../../api/search_strategy'; export interface AggregationRequest { [aggField: string]: estypes.AggregationsAggregationContainer; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/index.ts index 52ec1aa5b76e8..3643f036ad563 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/index.ts @@ -5,6 +5,8 @@ * 2.0. */ +import { HostsFields } from '../../../api/search_strategy/hosts/model/sort'; + export * from './all'; export * from './common'; export * from './details'; @@ -12,9 +14,6 @@ export * from './kpi'; export * from './overview'; export * from './uncommon_processes'; -export enum HostsQueries { - details = 'hostDetails', - hosts = 'hosts', - overview = 'overviewHost', - uncommonProcesses = 'uncommonProcesses', -} +export { HostsQueries } from '../../../api/search_strategy'; + +export { HostsFields }; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/kpi/hosts/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/kpi/hosts/index.ts index 9f92e0b91fe99..313275ce3c944 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/kpi/hosts/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/kpi/hosts/index.ts @@ -7,11 +7,8 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { Inspect, Maybe } from '../../../../common'; -import type { RequestBasicOptions } from '../../..'; import type { HostsKpiHistogramData } from '../common'; -export type HostsKpiHostsRequestOptions = RequestBasicOptions; - export interface HostsKpiHostsStrategyResponse extends IEsSearchResponse { hosts: Maybe; hostsHistogram: Maybe; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/kpi/unique_ips/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/kpi/unique_ips/index.ts index beab78122e2a2..22cbad1ffd44a 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/kpi/unique_ips/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/kpi/unique_ips/index.ts @@ -7,11 +7,8 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { Inspect, Maybe } from '../../../../common'; -import type { RequestBasicOptions } from '../../..'; import type { HostsKpiHistogramData } from '../common'; -export type HostsKpiUniqueIpsRequestOptions = RequestBasicOptions; - export interface HostsKpiUniqueIpsStrategyResponse extends IEsSearchResponse { uniqueSourceIps: Maybe; uniqueSourceIpsHistogram: Maybe; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/overview/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/overview/index.ts index 87b348db6c304..9bd64e6ec1dda 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/overview/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/overview/index.ts @@ -7,9 +7,6 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { Inspect, Maybe, SearchHit } from '../../../common'; -import type { RequestBasicOptions } from '../..'; - -export type HostOverviewRequestOptions = RequestBasicOptions; export interface HostsOverviewStrategyResponse extends IEsSearchResponse { inspect?: Maybe; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/uncommon_processes/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/uncommon_processes/index.ts index 584cf223eb38b..568de6cd75bf4 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/uncommon_processes/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/uncommon_processes/index.ts @@ -9,8 +9,6 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { HostEcs, ProcessEcs, UserEcs } from '@kbn/securitysolution-ecs'; import type { - RequestOptionsPaginated, - SortField, CursorType, Inspect, Maybe, @@ -22,11 +20,6 @@ import type { CommonFields, } from '../../..'; -export interface HostsUncommonProcessesRequestOptions extends RequestOptionsPaginated { - sort: SortField; - defaultIndex: string[]; -} - export interface HostsUncommonProcessesStrategyResponse extends IEsSearchResponse { edges: HostsUncommonProcessesEdges[]; totalCount: number; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/index.ts index c9220132f9a54..c34006b2ab081 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/index.ts @@ -4,114 +4,129 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ -import type { IEsSearchRequest } from '@kbn/data-plugin/common'; -import type { ESQuery } from '../../typed_json'; + import type { HostDetailsStrategyResponse, - HostDetailsRequestOptions, HostsOverviewStrategyResponse, - HostOverviewRequestOptions, HostsQueries, - HostsRequestOptions, HostsStrategyResponse, HostsUncommonProcessesStrategyResponse, - HostsUncommonProcessesRequestOptions, HostsKpiQueries, HostsKpiHostsStrategyResponse, - HostsKpiHostsRequestOptions, HostsKpiUniqueIpsStrategyResponse, - HostsKpiUniqueIpsRequestOptions, } from './hosts'; import type { NetworkQueries, NetworkDetailsStrategyResponse, - NetworkDetailsRequestOptions, NetworkDnsStrategyResponse, - NetworkDnsRequestOptions, NetworkTlsStrategyResponse, - NetworkTlsRequestOptions, NetworkHttpStrategyResponse, - NetworkHttpRequestOptions, NetworkOverviewStrategyResponse, - NetworkOverviewRequestOptions, NetworkTopCountriesStrategyResponse, - NetworkTopCountriesRequestOptions, NetworkTopNFlowStrategyResponse, - NetworkTopNFlowRequestOptions, NetworkUsersStrategyResponse, - NetworkUsersRequestOptions, NetworkKpiQueries, NetworkKpiDnsStrategyResponse, - NetworkKpiDnsRequestOptions, NetworkKpiNetworkEventsStrategyResponse, - NetworkKpiNetworkEventsRequestOptions, NetworkKpiTlsHandshakesStrategyResponse, - NetworkKpiTlsHandshakesRequestOptions, NetworkKpiUniqueFlowsStrategyResponse, - NetworkKpiUniqueFlowsRequestOptions, NetworkKpiUniquePrivateIpsStrategyResponse, - NetworkKpiUniquePrivateIpsRequestOptions, } from './network'; +import type { MatrixHistogramQuery, MatrixHistogramStrategyResponse } from './matrix_histogram'; import type { - MatrixHistogramQuery, - MatrixHistogramRequestOptions, - MatrixHistogramStrategyResponse, -} from './matrix_histogram'; -import type { TimerangeInput, SortField, PaginationInputPaginated } from '../common'; -import type { - CtiEventEnrichmentRequestOptions, CtiEventEnrichmentStrategyResponse, CtiQueries, - CtiDataSourceRequestOptions, CtiDataSourceStrategyResponse, } from './cti'; import type { RiskQueries, KpiRiskScoreStrategyResponse, - KpiRiskScoreRequestOptions, HostsRiskScoreStrategyResponse, UsersRiskScoreStrategyResponse, - RiskScoreRequestOptions, } from './risk_score'; import type { UsersQueries } from './users'; -import type { - ObservedUserDetailsRequestOptions, - ObservedUserDetailsStrategyResponse, -} from './users/observed_details'; -import type { - TotalUsersKpiRequestOptions, - TotalUsersKpiStrategyResponse, -} from './users/kpi/total_users'; +import type { ObservedUserDetailsStrategyResponse } from './users/observed_details'; +import type { TotalUsersKpiStrategyResponse } from './users/kpi/total_users'; -import type { - UsersKpiAuthenticationsRequestOptions, - UsersKpiAuthenticationsStrategyResponse, -} from './users/kpi/authentications'; +import type { UsersKpiAuthenticationsStrategyResponse } from './users/kpi/authentications'; + +import type { UsersStrategyResponse } from './users/all'; +import type { UserAuthenticationsStrategyResponse } from './users/authentications'; +import type { FirstLastSeenQuery, FirstLastSeenStrategyResponse } from './first_last_seen'; +import type { ManagedUserDetailsStrategyResponse } from './users/managed_details'; +import type { RelatedEntitiesQueries } from './related_entities'; +import type { UsersRelatedHostsStrategyResponse } from './related_entities/related_hosts'; +import type { HostsRelatedUsersStrategyResponse } from './related_entities/related_users'; -import type { UsersRequestOptions, UsersStrategyResponse } from './users/all'; -import type { - UserAuthenticationsRequestOptions, - UserAuthenticationsStrategyResponse, -} from './users/authentications'; import type { - FirstLastSeenQuery, + AuthenticationsKpiRequestOptions, + AuthenticationsKpiRequestOptionsInput, + EventEnrichmentRequestOptions, + EventEnrichmentRequestOptionsInput, FirstLastSeenRequestOptions, - FirstLastSeenStrategyResponse, -} from './first_last_seen'; -import type { + FirstLastSeenRequestOptionsInput, + HostDetailsRequestOptions, + HostDetailsRequestOptionsInput, + HostOverviewRequestOptions, + HostOverviewRequestOptionsInput, + HostsRequestOptions, + HostsRequestOptionsInput, + HostUncommonProcessesRequestOptions, + HostUncommonProcessesRequestOptionsInput, + KpiHostsRequestOptions, + KpiHostsRequestOptionsInput, + KpiUniqueIpsRequestOptions, + KpiUniqueIpsRequestOptionsInput, ManagedUserDetailsRequestOptions, - ManagedUserDetailsStrategyResponse, -} from './users/managed_details'; -import type { RelatedEntitiesQueries } from './related_entities'; -import type { - UsersRelatedHostsRequestOptions, - UsersRelatedHostsStrategyResponse, -} from './related_entities/related_hosts'; -import type { - HostsRelatedUsersRequestOptions, - HostsRelatedUsersStrategyResponse, -} from './related_entities/related_users'; + ManagedUserDetailsRequestOptionsInput, + MatrixHistogramRequestOptions, + MatrixHistogramRequestOptionsInput, + NetworkDetailsRequestOptions, + NetworkDetailsRequestOptionsInput, + NetworkDnsRequestOptions, + NetworkDnsRequestOptionsInput, + NetworkHttpRequestOptions, + NetworkHttpRequestOptionsInput, + NetworkKpiDnsRequestOptions, + NetworkKpiDnsRequestOptionsInput, + NetworkKpiEventsRequestOptions, + NetworkKpiEventsRequestOptionsInput, + NetworkKpiTlsHandshakesRequestOptions, + NetworkKpiTlsHandshakesRequestOptionsInput, + NetworkKpiUniqueFlowsRequestOptions, + NetworkKpiUniqueFlowsRequestOptionsInput, + NetworkKpiUniquePrivateIpsRequestOptions, + NetworkKpiUniquePrivateIpsRequestOptionsInput, + NetworkOverviewRequestOptions, + NetworkOverviewRequestOptionsInput, + NetworkTlsRequestOptions, + NetworkTlsRequestOptionsInput, + NetworkTopCountriesRequestOptions, + NetworkTopCountriesRequestOptionsInput, + NetworkTopNFlowRequestOptions, + NetworkTopNFlowRequestOptionsInput, + NetworkUsersRequestOptions, + NetworkUsersRequestOptionsInput, + ObservedUserDetailsRequestOptions, + ObservedUserDetailsRequestOptionsInput, + RelatedHostsRequestOptions, + RelatedHostsRequestOptionsInput, + RelatedUsersRequestOptions, + RelatedUsersRequestOptionsInput, + RiskScoreKpiRequestOptions, + RiskScoreKpiRequestOptionsInput, + RiskScoreRequestOptions, + RiskScoreRequestOptionsInput, + ThreatIntelSourceRequestOptions, + ThreatIntelSourceRequestOptionsInput, + TotalUsersKpiRequestOptions, + TotalUsersKpiRequestOptionsInput, + UserAuthenticationsRequestOptions, + UserAuthenticationsRequestOptionsInput, + UsersRequestOptions, + UsersRequestOptionsInput, +} from '../../api/search_strategy'; export * from './cti'; export * from './hosts'; @@ -134,20 +149,6 @@ export type FactoryQueryTypes = | typeof FirstLastSeenQuery | RelatedEntitiesQueries; -export interface RequestBasicOptions extends IEsSearchRequest { - timerange: TimerangeInput; - filterQuery: ESQuery | string | undefined; - defaultIndex: string[]; - factoryQueryType?: FactoryQueryTypes; -} - -/** A mapping of semantic fields to their document counterparts */ - -export interface RequestOptionsPaginated extends RequestBasicOptions { - pagination: PaginationInputPaginated; - sort: SortField; -} - export type StrategyResponseType = T extends HostsQueries.hosts ? HostsStrategyResponse : T extends HostsQueries.details @@ -218,6 +219,76 @@ export type StrategyResponseType = T extends HostsQ ? UsersRelatedHostsStrategyResponse : never; +export type StrategyRequestInputType = T extends HostsQueries.hosts + ? HostsRequestOptionsInput + : T extends HostsQueries.details + ? HostDetailsRequestOptionsInput + : T extends HostsQueries.overview + ? HostOverviewRequestOptionsInput + : T extends typeof FirstLastSeenQuery + ? FirstLastSeenRequestOptionsInput + : T extends HostsQueries.uncommonProcesses + ? HostUncommonProcessesRequestOptionsInput + : T extends HostsKpiQueries.kpiHosts + ? KpiHostsRequestOptionsInput + : T extends HostsKpiQueries.kpiUniqueIps + ? KpiUniqueIpsRequestOptionsInput + : T extends UsersQueries.authentications + ? UserAuthenticationsRequestOptionsInput + : T extends UsersQueries.observedDetails + ? ObservedUserDetailsRequestOptionsInput + : T extends UsersQueries.managedDetails + ? ManagedUserDetailsRequestOptionsInput + : T extends UsersQueries.kpiTotalUsers + ? TotalUsersKpiRequestOptionsInput + : T extends UsersQueries.users + ? UsersRequestOptionsInput + : T extends UsersQueries.kpiAuthentications + ? AuthenticationsKpiRequestOptionsInput + : T extends NetworkQueries.details + ? NetworkDetailsRequestOptionsInput + : T extends NetworkQueries.dns + ? NetworkDnsRequestOptionsInput + : T extends NetworkQueries.http + ? NetworkHttpRequestOptionsInput + : T extends NetworkQueries.overview + ? NetworkOverviewRequestOptionsInput + : T extends NetworkQueries.tls + ? NetworkTlsRequestOptionsInput + : T extends NetworkQueries.topCountries + ? NetworkTopCountriesRequestOptionsInput + : T extends NetworkQueries.topNFlow + ? NetworkTopNFlowRequestOptionsInput + : T extends NetworkQueries.users + ? NetworkUsersRequestOptionsInput + : T extends NetworkKpiQueries.dns + ? NetworkKpiDnsRequestOptionsInput + : T extends NetworkKpiQueries.networkEvents + ? NetworkKpiEventsRequestOptionsInput + : T extends NetworkKpiQueries.tlsHandshakes + ? NetworkKpiTlsHandshakesRequestOptionsInput + : T extends NetworkKpiQueries.uniqueFlows + ? NetworkKpiUniqueFlowsRequestOptionsInput + : T extends NetworkKpiQueries.uniquePrivateIps + ? NetworkKpiUniquePrivateIpsRequestOptionsInput + : T extends typeof MatrixHistogramQuery + ? MatrixHistogramRequestOptionsInput + : T extends CtiQueries.eventEnrichment + ? EventEnrichmentRequestOptionsInput + : T extends CtiQueries.dataSource + ? ThreatIntelSourceRequestOptionsInput + : T extends RiskQueries.hostsRiskScore + ? RiskScoreRequestOptionsInput + : T extends RiskQueries.usersRiskScore + ? RiskScoreRequestOptionsInput + : T extends RiskQueries.kpiRiskScore + ? RiskScoreKpiRequestOptionsInput + : T extends RelatedEntitiesQueries.relatedHosts + ? RelatedHostsRequestOptionsInput + : T extends RelatedEntitiesQueries.relatedUsers + ? RelatedUsersRequestOptionsInput + : never; + export type StrategyRequestType = T extends HostsQueries.hosts ? HostsRequestOptions : T extends HostsQueries.details @@ -227,11 +298,11 @@ export type StrategyRequestType = T extends HostsQu : T extends typeof FirstLastSeenQuery ? FirstLastSeenRequestOptions : T extends HostsQueries.uncommonProcesses - ? HostsUncommonProcessesRequestOptions + ? HostUncommonProcessesRequestOptions : T extends HostsKpiQueries.kpiHosts - ? HostsKpiHostsRequestOptions + ? KpiHostsRequestOptions : T extends HostsKpiQueries.kpiUniqueIps - ? HostsKpiUniqueIpsRequestOptions + ? KpiUniqueIpsRequestOptions : T extends UsersQueries.authentications ? UserAuthenticationsRequestOptions : T extends UsersQueries.observedDetails @@ -243,7 +314,7 @@ export type StrategyRequestType = T extends HostsQu : T extends UsersQueries.users ? UsersRequestOptions : T extends UsersQueries.kpiAuthentications - ? UsersKpiAuthenticationsRequestOptions + ? AuthenticationsKpiRequestOptions : T extends NetworkQueries.details ? NetworkDetailsRequestOptions : T extends NetworkQueries.dns @@ -263,7 +334,7 @@ export type StrategyRequestType = T extends HostsQu : T extends NetworkKpiQueries.dns ? NetworkKpiDnsRequestOptions : T extends NetworkKpiQueries.networkEvents - ? NetworkKpiNetworkEventsRequestOptions + ? NetworkKpiEventsRequestOptions : T extends NetworkKpiQueries.tlsHandshakes ? NetworkKpiTlsHandshakesRequestOptions : T extends NetworkKpiQueries.uniqueFlows @@ -273,19 +344,19 @@ export type StrategyRequestType = T extends HostsQu : T extends typeof MatrixHistogramQuery ? MatrixHistogramRequestOptions : T extends CtiQueries.eventEnrichment - ? CtiEventEnrichmentRequestOptions + ? EventEnrichmentRequestOptions : T extends CtiQueries.dataSource - ? CtiDataSourceRequestOptions + ? ThreatIntelSourceRequestOptions : T extends RiskQueries.hostsRiskScore ? RiskScoreRequestOptions : T extends RiskQueries.usersRiskScore ? RiskScoreRequestOptions : T extends RiskQueries.kpiRiskScore - ? KpiRiskScoreRequestOptions + ? RiskScoreKpiRequestOptions : T extends RelatedEntitiesQueries.relatedHosts - ? UsersRelatedHostsRequestOptions + ? RelatedHostsRequestOptions : T extends RelatedEntitiesQueries.relatedUsers - ? HostsRelatedUsersRequestOptions + ? RelatedUsersRequestOptions : never; export interface CommonFields { diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/matrix_histogram/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/matrix_histogram/index.ts index 882cbd1717f83..7677b4b5b8824 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/matrix_histogram/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/matrix_histogram/index.ts @@ -5,10 +5,9 @@ * 2.0. */ -import type { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; import type { IEsSearchResponse } from '@kbn/data-plugin/common'; -import type { Inspect, Maybe, TimerangeInput } from '../../common'; -import type { RequestBasicOptions } from '..'; +import type { MatrixHistogramRequestOptions } from '../../../api/search_strategy/matrix_histogram/matrix_histogram'; +import type { Inspect, Maybe } from '../../common'; import type { AlertsGroupData } from './alerts'; import type { AnomaliesActionGroupData } from './anomalies'; import type { DnsHistogramGroupData } from './dns'; @@ -24,7 +23,7 @@ export * from './dns'; export * from './events'; export * from './preview'; -export const MatrixHistogramQuery = 'matrixHistogram'; +export { MatrixHistogramQuery } from '../../../api/search_strategy'; export enum MatrixHistogramType { authentications = 'authentications', @@ -44,26 +43,6 @@ export const MatrixHistogramTypeToAggName = { [MatrixHistogramType.preview]: 'aggregations.preview.buckets', }; -export interface MatrixHistogramRequestOptions extends RequestBasicOptions { - timerange: TimerangeInput; - histogramType: MatrixHistogramType; - stackByField: string; - threshold?: - | { - field: string[]; - value: string; - cardinality?: { - field: string[]; - value: string; - }; - } - | undefined; - inspect?: Maybe; - isPtrIncluded?: boolean; - includeMissingData?: boolean; - runtimeMappings?: MappingRuntimeFields; -} - export interface MatrixHistogramStrategyResponse extends IEsSearchResponse { inspect?: Maybe; matrixHistogramData: MatrixHistogramData[]; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/details/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/details/index.ts index da3b7cf9cbac3..e6f6b8fc12acd 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/details/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/details/index.ts @@ -8,11 +8,6 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { HostEcs, GeoEcs } from '@kbn/securitysolution-ecs'; import type { Inspect, Maybe, TotalValue, Hit, ShardsResponse } from '../../../common'; -import type { RequestBasicOptions } from '../..'; - -export interface NetworkDetailsRequestOptions extends Omit { - ip: string; -} export interface NetworkDetailsStrategyResponse extends IEsSearchResponse { networkDetails: { diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/dns/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/dns/index.ts index cb0fa20deb36d..e36dca6658772 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/dns/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/dns/index.ts @@ -6,8 +6,7 @@ */ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; -import type { CursorType, Inspect, Maybe, PageInfoPaginated, SortField } from '../../../common'; -import type { RequestOptionsPaginated } from '../..'; +import type { CursorType, Inspect, Maybe, PageInfoPaginated } from '../../../common'; export enum NetworkDnsFields { dnsName = 'dnsName', @@ -17,12 +16,6 @@ export enum NetworkDnsFields { dnsBytesOut = 'dnsBytesOut', } -export interface NetworkDnsRequestOptions extends RequestOptionsPaginated { - isPtrIncluded: boolean; - sort: SortField; - stackByField?: Maybe; -} - export interface NetworkDnsStrategyResponse extends IEsSearchResponse { edges: NetworkDnsEdges[]; totalCount: number; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/http/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/http/index.ts index e523b4a1f45c4..a2a62ec7bee49 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/http/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/http/index.ts @@ -13,7 +13,6 @@ import type { PageInfoPaginated, GenericBuckets, } from '../../../common'; -import type { RequestOptionsPaginated } from '../..'; export enum NetworkHttpFields { domains = 'domains', @@ -25,11 +24,6 @@ export enum NetworkHttpFields { statuses = 'statuses', } -export interface NetworkHttpRequestOptions extends RequestOptionsPaginated { - ip?: string; - defaultIndex: string[]; -} - export interface NetworkHttpStrategyResponse extends IEsSearchResponse { edges: NetworkHttpEdges[]; totalCount: number; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/index.ts index 24c6484f94e71..469bd0eaf38bd 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/index.ts @@ -16,13 +16,4 @@ export * from './top_countries'; export * from './top_n_flow'; export * from './users'; -export enum NetworkQueries { - details = 'networkDetails', - dns = 'dns', - http = 'http', - overview = 'overviewNetwork', - tls = 'tls', - topCountries = 'topCountries', - topNFlow = 'topNFlow', - users = 'users', -} +export { NetworkQueries } from '../../../api/search_strategy'; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/kpi/dns/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/kpi/dns/index.ts index 3c068014221be..3f006530aab19 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/kpi/dns/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/kpi/dns/index.ts @@ -7,9 +7,6 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { Inspect, Maybe } from '../../../../common'; -import type { RequestBasicOptions } from '../../..'; - -export type NetworkKpiDnsRequestOptions = RequestBasicOptions; export interface NetworkKpiDnsStrategyResponse extends IEsSearchResponse { dnsQueries: number; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/kpi/network_events/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/kpi/network_events/index.ts index aa237a6b9e74e..781fd8ddfd90a 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/kpi/network_events/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/kpi/network_events/index.ts @@ -7,9 +7,6 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { Inspect, Maybe } from '../../../../common'; -import type { RequestBasicOptions } from '../../..'; - -export type NetworkKpiNetworkEventsRequestOptions = RequestBasicOptions; export interface NetworkKpiNetworkEventsStrategyResponse extends IEsSearchResponse { networkEvents: number; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/kpi/tls_handshakes/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/kpi/tls_handshakes/index.ts index 9c50f565806a9..c2219c6ec8233 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/kpi/tls_handshakes/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/kpi/tls_handshakes/index.ts @@ -7,9 +7,6 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { Inspect, Maybe } from '../../../../common'; -import type { RequestBasicOptions } from '../../..'; - -export type NetworkKpiTlsHandshakesRequestOptions = RequestBasicOptions; export interface NetworkKpiTlsHandshakesStrategyResponse extends IEsSearchResponse { tlsHandshakes: number; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/kpi/unique_flows/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/kpi/unique_flows/index.ts index 339463323f72b..eba5f19ddc246 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/kpi/unique_flows/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/kpi/unique_flows/index.ts @@ -7,9 +7,6 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { Inspect, Maybe } from '../../../../common'; -import type { RequestBasicOptions } from '../../..'; - -export type NetworkKpiUniqueFlowsRequestOptions = RequestBasicOptions; export interface NetworkKpiUniqueFlowsStrategyResponse extends IEsSearchResponse { uniqueFlowId: number; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/kpi/unique_private_ips/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/kpi/unique_private_ips/index.ts index 7df7050821526..d002452702332 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/kpi/unique_private_ips/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/kpi/unique_private_ips/index.ts @@ -7,15 +7,12 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { Inspect, Maybe } from '../../../../common'; -import type { RequestBasicOptions } from '../../..'; export interface NetworkKpiHistogramData { x?: Maybe; y?: Maybe; } -export type NetworkKpiUniquePrivateIpsRequestOptions = RequestBasicOptions; - export interface NetworkKpiUniquePrivateIpsStrategyResponse extends IEsSearchResponse { uniqueSourcePrivateIps: number; uniqueSourcePrivateIpsHistogram: NetworkKpiHistogramData[] | null; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/overview/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/overview/index.ts index 9548cf0f890c5..871bf38be855b 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/overview/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/overview/index.ts @@ -7,9 +7,6 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { Inspect, Maybe, SearchHit } from '../../../common'; -import type { RequestBasicOptions } from '../..'; - -export type NetworkOverviewRequestOptions = RequestBasicOptions; export interface NetworkOverviewStrategyResponse extends IEsSearchResponse { inspect?: Maybe; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/tls/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/tls/index.ts index 7c854f6f29fa2..48ca7a133af1d 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/tls/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/tls/index.ts @@ -7,8 +7,6 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { CursorType, Inspect, Maybe, PageInfoPaginated } from '../../../common'; -import type { RequestOptionsPaginated } from '../..'; -import type { FlowTargetSourceDest } from '../common'; export interface NetworkTlsBuckets { key: string; @@ -48,12 +46,6 @@ export interface NetworkTlsEdges { cursor: CursorType; } -export interface NetworkTlsRequestOptions extends RequestOptionsPaginated { - ip: string; - flowTarget: FlowTargetSourceDest; - defaultIndex: string[]; -} - export interface NetworkTlsStrategyResponse extends IEsSearchResponse { edges: NetworkTlsEdges[]; totalCount: number; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/top_countries/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/top_countries/index.ts index 47989aa6ba49a..31aed363f3275 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/top_countries/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/top_countries/index.ts @@ -7,13 +7,7 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { CursorType, Inspect, Maybe, PageInfoPaginated } from '../../../common'; -import type { RequestOptionsPaginated } from '../..'; -import type { - GeoItem, - FlowTargetSourceDest, - NetworkTopTablesFields, - TopNetworkTablesEcsField, -} from '../common'; +import type { GeoItem, TopNetworkTablesEcsField } from '../common'; export interface TopCountriesItemSource { country?: Maybe; @@ -23,12 +17,6 @@ export interface TopCountriesItemSource { source_ips?: Maybe; } -export interface NetworkTopCountriesRequestOptions - extends RequestOptionsPaginated { - flowTarget: FlowTargetSourceDest; - ip?: string; -} - export interface NetworkTopCountriesStrategyResponse extends IEsSearchResponse { edges: NetworkTopCountriesEdges[]; totalCount: number; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/top_n_flow/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/top_n_flow/index.ts index 310476a470d30..0633dbc756828 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/top_n_flow/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/top_n_flow/index.ts @@ -6,12 +6,7 @@ */ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; -import type { - GeoItem, - FlowTargetSourceDest, - TopNetworkTablesEcsField, - NetworkTopTablesFields, -} from '../common'; +import type { GeoItem, TopNetworkTablesEcsField } from '../common'; import type { CursorType, Inspect, @@ -20,13 +15,6 @@ import type { TotalValue, GenericBuckets, } from '../../../common'; -import type { RequestOptionsPaginated } from '../..'; - -export interface NetworkTopNFlowRequestOptions - extends RequestOptionsPaginated { - flowTarget: FlowTargetSourceDest; - ip?: Maybe; -} export interface NetworkTopNFlowStrategyResponse extends IEsSearchResponse { edges: NetworkTopNFlowEdges[]; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/users/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/users/index.ts index 49720c298338e..2ee9fd244e4bf 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/users/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/users/index.ts @@ -6,21 +6,13 @@ */ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; -import type { CursorType, Inspect, Maybe, PageInfoPaginated, SortField } from '../../../common'; -import type { FlowTargetSourceDest } from '../common'; -import type { RequestOptionsPaginated } from '../..'; +import type { CursorType, Inspect, Maybe, PageInfoPaginated } from '../../../common'; export enum NetworkUsersFields { name = 'name', count = 'count', } -export interface NetworkUsersRequestOptions extends RequestOptionsPaginated { - ip: string; - sort: SortField; - flowTarget: FlowTargetSourceDest; -} - export interface NetworkUsersStrategyResponse extends IEsSearchResponse { edges: NetworkUsersEdges[]; totalCount: number; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/related_entities/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/related_entities/index.ts index d4f4507c1d577..06b2de80a0a0c 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/related_entities/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/related_entities/index.ts @@ -8,7 +8,4 @@ export * from './related_hosts'; export * from './related_users'; -export enum RelatedEntitiesQueries { - relatedHosts = 'relatedHosts', - relatedUsers = 'relatedUsers', -} +export { RelatedEntitiesQueries } from '../../../api/search_strategy'; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/related_entities/related_hosts/index.tsx b/x-pack/plugins/security_solution/common/search_strategy/security_solution/related_entities/related_hosts/index.tsx index 34cc6349dad1d..0ed809655e6d1 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/related_entities/related_hosts/index.tsx +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/related_entities/related_hosts/index.tsx @@ -7,7 +7,6 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { RiskSeverity, Inspect, Maybe } from '../../..'; -import type { RequestBasicOptions } from '../..'; import type { BucketItem } from '../../cti'; export interface RelatedHost { @@ -33,11 +32,3 @@ export interface UsersRelatedHostsStrategyResponse extends IEsSearchResponse { relatedHosts: RelatedHost[]; inspect?: Maybe; } - -export interface UsersRelatedHostsRequestOptions extends Partial { - userName: string; - skip?: boolean; - from: string; - inspect?: Maybe; - isNewRiskScoreModuleAvailable: boolean; -} diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/related_entities/related_users/index.tsx b/x-pack/plugins/security_solution/common/search_strategy/security_solution/related_entities/related_users/index.tsx index da1708a2d7d8e..c5508dad58c4a 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/related_entities/related_users/index.tsx +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/related_entities/related_users/index.tsx @@ -7,7 +7,6 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { RiskSeverity, Inspect, Maybe } from '../../..'; -import type { RequestBasicOptions } from '../..'; import type { BucketItem } from '../../cti'; export interface RelatedUser { @@ -33,11 +32,3 @@ export interface HostsRelatedUsersStrategyResponse extends IEsSearchResponse { relatedUsers: RelatedUser[]; inspect?: Maybe; } - -export interface HostsRelatedUsersRequestOptions extends Partial { - hostName: string; - skip?: boolean; - from: string; - inspect?: Maybe; - isNewRiskScoreModuleAvailable: boolean; -} diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/all/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/all/index.ts index cd15bc763a391..28058b29eaada 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/all/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/all/index.ts @@ -5,28 +5,11 @@ * 2.0. */ -import type { IEsSearchRequest, IEsSearchResponse } from '@kbn/data-plugin/common'; -import type { ESQuery } from '../../../../typed_json'; +import type { IEsSearchResponse } from '@kbn/data-plugin/common'; -import type { Inspect, Maybe, SortField, TimerangeInput } from '../../../common'; -import type { RiskScoreEntity } from '../common'; +import type { Inspect, Maybe, SortField } from '../../../common'; import type { RiskInputs } from '../../../../risk_engine'; -export interface RiskScoreRequestOptions extends IEsSearchRequest { - defaultIndex: string[]; - riskScoreEntity: RiskScoreEntity; - timerange?: TimerangeInput; - alertsTimerange?: TimerangeInput; - includeAlertsCount?: boolean; - onlyLatest?: boolean; - pagination?: { - cursorStart: number; - querySize: number; - }; - sort?: RiskScoreSortField; - filterQuery?: ESQuery | string | undefined; -} - export interface HostsRiskScoreStrategyResponse extends IEsSearchResponse { inspect?: Maybe; totalCount: number; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/common/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/common/index.ts index 0cfef914b3638..1353ec7dd14bd 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/common/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/common/index.ts @@ -8,6 +8,7 @@ import type { ESQuery } from '../../../../typed_json'; import { RISKY_HOSTS_INDEX_PREFIX, RISKY_USERS_INDEX_PREFIX } from '../../../../constants'; import { RiskScoreEntity, getRiskScoreLatestIndex } from '../../../../risk_engine'; +export { RiskQueries } from '../../../../api/search_strategy'; /** * Make sure this aligns with the index in step 6, 9 in @@ -50,10 +51,4 @@ export const buildEntityNameFilter = ( : { terms: { 'user.name': entityNames } }; }; -export enum RiskQueries { - hostsRiskScore = 'hostsRiskScore', - usersRiskScore = 'usersRiskScore', - kpiRiskScore = 'kpiRiskScore', -} - export { RiskScoreEntity }; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/kpi/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/kpi/index.ts index 4d95846a4f740..25b5068700a41 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/kpi/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/kpi/index.ts @@ -5,19 +5,11 @@ * 2.0. */ -import type { IEsSearchRequest, IEsSearchResponse } from '@kbn/data-plugin/common'; -import type { FactoryQueryTypes, RiskScoreEntity, RiskSeverity } from '../..'; -import type { ESQuery } from '../../../../typed_json'; +import type { IEsSearchResponse } from '@kbn/data-plugin/common'; +import type { RiskSeverity } from '../..'; import type { Inspect, Maybe } from '../../../common'; -export interface KpiRiskScoreRequestOptions extends IEsSearchRequest { - defaultIndex: string[]; - factoryQueryType?: FactoryQueryTypes; - filterQuery?: ESQuery | string | undefined; - entity: RiskScoreEntity; -} - export interface KpiRiskScoreStrategyResponse extends IEsSearchResponse { inspect?: Maybe; kpiRiskScore: { diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/all/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/all/index.ts index 1ab46c75fa67b..264244962f46c 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/all/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/all/index.ts @@ -6,10 +6,7 @@ */ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; - import type { Inspect, Maybe, PageInfoPaginated } from '../../../common'; -import type { RequestOptionsPaginated } from '../..'; -import type { SortableUsersFields } from '../common'; import type { RiskSeverity } from '../../risk_score'; export interface User { @@ -25,8 +22,3 @@ export interface UsersStrategyResponse extends IEsSearchResponse { pageInfo: PageInfoPaginated; inspect?: Maybe; } - -export interface UsersRequestOptions extends RequestOptionsPaginated { - defaultIndex: string[]; - isNewRiskScoreModuleAvailable: boolean; -} diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/authentications/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/authentications/index.ts index 92d54ca56ba64..96d804d8e440a 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/authentications/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/authentications/index.ts @@ -17,7 +17,7 @@ import type { Hit, TotalHit, } from '../../../common'; -import type { CommonFields, RequestOptionsPaginated } from '../..'; +import type { CommonFields } from '../..'; export interface UserAuthenticationsStrategyResponse extends IEsSearchResponse { edges: AuthenticationsEdges[]; @@ -26,11 +26,6 @@ export interface UserAuthenticationsStrategyResponse extends IEsSearchResponse { inspect?: Maybe; } -export interface UserAuthenticationsRequestOptions extends RequestOptionsPaginated { - defaultIndex: string[]; - stackByField: AuthStackByField; -} - export enum AuthStackByField { userName = 'user.name', hostName = 'host.name', diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/index.ts index 9683b71babf7a..9989f2eb6d331 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/index.ts @@ -13,13 +13,6 @@ export * from './kpi'; export * from './observed_details'; export * from './authentications'; -export enum UsersQueries { - observedDetails = 'observedUserDetails', - managedDetails = 'managedUserDetails', - kpiTotalUsers = 'usersKpiTotalUsers', - users = 'allUsers', - authentications = 'authentications', - kpiAuthentications = 'usersKpiAuthentications', -} +export { UsersQueries } from '../../../api/search_strategy'; export type UsersKpiStrategyResponse = Omit; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/kpi/authentications/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/kpi/authentications/index.ts index 84090bb7ab49f..cd6fd18b86c87 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/kpi/authentications/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/kpi/authentications/index.ts @@ -7,9 +7,6 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { Inspect, KpiHistogramData, Maybe } from '../../../../common'; -import type { RequestBasicOptions } from '../../..'; - -export type UsersKpiAuthenticationsRequestOptions = RequestBasicOptions; export interface UsersKpiAuthenticationsStrategyResponse extends IEsSearchResponse { authenticationsSuccess: Maybe; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/kpi/total_users/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/kpi/total_users/index.ts index 5fffe4ebe40c7..690678c1d78d9 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/kpi/total_users/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/kpi/total_users/index.ts @@ -7,9 +7,6 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { Inspect, KpiHistogramData, Maybe } from '../../../../common'; -import type { RequestBasicOptions } from '../../..'; - -export type TotalUsersKpiRequestOptions = RequestBasicOptions; export interface TotalUsersKpiStrategyResponse extends IEsSearchResponse { users: Maybe; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/managed_details/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/managed_details/index.ts index 06fdac65bc155..ea23e10709838 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/managed_details/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/managed_details/index.ts @@ -5,22 +5,15 @@ * 2.0. */ -import type { IEsSearchRequest, IEsSearchResponse } from '@kbn/data-plugin/common'; +import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { EcsBase, EcsEvent, EcsHost, EcsUser, EcsAgent } from '@kbn/ecs'; import type { Inspect, Maybe } from '../../../common'; -import type { RequestBasicOptions } from '../..'; export interface ManagedUserDetailsStrategyResponse extends IEsSearchResponse { userDetails?: AzureManagedUser; inspect?: Maybe; } -export interface ManagedUserDetailsRequestOptions - extends Pick, - IEsSearchRequest { - userName: string; -} - export interface AzureManagedUser extends Pick { agent: EcsAgent; host: EcsHost; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/observed_details/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/observed_details/index.ts index a8c74932b0492..47aff3b0091fd 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/observed_details/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/observed_details/index.ts @@ -7,18 +7,10 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; -import type { Inspect, Maybe, TimerangeInput } from '../../../common'; +import type { Inspect, Maybe } from '../../../common'; import type { UserItem } from '../common'; -import type { RequestBasicOptions } from '../..'; export interface ObservedUserDetailsStrategyResponse extends IEsSearchResponse { userDetails: UserItem; inspect?: Maybe; } - -export interface ObservedUserDetailsRequestOptions extends Partial { - userName: string; - skip?: boolean; - timerange: TimerangeInput; - inspect?: Maybe; -} diff --git a/x-pack/plugins/security_solution/common/search_strategy/timeline/events/all/index.ts b/x-pack/plugins/security_solution/common/search_strategy/timeline/events/all/index.ts index e85679e6c5dd8..3fdf2cc22de6c 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/timeline/events/all/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/timeline/events/all/index.ts @@ -10,5 +10,4 @@ export type { TimelineItem, TimelineNonEcsData, TimelineEventsAllStrategyResponse, - TimelineEventsAllRequestOptions, } from '@kbn/timelines-plugin/common'; diff --git a/x-pack/plugins/security_solution/common/search_strategy/timeline/events/details/index.ts b/x-pack/plugins/security_solution/common/search_strategy/timeline/events/details/index.ts index b8994774a1887..3cb50c2869935 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/timeline/events/details/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/timeline/events/details/index.ts @@ -8,5 +8,4 @@ export type { TimelineEventsDetailsItem, TimelineEventsDetailsStrategyResponse, - TimelineEventsDetailsRequestOptions, } from '@kbn/timelines-plugin/common'; diff --git a/x-pack/plugins/security_solution/common/search_strategy/timeline/events/eql/index.ts b/x-pack/plugins/security_solution/common/search_strategy/timeline/events/eql/index.ts index 38ebb27e0416a..10f993b468189 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/timeline/events/eql/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/timeline/events/eql/index.ts @@ -6,7 +6,6 @@ */ export type { - TimelineEqlRequestOptions, TimelineEqlResponse, EqlOptionsData, EqlOptionsSelected, diff --git a/x-pack/plugins/security_solution/common/search_strategy/timeline/events/last_event_time/index.ts b/x-pack/plugins/security_solution/common/search_strategy/timeline/events/last_event_time/index.ts index 924fff0230a14..9b95e7606d954 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/timeline/events/last_event_time/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/timeline/events/last_event_time/index.ts @@ -10,7 +10,7 @@ export { LastEventIndexKey } from '@kbn/timelines-plugin/common'; export type { LastTimeDetails, TimelineEventsLastEventTimeStrategyResponse, - TimelineKpiStrategyRequest, + TimelineKpiRequestOptionsInput, TimelineKpiStrategyResponse, - TimelineEventsLastEventTimeRequestOptions, + TimelineEventsLastEventTimeRequestOptionsInput, } from '@kbn/timelines-plugin/common'; diff --git a/x-pack/plugins/security_solution/public/common/components/events_viewer/use_timelines_events.tsx b/x-pack/plugins/security_solution/public/common/components/events_viewer/use_timelines_events.tsx index 2b234879ccc50..691d0e95cb924 100644 --- a/x-pack/plugins/security_solution/public/common/components/events_viewer/use_timelines_events.tsx +++ b/x-pack/plugins/security_solution/public/common/components/events_viewer/use_timelines_events.tsx @@ -17,7 +17,8 @@ import type { Inspect, PaginationInputPaginated, TimelineEdges, - TimelineEventsAllRequestOptions, + TimelineEqlRequestOptionsInput, + TimelineEventsAllOptionsInput, TimelineEventsAllStrategyResponse, TimelineItem, } from '@kbn/timelines-plugin/common'; @@ -58,7 +59,7 @@ type TimelineEventsSearchHandler = (onNextResponse?: OnNextResponseHandler) => v type LoadPage = (newActivePage: number) => void; -type TimelineRequest = TimelineEventsAllRequestOptions; +type TimelineRequest = TimelineEventsAllOptionsInput | TimelineEqlRequestOptionsInput; type TimelineResponse = TimelineEventsAllStrategyResponse; @@ -161,11 +162,9 @@ export const useTimelineEventsHandler = ({ const searchSubscription$ = useRef(new Subscription()); const [loading, setLoading] = useState(true); const [activePage, setActivePage] = useState(0); - const [timelineRequest, setTimelineRequest] = useState | null>( - null - ); + const [timelineRequest, setTimelineRequest] = useState(null); const [prevFilterStatus, setFilterStatus] = useState(filterStatus); - const prevTimelineRequest = useRef | null>(null); + const prevTimelineRequest = useRef(null); const clearSignalsState = useCallback(() => { if (id != null && detectionsTimelineIds.some((timelineId) => timelineId === id)) { @@ -220,7 +219,7 @@ export const useTimelineEventsHandler = ({ }); const timelineSearch = useCallback( - (request: TimelineRequest | null, onNextHandler?: OnNextResponseHandler) => { + (request: TimelineRequest | null, onNextHandler?: OnNextResponseHandler) => { if (request == null || skip) { return; } @@ -233,7 +232,7 @@ export const useTimelineEventsHandler = ({ startTracking(); const abortSignal = abortCtrl.current.signal; searchSubscription$.current = data.search - .search, TimelineResponse>( + .search>( { ...request, entityType }, { strategy: @@ -296,12 +295,12 @@ export const useTimelineEventsHandler = ({ const prevSearchParameters = { defaultIndex: prevRequest?.defaultIndex ?? [], filterQuery: prevRequest?.filterQuery ?? '', - querySize: prevRequest?.pagination.querySize ?? 0, + querySize: prevRequest?.pagination?.querySize ?? 0, sort: prevRequest?.sort ?? initSortDefault, timerange: prevRequest?.timerange ?? {}, - runtimeMappings: (prevRequest?.runtimeMappings ?? {}) as RunTimeMappings, + runtimeMappings: (prevRequest?.runtimeMappings ?? {}) as unknown as RunTimeMappings, filterStatus: prevRequest?.filterStatus, - }; + } as const; const currentSearchParameters = { defaultIndex: indexNames, @@ -315,7 +314,7 @@ export const useTimelineEventsHandler = ({ to: endDate, }, filterStatus, - }; + } as const; const newActivePage = deepEqual(prevSearchParameters, currentSearchParameters) ? activePage @@ -333,7 +332,7 @@ export const useTimelineEventsHandler = ({ activePage: newActivePage, querySize: limit, }, - language, + language: language as TimelineRequest['language'], runtimeMappings, sort, timerange: { @@ -348,7 +347,7 @@ export const useTimelineEventsHandler = ({ setActivePage(newActivePage); } if (!deepEqual(prevRequest, currentRequest)) { - return currentRequest; + return currentRequest as TimelineRequest; } return prevRequest; }); diff --git a/x-pack/plugins/security_solution/public/common/components/matrix_histogram/types.ts b/x-pack/plugins/security_solution/public/common/components/matrix_histogram/types.ts index 49ac62cb572e4..6d5df295dbc41 100644 --- a/x-pack/plugins/security_solution/public/common/components/matrix_histogram/types.ts +++ b/x-pack/plugins/security_solution/public/common/components/matrix_histogram/types.ts @@ -8,8 +8,8 @@ import type React from 'react'; import type { EuiTitleSize } from '@elastic/eui'; import type { ScaleType, Position, TickFormatter } from '@elastic/charts'; -import type { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; import type { ActionCreator } from 'redux'; +import type { RunTimeMappings } from '@kbn/timelines-plugin/common/api/search_strategy'; import type { ESQuery } from '../../../../common/typed_json'; import type { InputsModelId } from '../../store/inputs/constants'; import type { MatrixHistogramType } from '../../../../common/search_strategy/security_solution'; @@ -83,7 +83,7 @@ export interface MatrixHistogramQueryProps { skip?: boolean; isPtrIncluded?: boolean; includeMissingData?: boolean; - runtimeMappings?: MappingRuntimeFields; + runtimeMappings?: RunTimeMappings; } export interface MatrixHistogramProps extends MatrixHistogramBasicProps { diff --git a/x-pack/plugins/security_solution/public/common/containers/cti/event_enrichment/api.ts b/x-pack/plugins/security_solution/public/common/containers/cti/event_enrichment/api.ts index 0d08b9a93a5c4..aac311cba167f 100644 --- a/x-pack/plugins/security_solution/public/common/containers/cti/event_enrichment/api.ts +++ b/x-pack/plugins/security_solution/public/common/containers/cti/event_enrichment/api.ts @@ -10,13 +10,11 @@ import { filter } from 'rxjs/operators'; import type { DataPublicPluginStart } from '@kbn/data-plugin/public'; import { isCompleteResponse } from '@kbn/data-plugin/common'; -import type { - CtiEventEnrichmentRequestOptions, - CtiEventEnrichmentStrategyResponse, -} from '../../../../../common/search_strategy/security_solution/cti'; +import type { EventEnrichmentRequestOptionsInput } from '../../../../../common/api/search_strategy'; +import type { CtiEventEnrichmentStrategyResponse } from '../../../../../common/search_strategy/security_solution/cti'; import { CtiQueries } from '../../../../../common/search_strategy/security_solution/cti'; -type GetEventEnrichmentProps = CtiEventEnrichmentRequestOptions & { +type GetEventEnrichmentProps = Omit & { data: DataPublicPluginStart; signal: AbortSignal; }; @@ -29,7 +27,7 @@ export const getEventEnrichment = ({ timerange, signal, }: GetEventEnrichmentProps): Observable => - data.search.search( + data.search.search( { defaultIndex, eventFields, diff --git a/x-pack/plugins/security_solution/public/common/containers/events/last_event_time/index.ts b/x-pack/plugins/security_solution/public/common/containers/events/last_event_time/index.ts index 8904ccd5ad8bb..471d43c928458 100644 --- a/x-pack/plugins/security_solution/public/common/containers/events/last_event_time/index.ts +++ b/x-pack/plugins/security_solution/public/common/containers/events/last_event_time/index.ts @@ -14,10 +14,10 @@ import { isCompleteResponse } from '@kbn/data-plugin/common'; import type { inputsModel } from '../../../store'; import { useKibana } from '../../../lib/kibana'; import type { - TimelineEventsLastEventTimeRequestOptions, TimelineEventsLastEventTimeStrategyResponse, LastTimeDetails, LastEventIndexKey, + TimelineEventsLastEventTimeRequestOptionsInput, } from '../../../../../common/search_strategy/timeline'; import { TimelineEventsQueries } from '../../../../../common/search_strategy/timeline'; import * as i18n from './translations'; @@ -46,7 +46,7 @@ export const useTimelineLastEventTime = ({ const searchSubscription$ = useRef(new Subscription()); const [loading, setLoading] = useState(false); const [TimelineLastEventTimeRequest, setTimelineLastEventTimeRequest] = - useState({ + useState({ defaultIndex: indexNames, factoryQueryType: TimelineEventsQueries.lastEventTime, indexKey, @@ -62,14 +62,14 @@ export const useTimelineLastEventTime = ({ const { addError } = useAppToasts(); const timelineLastEventTimeSearch = useCallback( - (request: TimelineEventsLastEventTimeRequestOptions) => { + (request: TimelineEventsLastEventTimeRequestOptionsInput) => { const asyncSearch = async () => { abortCtrl.current = new AbortController(); setLoading(true); searchSubscription$.current = data.search .search< - TimelineEventsLastEventTimeRequestOptions, + TimelineEventsLastEventTimeRequestOptionsInput, TimelineEventsLastEventTimeStrategyResponse >(request, { strategy: 'timelineSearchStrategy', diff --git a/x-pack/plugins/security_solution/public/common/containers/matrix_histogram/index.ts b/x-pack/plugins/security_solution/public/common/containers/matrix_histogram/index.ts index 137acc4f1c9e7..51128621da177 100644 --- a/x-pack/plugins/security_solution/public/common/containers/matrix_histogram/index.ts +++ b/x-pack/plugins/security_solution/public/common/containers/matrix_histogram/index.ts @@ -11,12 +11,12 @@ import { useCallback, useEffect, useMemo, useRef, useState } from 'react'; import { Subscription } from 'rxjs'; import { isCompleteResponse } from '@kbn/data-plugin/common'; +import type { MatrixHistogramRequestOptionsInput } from '../../../../common/api/search_strategy'; import type { MatrixHistogramQueryProps } from '../../components/matrix_histogram/types'; import type { inputsModel } from '../../store'; import { createFilter } from '../helpers'; import { useKibana } from '../../lib/kibana'; import type { - MatrixHistogramRequestOptions, MatrixHistogramStrategyResponse, MatrixHistogramData, } from '../../../../common/search_strategy/security_solution'; @@ -76,7 +76,7 @@ export const useMatrixHistogram = ({ const { startTracking } = useTrackHttpRequest(); const [matrixHistogramRequest, setMatrixHistogramRequest] = - useState({ + useState({ defaultIndex: indexNames, factoryQueryType: MatrixHistogramQuery, filterQuery: createFilter(filterQuery), @@ -106,7 +106,7 @@ export const useMatrixHistogram = ({ }); const search = useCallback( - (request: MatrixHistogramRequestOptions) => { + (request: MatrixHistogramRequestOptionsInput) => { const asyncSearch = async () => { abortCtrl.current = new AbortController(); setLoading(true); @@ -115,7 +115,7 @@ export const useMatrixHistogram = ({ }); searchSubscription$.current = data.search - .search(request, { + .search(request, { strategy: 'securitySolutionSearchStrategy', abortSignal: abortCtrl.current.signal, }) diff --git a/x-pack/plugins/security_solution/public/common/containers/use_first_last_seen/use_first_last_seen.test.ts b/x-pack/plugins/security_solution/public/common/containers/use_first_last_seen/use_first_last_seen.test.ts index a561493f8cac0..ec49319e87734 100644 --- a/x-pack/plugins/security_solution/public/common/containers/use_first_last_seen/use_first_last_seen.test.ts +++ b/x-pack/plugins/security_solution/public/common/containers/use_first_last_seen/use_first_last_seen.test.ts @@ -73,7 +73,6 @@ describe('useFistLastSeen', () => { expect(mockSearch).toHaveBeenCalledWith({ defaultIndex: [], - factoryQueryType: 'firstlastseen', field: 'host.name', order: 'asc', value: 'some-host', @@ -103,7 +102,6 @@ describe('useFistLastSeen', () => { expect(mockSearch).toHaveBeenCalledWith({ defaultIndex: [], - factoryQueryType: 'firstlastseen', field: 'host.name', order: 'desc', value: 'some-host', diff --git a/x-pack/plugins/security_solution/public/common/containers/use_first_last_seen/use_first_last_seen.tsx b/x-pack/plugins/security_solution/public/common/containers/use_first_last_seen/use_first_last_seen.tsx index 1eccfd125e2c9..18d6cb1ec7f0f 100644 --- a/x-pack/plugins/security_solution/public/common/containers/use_first_last_seen/use_first_last_seen.tsx +++ b/x-pack/plugins/security_solution/public/common/containers/use_first_last_seen/use_first_last_seen.tsx @@ -45,7 +45,6 @@ export const useFirstLastSeen = ({ useEffect(() => { search({ defaultIndex, - factoryQueryType: FirstLastSeenQuery, field, value, order, diff --git a/x-pack/plugins/security_solution/public/common/containers/use_search_strategy/index.test.ts b/x-pack/plugins/security_solution/public/common/containers/use_search_strategy/index.test.ts index 6a3b48dce6615..b86eaaf386149 100644 --- a/x-pack/plugins/security_solution/public/common/containers/use_search_strategy/index.test.ts +++ b/x-pack/plugins/security_solution/public/common/containers/use_search_strategy/index.test.ts @@ -9,7 +9,10 @@ import { useSearch, useSearchStrategy } from '.'; import { act, renderHook } from '@testing-library/react-hooks'; import { useObservable } from '@kbn/securitysolution-hook-utils'; -import type { FactoryQueryTypes, StrategyRequestType } from '../../../../common/search_strategy'; +import type { + FactoryQueryTypes, + StrategyRequestInputType, +} from '../../../../common/search_strategy'; import { Observable } from 'rxjs'; jest.mock('@kbn/securitysolution-hook-utils'); @@ -83,7 +86,7 @@ const userSearchStrategyProps = { const request = { fake: 'request', search: 'parameters', -} as unknown as StrategyRequestType; +} as unknown as StrategyRequestInputType; describe('useSearchStrategy', () => { beforeEach(() => { diff --git a/x-pack/plugins/security_solution/public/common/containers/use_search_strategy/index.tsx b/x-pack/plugins/security_solution/public/common/containers/use_search_strategy/index.tsx index b9cd06e77e27e..320339b0ec4df 100644 --- a/x-pack/plugins/security_solution/public/common/containers/use_search_strategy/index.tsx +++ b/x-pack/plugins/security_solution/public/common/containers/use_search_strategy/index.tsx @@ -15,7 +15,7 @@ import * as i18n from './translations'; import type { FactoryQueryTypes, - StrategyRequestType, + StrategyRequestInputType, StrategyResponseType, } from '../../../../common/search_strategy/security_solution'; import { getInspectResponse } from '../../../helpers'; @@ -26,7 +26,7 @@ import { useTrackHttpRequest } from '../../lib/apm/use_track_http_request'; import { APP_UI_ID } from '../../../../common/constants'; interface UseSearchFunctionParams { - request: StrategyRequestType; + request: Omit, 'factoryQueryType'>; abortSignal: AbortSignal; } @@ -35,7 +35,7 @@ type UseSearchFunction = ( ) => Observable>; type SearchFunction = ( - params: StrategyRequestType + params: Omit, 'factoryQueryType'> ) => void; const EMPTY_INSPECT = { @@ -57,8 +57,8 @@ export const useSearch = ( }); const observable = data.search - .search, StrategyResponseType>( - { ...request, factoryQueryType }, + .search, StrategyResponseType>( + { ...request, factoryQueryType } as StrategyRequestInputType, { strategy: 'securitySolutionSearchStrategy', abortSignal, diff --git a/x-pack/plugins/security_solution/public/common/mock/global_state.ts b/x-pack/plugins/security_solution/public/common/mock/global_state.ts index e02dcef6b58ce..2d8e49ad096e8 100644 --- a/x-pack/plugins/security_solution/public/common/mock/global_state.ts +++ b/x-pack/plugins/security_solution/public/common/mock/global_state.ts @@ -7,11 +7,11 @@ import { TableId } from '@kbn/securitysolution-data-table'; import type { DataViewSpec } from '@kbn/data-views-plugin/public'; +import { HostsFields } from '../../../common/api/search_strategy/hosts/model/sort'; import { InputsModelId } from '../store/inputs/constants'; import { Direction, FlowTarget, - HostsFields, NetworkDnsFields, NetworkTopTablesFields, NetworkTlsFields, diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx index 7ad0adcaccafd..a52446d389d7a 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx @@ -33,6 +33,7 @@ import { import { lastValueFrom } from 'rxjs'; import type { EcsSecurityExtension as Ecs } from '@kbn/securitysolution-ecs'; import type { DataTableModel } from '@kbn/securitysolution-data-table'; +import type { TimelineEventsDetailsRequestOptionsInput } from '@kbn/timelines-plugin/common'; import { ALERT_ORIGINAL_TIME, ALERT_GROUP_ID, @@ -54,7 +55,6 @@ import type { } from './types'; import type { TimelineEventsDetailsItem, - TimelineEventsDetailsRequestOptions, TimelineEventsDetailsStrategyResponse, } from '../../../../common/search_strategy/timeline'; import { TimelineEventsQueries } from '../../../../common/search_strategy/timeline'; @@ -956,7 +956,7 @@ export const sendAlertToTimelineAction = async ({ getTimelineTemplate(timelineId), lastValueFrom( searchStrategyClient.search< - TimelineEventsDetailsRequestOptions, + TimelineEventsDetailsRequestOptionsInput, TimelineEventsDetailsStrategyResponse >( { diff --git a/x-pack/plugins/security_solution/public/detections/pages/alert_details/index.tsx b/x-pack/plugins/security_solution/public/detections/pages/alert_details/index.tsx index df01e7f1b1450..8935ff132f246 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/alert_details/index.tsx +++ b/x-pack/plugins/security_solution/public/detections/pages/alert_details/index.tsx @@ -11,6 +11,7 @@ import { Routes, Route } from '@kbn/shared-ux-router'; import { ALERT_RULE_NAME, TIMESTAMP } from '@kbn/rule-data-utils'; import { EuiSpacer } from '@elastic/eui'; import { useDispatch } from 'react-redux'; +import type { RunTimeMappings } from '../../../../common/api/search_strategy'; import { timelineActions } from '../../../timelines/store/timeline'; import { TimelineId } from '../../../../common/types/timeline'; import { useGetFieldsData } from '../../../common/hooks/use_get_fields_data'; @@ -42,7 +43,7 @@ export const AlertDetailsPage = memo(() => { const [loading, detailsData, searchHit, dataAsNestedObject] = useTimelineEventsDetails({ indexName, eventId, - runtimeMappings: sourcererDataView.runtimeMappings, + runtimeMappings: sourcererDataView.runtimeMappings as RunTimeMappings, skip: !eventID, }); const dataNotFound = !loading && !detailsData; diff --git a/x-pack/plugins/security_solution/public/explore/components/paginated_table/helpers.ts b/x-pack/plugins/security_solution/public/explore/components/paginated_table/helpers.ts index 2623079ba0046..4a80155dcb299 100644 --- a/x-pack/plugins/security_solution/public/explore/components/paginated_table/helpers.ts +++ b/x-pack/plugins/security_solution/public/explore/components/paginated_table/helpers.ts @@ -5,13 +5,13 @@ * 2.0. */ -import type { PaginationInputPaginated } from '../../../../common/search_strategy'; +import type { PaginationInputPaginatedInput } from '../../../../common/api/search_strategy'; export const generateTablePaginationOptions = ( activePage: number, limit: number, isBucketSort?: boolean -): PaginationInputPaginated => { +): PaginationInputPaginatedInput => { const cursorStart = activePage * limit; return { activePage, diff --git a/x-pack/plugins/security_solution/public/explore/containers/authentications/index.tsx b/x-pack/plugins/security_solution/public/explore/containers/authentications/index.tsx index d3da701b4c6bb..cd2b0185fe83d 100644 --- a/x-pack/plugins/security_solution/public/explore/containers/authentications/index.tsx +++ b/x-pack/plugins/security_solution/public/explore/containers/authentications/index.tsx @@ -8,10 +8,10 @@ import { useCallback, useEffect, useMemo, useState } from 'react'; import deepEqual from 'fast-deep-equal'; +import type { UserAuthenticationsRequestOptionsInput } from '../../../../common/api/search_strategy'; import type { AuthenticationsEdges, AuthStackByField, - UserAuthenticationsRequestOptions, } from '../../../../common/search_strategy/security_solution'; import { UsersQueries } from '../../../../common/search_strategy/security_solution'; import type { PageInfoPaginated, SortField } from '../../../../common/search_strategy'; @@ -58,7 +58,7 @@ export const useAuthentications = ({ startDate, }: UseAuthentications): [boolean, AuthenticationArgs] => { const [authenticationsRequest, setAuthenticationsRequest] = - useState(null); + useState(null); const wrappedLoadMore = useCallback( (newActivePage: number) => { @@ -123,7 +123,7 @@ export const useAuthentications = ({ useEffect(() => { setAuthenticationsRequest((prevRequest) => { - const myRequest = { + const myRequest: UserAuthenticationsRequestOptionsInput = { ...(prevRequest ?? {}), defaultIndex: indexNames, factoryQueryType: UsersQueries.authentications, diff --git a/x-pack/plugins/security_solution/public/explore/hosts/components/hosts_table/index.tsx b/x-pack/plugins/security_solution/public/explore/hosts/components/hosts_table/index.tsx index 185dfc687fb4a..3c76bc5dcbf9c 100644 --- a/x-pack/plugins/security_solution/public/explore/hosts/components/hosts_table/index.tsx +++ b/x-pack/plugins/security_solution/public/explore/hosts/components/hosts_table/index.tsx @@ -9,6 +9,7 @@ import React, { useMemo, useCallback } from 'react'; import { useDispatch } from 'react-redux'; import type { HostEcs, OsEcs } from '@kbn/securitysolution-ecs'; +import { HostsFields } from '../../../../../common/api/search_strategy/hosts/model/sort'; import type { Columns, Criteria, @@ -25,7 +26,6 @@ import type { HostItem, HostsSortField, } from '../../../../../common/search_strategy/security_solution/hosts'; -import { HostsFields } from '../../../../../common/search_strategy/security_solution/hosts'; import type { Direction, RiskSeverity } from '../../../../../common/search_strategy'; import { SecurityPageName } from '../../../../../common/constants'; import { HostsTableType } from '../../store/model'; @@ -209,6 +209,8 @@ const getNodeField = (field: HostsFields): string => { return 'node.host.name'; case HostsFields.lastSeen: return 'node.lastSeen'; + default: + return ''; } }; diff --git a/x-pack/plugins/security_solution/public/explore/hosts/containers/hosts/index.tsx b/x-pack/plugins/security_solution/public/explore/hosts/containers/hosts/index.tsx index 4a385f436519f..bd0b35c4e18fb 100644 --- a/x-pack/plugins/security_solution/public/explore/hosts/containers/hosts/index.tsx +++ b/x-pack/plugins/security_solution/public/explore/hosts/containers/hosts/index.tsx @@ -8,17 +8,14 @@ import deepEqual from 'fast-deep-equal'; import { useCallback, useEffect, useMemo, useState } from 'react'; +import type { HostsRequestOptionsInput } from '../../../../../common/api/search_strategy'; import type { inputsModel, State } from '../../../../common/store'; import { createFilter } from '../../../../common/containers/helpers'; import { useDeepEqualSelector } from '../../../../common/hooks/use_selector'; import type { hostsModel } from '../../store'; import { hostsSelectors } from '../../store'; import { generateTablePaginationOptions } from '../../../components/paginated_table/helpers'; -import type { - HostsEdges, - PageInfoPaginated, - HostsRequestOptions, -} from '../../../../../common/search_strategy'; +import type { HostsEdges, PageInfoPaginated } from '../../../../../common/search_strategy'; import { HostsQueries } from '../../../../../common/search_strategy'; import type { ESTermQuery } from '../../../../../common/typed_json'; @@ -67,7 +64,7 @@ export const useAllHost = ({ const isNewRiskScoreModuleAvailable = useIsExperimentalFeatureEnabled('riskScoringRoutesEnabled'); - const [hostsRequest, setHostRequest] = useState(null); + const [hostsRequest, setHostRequest] = useState(null); const wrappedLoadMore = useCallback( (newActivePage: number) => { @@ -133,7 +130,7 @@ export const useAllHost = ({ useEffect(() => { setHostRequest((prevRequest) => { - const myRequest = { + const myRequest: HostsRequestOptionsInput = { ...(prevRequest ?? {}), defaultIndex: indexNames, factoryQueryType: HostsQueries.hosts, diff --git a/x-pack/plugins/security_solution/public/explore/hosts/containers/kpi_hosts/hosts/index.tsx b/x-pack/plugins/security_solution/public/explore/hosts/containers/kpi_hosts/hosts/index.tsx index bf78194964f09..d84fa8665b7ab 100644 --- a/x-pack/plugins/security_solution/public/explore/hosts/containers/kpi_hosts/hosts/index.tsx +++ b/x-pack/plugins/security_solution/public/explore/hosts/containers/kpi_hosts/hosts/index.tsx @@ -10,14 +10,12 @@ import { noop } from 'lodash/fp'; import { useCallback, useEffect, useRef, useState } from 'react'; import { Subscription } from 'rxjs'; +import type { KpiHostsRequestOptionsInput } from '../../../../../../common/api/search_strategy'; import { useAppToasts } from '../../../../../common/hooks/use_app_toasts'; import type { inputsModel } from '../../../../../common/store'; import { createFilter } from '../../../../../common/containers/helpers'; import { useKibana } from '../../../../../common/lib/kibana'; -import type { - HostsKpiHostsRequestOptions, - HostsKpiHostsStrategyResponse, -} from '../../../../../../common/search_strategy'; +import type { HostsKpiHostsStrategyResponse } from '../../../../../../common/search_strategy'; import { HostsKpiQueries } from '../../../../../../common/search_strategy'; import type { ESTermQuery } from '../../../../../../common/typed_json'; @@ -55,7 +53,7 @@ export const useHostsKpiHosts = ({ const searchSubscription$ = useRef(new Subscription()); const [loading, setLoading] = useState(false); const [hostsKpiHostsRequest, setHostsKpiHostsRequest] = - useState(null); + useState(null); const [hostsKpiHostsResponse, setHostsKpiHostsResponse] = useState({ hosts: 0, @@ -71,7 +69,7 @@ export const useHostsKpiHosts = ({ const { addError, addWarning } = useAppToasts(); const hostsKpiHostsSearch = useCallback( - (request: HostsKpiHostsRequestOptions | null) => { + (request: KpiHostsRequestOptionsInput | null) => { if (request == null || skip) { return; } @@ -80,7 +78,7 @@ export const useHostsKpiHosts = ({ setLoading(true); searchSubscription$.current = data.search - .search(request, { + .search(request, { strategy: 'securitySolutionSearchStrategy', abortSignal: abortCtrl.current.signal, }) @@ -121,7 +119,7 @@ export const useHostsKpiHosts = ({ useEffect(() => { setHostsKpiHostsRequest((prevRequest) => { - const myRequest = { + const myRequest: KpiHostsRequestOptionsInput = { ...(prevRequest ?? {}), defaultIndex: indexNames, factoryQueryType: HostsKpiQueries.kpiHosts, diff --git a/x-pack/plugins/security_solution/public/explore/hosts/containers/kpi_hosts/unique_ips/index.tsx b/x-pack/plugins/security_solution/public/explore/hosts/containers/kpi_hosts/unique_ips/index.tsx index 730bb48b97a23..740282030286c 100644 --- a/x-pack/plugins/security_solution/public/explore/hosts/containers/kpi_hosts/unique_ips/index.tsx +++ b/x-pack/plugins/security_solution/public/explore/hosts/containers/kpi_hosts/unique_ips/index.tsx @@ -10,14 +10,12 @@ import { noop } from 'lodash/fp'; import { useCallback, useEffect, useRef, useState } from 'react'; import { Subscription } from 'rxjs'; +import type { KpiUniqueIpsRequestOptionsInput } from '../../../../../../common/api/search_strategy'; import { useAppToasts } from '../../../../../common/hooks/use_app_toasts'; import type { inputsModel } from '../../../../../common/store'; import { createFilter } from '../../../../../common/containers/helpers'; import { useKibana } from '../../../../../common/lib/kibana'; -import type { - HostsKpiUniqueIpsRequestOptions, - HostsKpiUniqueIpsStrategyResponse, -} from '../../../../../../common/search_strategy'; +import type { HostsKpiUniqueIpsStrategyResponse } from '../../../../../../common/search_strategy'; import { HostsKpiQueries } from '../../../../../../common/search_strategy'; import type { ESTermQuery } from '../../../../../../common/typed_json'; @@ -57,7 +55,7 @@ export const useHostsKpiUniqueIps = ({ const [loading, setLoading] = useState(false); const [hostsKpiUniqueIpsRequest, setHostsKpiUniqueIpsRequest] = - useState(null); + useState(null); const [hostsKpiUniqueIpsResponse, setHostsKpiUniqueIpsResponse] = useState( { @@ -77,7 +75,7 @@ export const useHostsKpiUniqueIps = ({ const { addError, addWarning } = useAppToasts(); const hostsKpiUniqueIpsSearch = useCallback( - (request: HostsKpiUniqueIpsRequestOptions | null) => { + (request: KpiUniqueIpsRequestOptionsInput | null) => { if (request == null || skip) { return; } @@ -86,7 +84,7 @@ export const useHostsKpiUniqueIps = ({ abortCtrl.current = new AbortController(); setLoading(true); searchSubscription$.current = data.search - .search(request, { + .search(request, { strategy: 'securitySolutionSearchStrategy', abortSignal: abortCtrl.current.signal, }) @@ -129,7 +127,7 @@ export const useHostsKpiUniqueIps = ({ useEffect(() => { setHostsKpiUniqueIpsRequest((prevRequest) => { - const myRequest = { + const myRequest: KpiUniqueIpsRequestOptionsInput = { ...(prevRequest ?? {}), defaultIndex: indexNames, factoryQueryType: HostsKpiQueries.kpiUniqueIps, diff --git a/x-pack/plugins/security_solution/public/explore/hosts/containers/uncommon_processes/index.tsx b/x-pack/plugins/security_solution/public/explore/hosts/containers/uncommon_processes/index.tsx index 49facc76c33bc..078c2faa49982 100644 --- a/x-pack/plugins/security_solution/public/explore/hosts/containers/uncommon_processes/index.tsx +++ b/x-pack/plugins/security_solution/public/explore/hosts/containers/uncommon_processes/index.tsx @@ -8,6 +8,7 @@ import deepEqual from 'fast-deep-equal'; import { useCallback, useEffect, useMemo, useState } from 'react'; +import type { HostUncommonProcessesRequestOptionsInput } from '../../../../../common/api/search_strategy'; import type { inputsModel, State } from '../../../../common/store'; import { generateTablePaginationOptions } from '../../../components/paginated_table/helpers'; @@ -18,7 +19,6 @@ import type { SortField, PageInfoPaginated, HostsUncommonProcessesEdges, - HostsUncommonProcessesRequestOptions, } from '../../../../../common/search_strategy'; import { HostsQueries } from '../../../../../common/search_strategy'; @@ -66,7 +66,7 @@ export const useUncommonProcesses = ({ getUncommonProcessesSelector(state, type) ); const [uncommonProcessesRequest, setUncommonProcessesRequest] = - useState(null); + useState(null); const wrappedLoadMore = useCallback( (newActivePage: number) => { @@ -121,7 +121,7 @@ export const useUncommonProcesses = ({ useEffect(() => { setUncommonProcessesRequest((prevRequest) => { - const myRequest = { + const myRequest: HostUncommonProcessesRequestOptionsInput = { ...(prevRequest ?? {}), defaultIndex: indexNames, factoryQueryType: HostsQueries.uncommonProcesses, diff --git a/x-pack/plugins/security_solution/public/explore/hosts/store/helpers.test.ts b/x-pack/plugins/security_solution/public/explore/hosts/store/helpers.test.ts index 2c85317a0f4fc..e70267fbdd23a 100644 --- a/x-pack/plugins/security_solution/public/explore/hosts/store/helpers.test.ts +++ b/x-pack/plugins/security_solution/public/explore/hosts/store/helpers.test.ts @@ -9,7 +9,8 @@ import { DEFAULT_TABLE_ACTIVE_PAGE, DEFAULT_TABLE_LIMIT } from '../../../common/ import type { HostsModel } from './model'; import { HostsTableType, HostsType } from './model'; import { setHostsQueriesActivePageToZero } from './helpers'; -import { Direction, HostsFields, RiskScoreFields } from '../../../../common/search_strategy'; +import { Direction, RiskScoreFields } from '../../../../common/search_strategy'; +import { HostsFields } from '../../../../common/api/search_strategy/hosts/model/sort'; export const mockHostsState: HostsModel = { page: { diff --git a/x-pack/plugins/security_solution/public/explore/hosts/store/model.ts b/x-pack/plugins/security_solution/public/explore/hosts/store/model.ts index d0b05ef57ae8d..a83b57ed4b0d8 100644 --- a/x-pack/plugins/security_solution/public/explore/hosts/store/model.ts +++ b/x-pack/plugins/security_solution/public/explore/hosts/store/model.ts @@ -5,9 +5,9 @@ * 2.0. */ +import type { HostsFields } from '../../../../common/api/search_strategy/hosts/model/sort'; import type { Direction } from '../../../../common/search_strategy'; import type { - HostsFields, RiskScoreSortField, RiskSeverity, } from '../../../../common/search_strategy/security_solution'; diff --git a/x-pack/plugins/security_solution/public/explore/hosts/store/reducer.ts b/x-pack/plugins/security_solution/public/explore/hosts/store/reducer.ts index 7208f331b1263..2b4e71502cb6b 100644 --- a/x-pack/plugins/security_solution/public/explore/hosts/store/reducer.ts +++ b/x-pack/plugins/security_solution/public/explore/hosts/store/reducer.ts @@ -6,7 +6,8 @@ */ import { reducerWithInitialState } from 'typescript-fsa-reducers'; -import { Direction, HostsFields, RiskScoreFields } from '../../../../common/search_strategy'; +import { HostsFields } from '../../../../common/api/search_strategy/hosts/model/sort'; +import { Direction, RiskScoreFields } from '../../../../common/search_strategy'; import { DEFAULT_TABLE_ACTIVE_PAGE, DEFAULT_TABLE_LIMIT } from '../../../common/store/constants'; diff --git a/x-pack/plugins/security_solution/public/explore/network/containers/kpi_network/dns/index.tsx b/x-pack/plugins/security_solution/public/explore/network/containers/kpi_network/dns/index.tsx index cf52d2b4ee0eb..ce7fa7e01886e 100644 --- a/x-pack/plugins/security_solution/public/explore/network/containers/kpi_network/dns/index.tsx +++ b/x-pack/plugins/security_solution/public/explore/network/containers/kpi_network/dns/index.tsx @@ -11,14 +11,12 @@ import { useCallback, useEffect, useRef, useState } from 'react'; import { Subscription } from 'rxjs'; import { isCompleteResponse } from '@kbn/data-plugin/common'; +import type { NetworkKpiDnsRequestOptionsInput } from '../../../../../../common/api/search_strategy'; import { useAppToasts } from '../../../../../common/hooks/use_app_toasts'; import type { inputsModel } from '../../../../../common/store'; import { createFilter } from '../../../../../common/containers/helpers'; import { useKibana } from '../../../../../common/lib/kibana'; -import type { - NetworkKpiDnsRequestOptions, - NetworkKpiDnsStrategyResponse, -} from '../../../../../../common/search_strategy'; +import type { NetworkKpiDnsStrategyResponse } from '../../../../../../common/search_strategy'; import { NetworkKpiQueries } from '../../../../../../common/search_strategy'; import type { ESTermQuery } from '../../../../../../common/typed_json'; @@ -57,7 +55,7 @@ export const useNetworkKpiDns = ({ const searchSubscription$ = useRef(new Subscription()); const [loading, setLoading] = useState(false); const [networkKpiDnsRequest, setNetworkKpiDnsRequest] = - useState(null); + useState(null); const [networkKpiDnsResponse, setNetworkKpiDnsResponse] = useState({ dnsQueries: 0, @@ -72,7 +70,7 @@ export const useNetworkKpiDns = ({ const { addError } = useAppToasts(); const networkKpiDnsSearch = useCallback( - (request: NetworkKpiDnsRequestOptions | null) => { + (request: NetworkKpiDnsRequestOptionsInput | null) => { if (request == null || skip) { return; } @@ -82,7 +80,7 @@ export const useNetworkKpiDns = ({ setLoading(true); searchSubscription$.current = data.search - .search(request, { + .search(request, { strategy: 'securitySolutionSearchStrategy', abortSignal: abortCtrl.current.signal, }) @@ -118,7 +116,7 @@ export const useNetworkKpiDns = ({ useEffect(() => { setNetworkKpiDnsRequest((prevRequest) => { - const myRequest = { + const myRequest: NetworkKpiDnsRequestOptionsInput = { ...(prevRequest ?? {}), defaultIndex: indexNames, factoryQueryType: NetworkKpiQueries.dns, diff --git a/x-pack/plugins/security_solution/public/explore/network/containers/kpi_network/network_events/index.tsx b/x-pack/plugins/security_solution/public/explore/network/containers/kpi_network/network_events/index.tsx index 378120d155e16..40e238e73d56d 100644 --- a/x-pack/plugins/security_solution/public/explore/network/containers/kpi_network/network_events/index.tsx +++ b/x-pack/plugins/security_solution/public/explore/network/containers/kpi_network/network_events/index.tsx @@ -11,14 +11,12 @@ import { useCallback, useEffect, useRef, useState } from 'react'; import { Subscription } from 'rxjs'; import { isCompleteResponse } from '@kbn/data-plugin/common'; +import type { NetworkKpiEventsRequestOptionsInput } from '../../../../../../common/api/search_strategy'; import { useAppToasts } from '../../../../../common/hooks/use_app_toasts'; import type { inputsModel } from '../../../../../common/store'; import { createFilter } from '../../../../../common/containers/helpers'; import { useKibana } from '../../../../../common/lib/kibana'; -import type { - NetworkKpiNetworkEventsRequestOptions, - NetworkKpiNetworkEventsStrategyResponse, -} from '../../../../../../common/search_strategy'; +import type { NetworkKpiNetworkEventsStrategyResponse } from '../../../../../../common/search_strategy'; import { NetworkKpiQueries } from '../../../../../../common/search_strategy'; import type { ESTermQuery } from '../../../../../../common/typed_json'; @@ -57,7 +55,7 @@ export const useNetworkKpiNetworkEvents = ({ const searchSubscription$ = useRef(new Subscription()); const [loading, setLoading] = useState(false); const [networkKpiNetworkEventsRequest, setNetworkKpiNetworkEventsRequest] = - useState(null); + useState(null); const [networkKpiNetworkEventsResponse, setNetworkKpiNetworkEventsResponse] = useState({ @@ -73,7 +71,7 @@ export const useNetworkKpiNetworkEvents = ({ const { addError } = useAppToasts(); const networkKpiNetworkEventsSearch = useCallback( - (request: NetworkKpiNetworkEventsRequestOptions | null) => { + (request: NetworkKpiEventsRequestOptionsInput | null) => { if (request == null || skip) { return; } @@ -83,7 +81,7 @@ export const useNetworkKpiNetworkEvents = ({ setLoading(true); searchSubscription$.current = data.search - .search( + .search( request, { strategy: 'securitySolutionSearchStrategy', @@ -122,7 +120,7 @@ export const useNetworkKpiNetworkEvents = ({ useEffect(() => { setNetworkKpiNetworkEventsRequest((prevRequest) => { - const myRequest = { + const myRequest: NetworkKpiEventsRequestOptionsInput = { ...(prevRequest ?? {}), defaultIndex: indexNames, factoryQueryType: NetworkKpiQueries.networkEvents, diff --git a/x-pack/plugins/security_solution/public/explore/network/containers/kpi_network/tls_handshakes/index.tsx b/x-pack/plugins/security_solution/public/explore/network/containers/kpi_network/tls_handshakes/index.tsx index b53c07640220e..5bede07b4ce2d 100644 --- a/x-pack/plugins/security_solution/public/explore/network/containers/kpi_network/tls_handshakes/index.tsx +++ b/x-pack/plugins/security_solution/public/explore/network/containers/kpi_network/tls_handshakes/index.tsx @@ -11,14 +11,12 @@ import { useCallback, useEffect, useRef, useState } from 'react'; import { Subscription } from 'rxjs'; import { isCompleteResponse } from '@kbn/data-plugin/common'; +import type { NetworkKpiTlsHandshakesRequestOptionsInput } from '../../../../../../common/api/search_strategy'; import { useAppToasts } from '../../../../../common/hooks/use_app_toasts'; import type { inputsModel } from '../../../../../common/store'; import { createFilter } from '../../../../../common/containers/helpers'; import { useKibana } from '../../../../../common/lib/kibana'; -import type { - NetworkKpiTlsHandshakesRequestOptions, - NetworkKpiTlsHandshakesStrategyResponse, -} from '../../../../../../common/search_strategy'; +import type { NetworkKpiTlsHandshakesStrategyResponse } from '../../../../../../common/search_strategy'; import { NetworkKpiQueries } from '../../../../../../common/search_strategy'; import type { ESTermQuery } from '../../../../../../common/typed_json'; @@ -57,7 +55,7 @@ export const useNetworkKpiTlsHandshakes = ({ const searchSubscription$ = useRef(new Subscription()); const [loading, setLoading] = useState(false); const [networkKpiTlsHandshakesRequest, setNetworkKpiTlsHandshakesRequest] = - useState(null); + useState(null); const [networkKpiTlsHandshakesResponse, setNetworkKpiTlsHandshakesResponse] = useState({ @@ -73,7 +71,7 @@ export const useNetworkKpiTlsHandshakes = ({ const { addError } = useAppToasts(); const networkKpiTlsHandshakesSearch = useCallback( - (request: NetworkKpiTlsHandshakesRequestOptions | null) => { + (request: NetworkKpiTlsHandshakesRequestOptionsInput | null) => { if (request == null || skip) { return; } @@ -82,13 +80,13 @@ export const useNetworkKpiTlsHandshakes = ({ setLoading(true); searchSubscription$.current = data.search - .search( - request, - { - strategy: 'securitySolutionSearchStrategy', - abortSignal: abortCtrl.current.signal, - } - ) + .search< + NetworkKpiTlsHandshakesRequestOptionsInput, + NetworkKpiTlsHandshakesStrategyResponse + >(request, { + strategy: 'securitySolutionSearchStrategy', + abortSignal: abortCtrl.current.signal, + }) .subscribe({ next: (response) => { if (isCompleteResponse(response)) { @@ -121,7 +119,7 @@ export const useNetworkKpiTlsHandshakes = ({ useEffect(() => { setNetworkKpiTlsHandshakesRequest((prevRequest) => { - const myRequest = { + const myRequest: NetworkKpiTlsHandshakesRequestOptionsInput = { ...(prevRequest ?? {}), defaultIndex: indexNames, factoryQueryType: NetworkKpiQueries.tlsHandshakes, diff --git a/x-pack/plugins/security_solution/public/explore/network/containers/kpi_network/unique_flows/index.tsx b/x-pack/plugins/security_solution/public/explore/network/containers/kpi_network/unique_flows/index.tsx index 6ff0eb5372a19..8172c700fef12 100644 --- a/x-pack/plugins/security_solution/public/explore/network/containers/kpi_network/unique_flows/index.tsx +++ b/x-pack/plugins/security_solution/public/explore/network/containers/kpi_network/unique_flows/index.tsx @@ -11,14 +11,12 @@ import { useCallback, useEffect, useRef, useState } from 'react'; import { Subscription } from 'rxjs'; import { isCompleteResponse } from '@kbn/data-plugin/common'; +import type { NetworkKpiUniqueFlowsRequestOptionsInput } from '../../../../../../common/api/search_strategy'; import { useAppToasts } from '../../../../../common/hooks/use_app_toasts'; import type { inputsModel } from '../../../../../common/store'; import { createFilter } from '../../../../../common/containers/helpers'; import { useKibana } from '../../../../../common/lib/kibana'; -import type { - NetworkKpiUniqueFlowsRequestOptions, - NetworkKpiUniqueFlowsStrategyResponse, -} from '../../../../../../common/search_strategy'; +import type { NetworkKpiUniqueFlowsStrategyResponse } from '../../../../../../common/search_strategy'; import { NetworkKpiQueries } from '../../../../../../common/search_strategy'; import type { ESTermQuery } from '../../../../../../common/typed_json'; @@ -57,7 +55,7 @@ export const useNetworkKpiUniqueFlows = ({ const searchSubscription$ = useRef(new Subscription()); const [loading, setLoading] = useState(false); const [networkKpiUniqueFlowsRequest, setNetworkKpiUniqueFlowsRequest] = - useState(null); + useState(null); const [networkKpiUniqueFlowsResponse, setNetworkKpiUniqueFlowsResponse] = useState({ @@ -73,7 +71,7 @@ export const useNetworkKpiUniqueFlows = ({ const { addError } = useAppToasts(); const networkKpiUniqueFlowsSearch = useCallback( - (request: NetworkKpiUniqueFlowsRequestOptions | null) => { + (request: NetworkKpiUniqueFlowsRequestOptionsInput | null) => { if (request == null || skip) { return; } @@ -82,7 +80,7 @@ export const useNetworkKpiUniqueFlows = ({ abortCtrl.current = new AbortController(); setLoading(true); searchSubscription$.current = data.search - .search( + .search( request, { strategy: 'securitySolutionSearchStrategy', @@ -121,7 +119,7 @@ export const useNetworkKpiUniqueFlows = ({ useEffect(() => { setNetworkKpiUniqueFlowsRequest((prevRequest) => { - const myRequest = { + const myRequest: NetworkKpiUniqueFlowsRequestOptionsInput = { ...(prevRequest ?? {}), defaultIndex: indexNames, factoryQueryType: NetworkKpiQueries.uniqueFlows, diff --git a/x-pack/plugins/security_solution/public/explore/network/containers/kpi_network/unique_private_ips/index.tsx b/x-pack/plugins/security_solution/public/explore/network/containers/kpi_network/unique_private_ips/index.tsx index 45435665dba41..d214a8d30bd16 100644 --- a/x-pack/plugins/security_solution/public/explore/network/containers/kpi_network/unique_private_ips/index.tsx +++ b/x-pack/plugins/security_solution/public/explore/network/containers/kpi_network/unique_private_ips/index.tsx @@ -11,13 +11,13 @@ import { useCallback, useEffect, useRef, useState } from 'react'; import { Subscription } from 'rxjs'; import { isCompleteResponse } from '@kbn/data-plugin/common'; +import type { NetworkKpiUniquePrivateIpsRequestOptionsInput } from '../../../../../../common/api/search_strategy'; import { useAppToasts } from '../../../../../common/hooks/use_app_toasts'; import type { inputsModel } from '../../../../../common/store'; import { createFilter } from '../../../../../common/containers/helpers'; import { useKibana } from '../../../../../common/lib/kibana'; import type { NetworkKpiHistogramData, - NetworkKpiUniquePrivateIpsRequestOptions, NetworkKpiUniquePrivateIpsStrategyResponse, } from '../../../../../../common/search_strategy'; import { NetworkKpiQueries } from '../../../../../../common/search_strategy'; @@ -61,7 +61,7 @@ export const useNetworkKpiUniquePrivateIps = ({ const searchSubscription$ = useRef(new Subscription()); const [loading, setLoading] = useState(false); const [networkKpiUniquePrivateIpsRequest, setNetworkKpiUniquePrivateIpsRequest] = - useState(null); + useState(null); const [networkKpiUniquePrivateIpsResponse, setNetworkKpiUniquePrivateIpsResponse] = useState({ @@ -80,7 +80,7 @@ export const useNetworkKpiUniquePrivateIps = ({ const { addError } = useAppToasts(); const networkKpiUniquePrivateIpsSearch = useCallback( - (request: NetworkKpiUniquePrivateIpsRequestOptions | null) => { + (request: NetworkKpiUniquePrivateIpsRequestOptionsInput | null) => { if (request == null || skip) { return; } @@ -91,7 +91,7 @@ export const useNetworkKpiUniquePrivateIps = ({ searchSubscription$.current = data.search .search< - NetworkKpiUniquePrivateIpsRequestOptions, + NetworkKpiUniquePrivateIpsRequestOptionsInput, NetworkKpiUniquePrivateIpsStrategyResponse >(request, { strategy: 'securitySolutionSearchStrategy', @@ -133,7 +133,7 @@ export const useNetworkKpiUniquePrivateIps = ({ useEffect(() => { setNetworkKpiUniquePrivateIpsRequest((prevRequest) => { - const myRequest = { + const myRequest: NetworkKpiUniquePrivateIpsRequestOptionsInput = { ...(prevRequest ?? {}), defaultIndex: indexNames, factoryQueryType: NetworkKpiQueries.uniquePrivateIps, diff --git a/x-pack/plugins/security_solution/public/explore/network/containers/network_dns/index.tsx b/x-pack/plugins/security_solution/public/explore/network/containers/network_dns/index.tsx index 326d0112e544e..1ad9def6eba32 100644 --- a/x-pack/plugins/security_solution/public/explore/network/containers/network_dns/index.tsx +++ b/x-pack/plugins/security_solution/public/explore/network/containers/network_dns/index.tsx @@ -8,17 +8,14 @@ import { useState, useEffect, useCallback, useMemo } from 'react'; import deepEqual from 'fast-deep-equal'; +import type { NetworkDnsRequestOptionsInput } from '../../../../../common/api/search_strategy'; import type { ESTermQuery } from '../../../../../common/typed_json'; import type { inputsModel } from '../../../../common/store'; import { useDeepEqualSelector } from '../../../../common/hooks/use_selector'; import { createFilter } from '../../../../common/containers/helpers'; import { generateTablePaginationOptions } from '../../../components/paginated_table/helpers'; import { networkSelectors } from '../../store'; -import type { - NetworkDnsRequestOptions, - NetworkDnsEdges, - PageInfoPaginated, -} from '../../../../../common/search_strategy'; +import type { NetworkDnsEdges, PageInfoPaginated } from '../../../../../common/search_strategy'; import { NetworkQueries } from '../../../../../common/search_strategy'; import * as i18n from './translations'; import type { InspectResponse } from '../../../../types'; @@ -58,7 +55,9 @@ export const useNetworkDns = ({ const getNetworkDnsSelector = useMemo(() => networkSelectors.dnsSelector(), []); const { activePage, sort, isPtrIncluded, limit } = useDeepEqualSelector(getNetworkDnsSelector); - const [networkDnsRequest, setNetworkDnsRequest] = useState(null); + const [networkDnsRequest, setNetworkDnsRequest] = useState( + null + ); const wrappedLoadMore = useCallback( (newActivePage: number) => { @@ -113,7 +112,7 @@ export const useNetworkDns = ({ useEffect(() => { setNetworkDnsRequest((prevRequest) => { - const myRequest = { + const myRequest: NetworkDnsRequestOptionsInput = { ...(prevRequest ?? {}), defaultIndex: indexNames, isPtrIncluded, diff --git a/x-pack/plugins/security_solution/public/explore/network/containers/network_http/index.tsx b/x-pack/plugins/security_solution/public/explore/network/containers/network_http/index.tsx index 68d0d97f258b6..af4a86b2cd11b 100644 --- a/x-pack/plugins/security_solution/public/explore/network/containers/network_http/index.tsx +++ b/x-pack/plugins/security_solution/public/explore/network/containers/network_http/index.tsx @@ -8,6 +8,7 @@ import { useState, useEffect, useCallback, useMemo } from 'react'; import deepEqual from 'fast-deep-equal'; +import type { NetworkHttpRequestOptionsInput } from '../../../../../common/api/search_strategy'; import type { ESTermQuery } from '../../../../../common/typed_json'; import type { inputsModel } from '../../../../common/store'; import { useDeepEqualSelector } from '../../../../common/hooks/use_selector'; @@ -18,7 +19,6 @@ import { networkSelectors } from '../../store'; import type { NetworkHttpEdges, PageInfoPaginated, - NetworkHttpRequestOptions, SortField, } from '../../../../../common/search_strategy'; import { NetworkQueries } from '../../../../../common/search_strategy'; @@ -65,7 +65,9 @@ export const useNetworkHttp = ({ const getHttpSelector = useMemo(() => networkSelectors.httpSelector(), []); const { activePage, limit, sort } = useDeepEqualSelector((state) => getHttpSelector(state, type)); - const [networkHttpRequest, setHostRequest] = useState(null); + const [networkHttpRequest, setHostRequest] = useState( + null + ); const wrappedLoadMore = useCallback( (newActivePage: number) => { @@ -132,7 +134,7 @@ export const useNetworkHttp = ({ useEffect(() => { setHostRequest((prevRequest) => { - const myRequest = { + const myRequest: NetworkHttpRequestOptionsInput = { ...(prevRequest ?? {}), defaultIndex: indexNames, factoryQueryType: NetworkQueries.http, diff --git a/x-pack/plugins/security_solution/public/explore/network/containers/network_top_countries/index.tsx b/x-pack/plugins/security_solution/public/explore/network/containers/network_top_countries/index.tsx index 5d6b45b12b422..330af1e174b87 100644 --- a/x-pack/plugins/security_solution/public/explore/network/containers/network_top_countries/index.tsx +++ b/x-pack/plugins/security_solution/public/explore/network/containers/network_top_countries/index.tsx @@ -8,6 +8,7 @@ import { useState, useEffect, useCallback, useMemo } from 'react'; import deepEqual from 'fast-deep-equal'; +import type { NetworkTopCountriesRequestOptionsInput } from '../../../../../common/api/search_strategy'; import type { ESTermQuery } from '../../../../../common/typed_json'; import type { inputsModel } from '../../../../common/store'; import { useDeepEqualSelector } from '../../../../common/hooks/use_selector'; @@ -18,7 +19,6 @@ import { networkSelectors } from '../../store'; import type { FlowTargetSourceDest, NetworkTopCountriesEdges, - NetworkTopCountriesRequestOptions, PageInfoPaginated, } from '../../../../../common/search_strategy'; import { NetworkQueries } from '../../../../../common/search_strategy'; @@ -68,7 +68,7 @@ export const useNetworkTopCountries = ({ ); const [networkTopCountriesRequest, setNetworkTopCountriesRequest] = - useState(null); + useState(null); const wrappedLoadMore = useCallback( (newActivePage: number) => { @@ -135,7 +135,7 @@ export const useNetworkTopCountries = ({ useEffect(() => { setNetworkTopCountriesRequest((prevRequest) => { - const myRequest = { + const myRequest: NetworkTopCountriesRequestOptionsInput = { ...(prevRequest ?? {}), defaultIndex: indexNames, factoryQueryType: NetworkQueries.topCountries, diff --git a/x-pack/plugins/security_solution/public/explore/network/containers/network_top_n_flow/index.tsx b/x-pack/plugins/security_solution/public/explore/network/containers/network_top_n_flow/index.tsx index a90ba02f5c17d..07146118f11c9 100644 --- a/x-pack/plugins/security_solution/public/explore/network/containers/network_top_n_flow/index.tsx +++ b/x-pack/plugins/security_solution/public/explore/network/containers/network_top_n_flow/index.tsx @@ -8,6 +8,7 @@ import { useState, useEffect, useCallback, useMemo } from 'react'; import deepEqual from 'fast-deep-equal'; +import type { NetworkTopNFlowRequestOptionsInput } from '../../../../../common/api/search_strategy'; import type { ESTermQuery } from '../../../../../common/typed_json'; import type { inputsModel } from '../../../../common/store'; import { useDeepEqualSelector } from '../../../../common/hooks/use_selector'; @@ -18,7 +19,6 @@ import { networkSelectors } from '../../store'; import type { FlowTargetSourceDest, NetworkTopNFlowEdges, - NetworkTopNFlowRequestOptions, PageInfoPaginated, } from '../../../../../common/search_strategy'; import { NetworkQueries } from '../../../../../common/search_strategy'; @@ -68,7 +68,7 @@ export const useNetworkTopNFlow = ({ ); const [networkTopNFlowRequest, setTopNFlowRequest] = - useState(null); + useState(null); const wrappedLoadMore = useCallback( (newActivePage: number) => { @@ -135,7 +135,7 @@ export const useNetworkTopNFlow = ({ useEffect(() => { setTopNFlowRequest((prevRequest) => { - const myRequest = { + const myRequest: NetworkTopNFlowRequestOptionsInput = { ...(prevRequest ?? {}), defaultIndex: indexNames, factoryQueryType: NetworkQueries.topNFlow, diff --git a/x-pack/plugins/security_solution/public/explore/network/containers/tls/index.tsx b/x-pack/plugins/security_solution/public/explore/network/containers/tls/index.tsx index c3d34c02c69c5..353f14c5e1410 100644 --- a/x-pack/plugins/security_solution/public/explore/network/containers/tls/index.tsx +++ b/x-pack/plugins/security_solution/public/explore/network/containers/tls/index.tsx @@ -8,6 +8,7 @@ import { useState, useEffect, useCallback, useMemo } from 'react'; import deepEqual from 'fast-deep-equal'; +import type { NetworkTlsRequestOptionsInput } from '../../../../../common/api/search_strategy'; import type { ESTermQuery } from '../../../../../common/typed_json'; import type { inputsModel } from '../../../../common/store'; import { useDeepEqualSelector } from '../../../../common/hooks/use_selector'; @@ -15,10 +16,7 @@ import { createFilter } from '../../../../common/containers/helpers'; import { generateTablePaginationOptions } from '../../../components/paginated_table/helpers'; import type { networkModel } from '../../store'; import { networkSelectors } from '../../store'; -import type { - NetworkTlsRequestOptions, - NetworkTlsStrategyResponse, -} from '../../../../../common/search_strategy/security_solution/network'; +import type { NetworkTlsStrategyResponse } from '../../../../../common/search_strategy/security_solution/network'; import { NetworkQueries } from '../../../../../common/search_strategy/security_solution/network'; import * as i18n from './translations'; @@ -67,7 +65,9 @@ export const useNetworkTls = ({ const getTlsSelector = useMemo(() => networkSelectors.tlsSelector(), []); const { activePage, limit, sort } = useDeepEqualSelector((state) => getTlsSelector(state, type)); - const [networkTlsRequest, setNetworkTlsRequest] = useState(null); + const [networkTlsRequest, setNetworkTlsRequest] = useState( + null + ); const wrappedLoadMore = useCallback( (newActivePage: number) => { @@ -134,7 +134,7 @@ export const useNetworkTls = ({ useEffect(() => { setNetworkTlsRequest((prevRequest) => { - const myRequest = { + const myRequest: NetworkTlsRequestOptionsInput = { ...(prevRequest ?? {}), defaultIndex: indexNames, factoryQueryType: NetworkQueries.tls, diff --git a/x-pack/plugins/security_solution/public/explore/network/containers/users/index.tsx b/x-pack/plugins/security_solution/public/explore/network/containers/users/index.tsx index 217b4a9baae15..881a59c095995 100644 --- a/x-pack/plugins/security_solution/public/explore/network/containers/users/index.tsx +++ b/x-pack/plugins/security_solution/public/explore/network/containers/users/index.tsx @@ -8,6 +8,7 @@ import { useState, useEffect, useCallback, useMemo } from 'react'; import deepEqual from 'fast-deep-equal'; +import type { NetworkUsersRequestOptionsInput } from '../../../../../common/api/search_strategy'; import { useDeepEqualSelector } from '../../../../common/hooks/use_selector'; import type { ESTermQuery } from '../../../../../common/typed_json'; import { DEFAULT_INDEX_KEY } from '../../../../../common/constants'; @@ -18,7 +19,6 @@ import { generateTablePaginationOptions } from '../../../components/paginated_ta import { networkSelectors } from '../../store'; import type { FlowTargetSourceDest, - NetworkUsersRequestOptions, NetworkUsersStrategyResponse, } from '../../../../../common/search_strategy/security_solution/network'; import { NetworkQueries } from '../../../../../common/search_strategy/security_solution/network'; @@ -65,9 +65,8 @@ export const useNetworkUsers = ({ const { uiSettings } = useKibana().services; const defaultIndex = uiSettings.get(DEFAULT_INDEX_KEY); - const [networkUsersRequest, setNetworkUsersRequest] = useState( - null - ); + const [networkUsersRequest, setNetworkUsersRequest] = + useState(null); const wrappedLoadMore = useCallback( (newActivePage: number) => { @@ -134,7 +133,7 @@ export const useNetworkUsers = ({ useEffect(() => { setNetworkUsersRequest((prevRequest) => { - const myRequest = { + const myRequest: NetworkUsersRequestOptionsInput = { ...(prevRequest ?? {}), ip, defaultIndex, diff --git a/x-pack/plugins/security_solution/public/explore/users/containers/users/authentications/index.tsx b/x-pack/plugins/security_solution/public/explore/users/containers/users/authentications/index.tsx index 8263c03bc4fa6..29798d69da399 100644 --- a/x-pack/plugins/security_solution/public/explore/users/containers/users/authentications/index.tsx +++ b/x-pack/plugins/security_solution/public/explore/users/containers/users/authentications/index.tsx @@ -10,14 +10,12 @@ import { noop } from 'lodash/fp'; import { useCallback, useEffect, useRef, useState } from 'react'; import { Subscription } from 'rxjs'; +import type { AuthenticationsKpiRequestOptionsInput } from '../../../../../../common/api/search_strategy'; import { useAppToasts } from '../../../../../common/hooks/use_app_toasts'; import type { inputsModel } from '../../../../../common/store'; import { createFilter } from '../../../../../common/containers/helpers'; import { useKibana } from '../../../../../common/lib/kibana'; -import type { - UsersKpiAuthenticationsRequestOptions, - UsersKpiAuthenticationsStrategyResponse, -} from '../../../../../../common/search_strategy'; +import type { UsersKpiAuthenticationsStrategyResponse } from '../../../../../../common/search_strategy'; import { UsersQueries } from '../../../../../../common/search_strategy'; import type { ESTermQuery } from '../../../../../../common/typed_json'; @@ -56,7 +54,7 @@ export const useUsersKpiAuthentications = ({ const searchSubscription$ = useRef(new Subscription()); const [loading, setLoading] = useState(false); const [usersKpiAuthenticationsRequest, setUsersKpiAuthenticationsRequest] = - useState(null); + useState(null); const [usersKpiAuthenticationsResponse, setUsersKpiAuthenticationsResponse] = useState({ @@ -75,7 +73,7 @@ export const useUsersKpiAuthentications = ({ const { addError, addWarning } = useAppToasts(); const usersKpiAuthenticationsSearch = useCallback( - (request: UsersKpiAuthenticationsRequestOptions | null) => { + (request: AuthenticationsKpiRequestOptionsInput | null) => { if (request == null || skip) { return; } @@ -85,7 +83,7 @@ export const useUsersKpiAuthentications = ({ setLoading(true); searchSubscription$.current = data.search - .search( + .search( request, { strategy: 'securitySolutionSearchStrategy', @@ -131,7 +129,7 @@ export const useUsersKpiAuthentications = ({ useEffect(() => { setUsersKpiAuthenticationsRequest((prevRequest) => { - const myRequest = { + const myRequest: AuthenticationsKpiRequestOptionsInput = { ...(prevRequest ?? {}), defaultIndex: indexNames, factoryQueryType: UsersQueries.kpiAuthentications, diff --git a/x-pack/plugins/security_solution/public/flyout/left/hooks/use_threat_intelligence_details.ts b/x-pack/plugins/security_solution/public/flyout/left/hooks/use_threat_intelligence_details.ts index 0cdc66a95a99f..c291e2a123c3d 100644 --- a/x-pack/plugins/security_solution/public/flyout/left/hooks/use_threat_intelligence_details.ts +++ b/x-pack/plugins/security_solution/public/flyout/left/hooks/use_threat_intelligence_details.ts @@ -6,6 +6,7 @@ */ import { useMemo } from 'react'; +import type { RunTimeMappings } from '../../../../common/api/search_strategy'; import type { CtiEnrichment, EventFields } from '../../../../common/search_strategy'; import { useBasicDataFromDetailsData } from '../../../timelines/components/side_panel/event_details/helpers'; import { @@ -53,7 +54,7 @@ export const useThreatIntelligenceDetails = (): ThreatIntelligenceDetailsValue = const [isEventDataLoading, eventData] = useTimelineEventsDetails({ indexName, eventId, - runtimeMappings: sourcererDataView.runtimeMappings, + runtimeMappings: sourcererDataView.runtimeMappings as RunTimeMappings, skip: !eventId, }); diff --git a/x-pack/plugins/security_solution/public/flyout/shared/hooks/use_event_details.ts b/x-pack/plugins/security_solution/public/flyout/shared/hooks/use_event_details.ts index 91e371cd3b0b6..0f43743bcab28 100644 --- a/x-pack/plugins/security_solution/public/flyout/shared/hooks/use_event_details.ts +++ b/x-pack/plugins/security_solution/public/flyout/shared/hooks/use_event_details.ts @@ -9,6 +9,7 @@ import type { BrowserFields, TimelineEventsDetailsItem } from '@kbn/timelines-pl import type { EcsSecurityExtension as Ecs } from '@kbn/securitysolution-ecs'; import { SecurityPageName } from '@kbn/security-solution-navigation'; import type { DataViewBase } from '@kbn/es-query'; +import type { RunTimeMappings } from '../../../../common/api/search_strategy'; import { useSpaceId } from '../../../common/hooks/use_space_id'; import { getAlertIndexAlias } from '../../../timelines/components/side_panel/event_details/helpers'; import { useRouteSpy } from '../../../common/utils/route/use_route_spy'; @@ -86,7 +87,7 @@ export const useEventDetails = ({ useTimelineEventsDetails({ indexName: eventIndex, eventId: eventId ?? '', - runtimeMappings: sourcererDataView.runtimeMappings, + runtimeMappings: sourcererDataView.runtimeMappings as RunTimeMappings, skip: !eventId, }); const getFieldsData = useGetFieldsData(searchHit?.fields); diff --git a/x-pack/plugins/security_solution/public/helpers.tsx b/x-pack/plugins/security_solution/public/helpers.tsx index 5a6e2c2c5108d..0dfc0878631cc 100644 --- a/x-pack/plugins/security_solution/public/helpers.tsx +++ b/x-pack/plugins/security_solution/public/helpers.tsx @@ -15,6 +15,7 @@ import type { Capabilities, CoreStart } from '@kbn/core/public'; import type { DocLinks } from '@kbn/doc-links'; import type { EcsSecurityExtension as Ecs } from '@kbn/securitysolution-ecs'; import { dataTableActions, TableId } from '@kbn/securitysolution-data-table'; +import { isObject } from 'lodash'; import { ALERTS_PATH, APP_UI_ID, @@ -157,7 +158,10 @@ export const getInspectResponse = ( response: StrategyResponseType | TimelineEqlResponse | undefined, prevResponse: InspectResponse ): InspectResponse => ({ - dsl: response?.inspect?.dsl ?? prevResponse?.dsl ?? [], + dsl: + isObject(response?.inspect) && response?.inspect.dsl + ? response.inspect.dsl + : prevResponse?.dsl || [], response: response != null ? [JSON.stringify(response.rawResponse, null, 2)] : prevResponse?.response, }); diff --git a/x-pack/plugins/security_solution/public/overview/components/events_by_dataset/index.tsx b/x-pack/plugins/security_solution/public/overview/components/events_by_dataset/index.tsx index 360c95ec94019..b8592df20b3b5 100644 --- a/x-pack/plugins/security_solution/public/overview/components/events_by_dataset/index.tsx +++ b/x-pack/plugins/security_solution/public/overview/components/events_by_dataset/index.tsx @@ -14,6 +14,7 @@ import type { DataViewBase, Filter, Query } from '@kbn/es-query'; import styled from 'styled-components'; import { EuiButton } from '@elastic/eui'; import { getEsQueryConfig } from '@kbn/data-plugin/common'; +import type { RunTimeMappings } from '@kbn/timelines-plugin/common/api/search_strategy'; import { DEFAULT_NUMBER_FORMAT, APP_UI_ID } from '../../../../common/constants'; import { SHOWING, UNIT } from '../../../common/components/events_viewer/translations'; import { getTabsOnHostsUrl } from '../../../common/components/link_to/redirect_to_hosts'; @@ -195,7 +196,7 @@ const EventsByDatasetComponent: React.FC = ({ headerChildren={headerContent} id={uniqueQueryId} indexNames={indexNames} - runtimeMappings={runtimeMappings} + runtimeMappings={runtimeMappings as RunTimeMappings} onError={toggleTopN} paddingSize={paddingSize} setAbsoluteRangeDatePickerTarget={setAbsoluteRangeDatePickerTarget} diff --git a/x-pack/plugins/security_solution/public/overview/containers/overview_cti_links/use_ti_data_sources.ts b/x-pack/plugins/security_solution/public/overview/containers/overview_cti_links/use_ti_data_sources.ts index 96a0c44327909..086ad78ac3c5f 100644 --- a/x-pack/plugins/security_solution/public/overview/containers/overview_cti_links/use_ti_data_sources.ts +++ b/x-pack/plugins/security_solution/public/overview/containers/overview_cti_links/use_ti_data_sources.ts @@ -10,11 +10,11 @@ import { useEffect, useState } from 'react'; import { useObservable, withOptionalSignal } from '@kbn/securitysolution-hook-utils'; import type { DataPublicPluginStart } from '@kbn/data-plugin/public'; import { isCompleteResponse } from '@kbn/data-plugin/public'; +import type { ThreatIntelSourceRequestOptionsInput } from '../../../../common/api/search_strategy'; import { useKibana } from '../../../common/lib/kibana'; import type { Bucket, CtiDataSourceStrategyResponse, - CtiDataSourceRequestOptions, } from '../../../../common/search_strategy/security_solution/cti'; import { CtiQueries } from '../../../../common/search_strategy/security_solution/cti'; import { DEFAULT_THREAT_INDEX_KEY } from '../../../../common/constants'; @@ -22,7 +22,7 @@ import type { GlobalTimeArgs } from '../../../common/containers/use_global_time' import { OTHER_DATA_SOURCE_TITLE } from '../../components/overview_cti_links/translations'; import { OTHER_TI_DATASET_KEY } from '../../../../common/cti/constants'; -type GetThreatIntelSourcProps = CtiDataSourceRequestOptions & { +type GetThreatIntelSourceProps = Omit & { data: DataPublicPluginStart; signal: AbortSignal; }; @@ -33,8 +33,8 @@ export const getTiDataSources = ({ defaultIndex, timerange, signal, -}: GetThreatIntelSourcProps): Observable => - data.search.search( +}: GetThreatIntelSourceProps): Observable => + data.search.search( { defaultIndex, factoryQueryType: CtiQueries.dataSource, @@ -47,7 +47,7 @@ export const getTiDataSources = ({ ); export const getTiDataSourcesComplete = ( - props: GetThreatIntelSourcProps + props: GetThreatIntelSourceProps ): Observable => { return getTiDataSources(props).pipe( filter((response) => { diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/hooks.ts b/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/hooks.ts index 6e197ad52e4ff..597091bcfce0b 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/hooks.ts +++ b/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/hooks.ts @@ -111,7 +111,6 @@ export const useManagedUser = (userName: string) => { if (!isInitializing) { search({ defaultIndex: MANAGED_USER_INDEX, - factoryQueryType: UsersQueries.managedDetails, userName, }); } diff --git a/x-pack/plugins/security_solution/public/timelines/containers/active_timeline_context.ts b/x-pack/plugins/security_solution/public/timelines/containers/active_timeline_context.ts index 75a921cca12c2..383825da33038 100644 --- a/x-pack/plugins/security_solution/public/timelines/containers/active_timeline_context.ts +++ b/x-pack/plugins/security_solution/public/timelines/containers/active_timeline_context.ts @@ -5,12 +5,12 @@ * 2.0. */ +import type { + TimelineEventsAllOptionsInput, + TimelineEqlRequestOptionsInput, +} from '@kbn/timelines-plugin/common'; import type { ExpandedDetailTimeline, ExpandedDetailType } from '../../../common/types'; import { TimelineTabs } from '../../../common/types/timeline'; -import type { - TimelineEqlRequestOptions, - TimelineEventsAllRequestOptions, -} from '../../../common/search_strategy/timeline'; import type { TimelineArgs } from '.'; /* @@ -28,9 +28,9 @@ class ActiveTimelineEvents { private _activePage: number = 0; private _expandedDetail: ExpandedDetailTimeline = {}; private _pageName: string = ''; - private _request: TimelineEventsAllRequestOptions | null = null; + private _request: TimelineEventsAllOptionsInput | null = null; private _response: TimelineArgs | null = null; - private _eqlRequest: TimelineEqlRequestOptions | null = null; + private _eqlRequest: TimelineEqlRequestOptionsInput | null = null; private _eqlResponse: TimelineArgs | null = null; getActivePage() { @@ -89,7 +89,7 @@ class ActiveTimelineEvents { return this._request; } - setRequest(req: TimelineEventsAllRequestOptions) { + setRequest(req: TimelineEventsAllOptionsInput) { this._request = req; } @@ -105,7 +105,7 @@ class ActiveTimelineEvents { return this._eqlRequest; } - setEqlRequest(req: TimelineEqlRequestOptions) { + setEqlRequest(req: TimelineEqlRequestOptionsInput) { this._eqlRequest = req; } diff --git a/x-pack/plugins/security_solution/public/timelines/containers/details/index.tsx b/x-pack/plugins/security_solution/public/timelines/containers/details/index.tsx index 3b326e492d132..b35c2c86b9abe 100644 --- a/x-pack/plugins/security_solution/public/timelines/containers/details/index.tsx +++ b/x-pack/plugins/security_solution/public/timelines/containers/details/index.tsx @@ -12,14 +12,13 @@ import deepEqual from 'fast-deep-equal'; import { Subscription } from 'rxjs'; import { isCompleteResponse } from '@kbn/data-plugin/common'; +import type { TimelineEventsDetailsRequestOptionsInput } from '@kbn/timelines-plugin/common'; import { EntityType } from '@kbn/timelines-plugin/common'; import type { EcsSecurityExtension as Ecs } from '@kbn/securitysolution-ecs'; import { useKibana } from '../../../common/lib/kibana'; -import type { RunTimeMappings } from '../../../common/store/sourcerer/model'; import type { SearchHit, TimelineEventsDetailsItem, - TimelineEventsDetailsRequestOptions, TimelineEventsDetailsStrategyResponse, } from '../../../../common/search_strategy'; import { TimelineEventsQueries } from '../../../../common/search_strategy'; @@ -35,7 +34,7 @@ export interface UseTimelineEventsDetailsProps { entityType?: EntityType; indexName: string; eventId: string; - runtimeMappings: RunTimeMappings; + runtimeMappings: TimelineEventsDetailsRequestOptionsInput['runtimeMappings']; skip: boolean; } @@ -61,7 +60,7 @@ export const useTimelineEventsDetails = ({ // loading = false initial state causes flashes of empty tables const [loading, setLoading] = useState(true); const [timelineDetailsRequest, setTimelineDetailsRequest] = - useState(null); + useState(null); const { addError } = useAppToasts(); const [timelineDetailsResponse, setTimelineDetailsResponse] = @@ -70,7 +69,7 @@ export const useTimelineEventsDetails = ({ const [rawEventData, setRawEventData] = useState(undefined); const timelineDetailsSearch = useCallback( - (request: TimelineEventsDetailsRequestOptions | null) => { + (request: TimelineEventsDetailsRequestOptionsInput | null) => { if (request == null || skip || isEmpty(request.eventId)) { return; } @@ -80,7 +79,7 @@ export const useTimelineEventsDetails = ({ setLoading(true); searchSubscription$.current = data.search - .search( + .search( request, { strategy: 'timelineSearchStrategy', @@ -125,7 +124,7 @@ export const useTimelineEventsDetails = ({ eventId, factoryQueryType: TimelineEventsQueries.details, runtimeMappings, - }; + } as const; if (!deepEqual(prevRequest, myRequest)) { return myRequest; } diff --git a/x-pack/plugins/security_solution/public/timelines/containers/index.tsx b/x-pack/plugins/security_solution/public/timelines/containers/index.tsx index b65c7c7c51498..8d6e871f8354b 100644 --- a/x-pack/plugins/security_solution/public/timelines/containers/index.tsx +++ b/x-pack/plugins/security_solution/public/timelines/containers/index.tsx @@ -13,6 +13,10 @@ import { Subscription } from 'rxjs'; import type { DataView } from '@kbn/data-plugin/common'; import { isCompleteResponse } from '@kbn/data-plugin/common'; +import type { + TimelineEqlRequestOptionsInput, + TimelineEventsAllOptionsInput, +} from '@kbn/timelines-plugin/common/api/search_strategy'; import type { ESQuery } from '../../../common/typed_json'; import type { inputsModel } from '../../common/store'; @@ -25,7 +29,6 @@ import { getInspectResponse } from '../../helpers'; import type { PaginationInputPaginated, TimelineEventsAllStrategyResponse, - TimelineEventsAllRequestOptions, TimelineEdges, TimelineItem, TimelineRequestSortField, @@ -38,7 +41,6 @@ import { useRouteSpy } from '../../common/utils/route/use_route_spy'; import { activeTimeline } from './active_timeline_context'; import type { EqlOptionsSelected, - TimelineEqlRequestOptions, TimelineEqlResponse, } from '../../../common/search_strategy/timeline/events/eql'; import { useTrackHttpRequest } from '../../common/lib/apm/use_track_http_request'; @@ -62,12 +64,12 @@ type TimelineEventsSearchHandler = (onNextResponse?: OnNextResponseHandler) => v type LoadPage = (newActivePage: number) => void; type TimelineRequest = T extends 'kuery' - ? TimelineEventsAllRequestOptions + ? TimelineEventsAllOptionsInput : T extends 'lucene' - ? TimelineEventsAllRequestOptions + ? TimelineEventsAllOptionsInput : T extends 'eql' - ? TimelineEqlRequestOptions - : TimelineEventsAllRequestOptions; + ? TimelineEqlRequestOptionsInput + : TimelineEventsAllOptionsInput; type TimelineResponse = T extends 'kuery' ? TimelineEventsAllStrategyResponse @@ -259,10 +261,9 @@ export const useTimelineEventsHandler = ({ activeTimeline.setExpandedDetail({}); activeTimeline.setPageName(pageName); if (request.language === 'eql') { - activeTimeline.setEqlRequest(request as TimelineEqlRequestOptions); + activeTimeline.setEqlRequest(request as TimelineEqlRequestOptionsInput); activeTimeline.setEqlResponse(newTimelineResponse); } else { - // @ts-expect-error EqlSearchRequest.query is not compatible with QueryDslQueryContainer activeTimeline.setRequest(request); activeTimeline.setResponse(newTimelineResponse); } @@ -335,14 +336,14 @@ export const useTimelineEventsHandler = ({ } setTimelineRequest((prevRequest) => { - const prevEqlRequest = prevRequest as TimelineEqlRequestOptions; + const prevEqlRequest = prevRequest as TimelineEqlRequestOptionsInput; const prevSearchParameters = { defaultIndex: prevRequest?.defaultIndex ?? [], filterQuery: prevRequest?.filterQuery ?? '', - querySize: prevRequest?.pagination.querySize ?? 0, + querySize: prevRequest?.pagination?.querySize ?? 0, sort: prevRequest?.sort ?? initSortDefault, timerange: prevRequest?.timerange ?? {}, - runtimeMappings: (prevRequest?.runtimeMappings ?? {}) as RunTimeMappings, + runtimeMappings: (prevRequest?.runtimeMappings ?? {}) as unknown as RunTimeMappings, ...deStructureEqlOptions(prevEqlRequest), }; @@ -379,7 +380,7 @@ export const useTimelineEventsHandler = ({ sort, ...timerange, ...(eqlOptions ? eqlOptions : {}), - }; + } as const; if (activePage !== newActivePage) { setActivePage(newActivePage); diff --git a/x-pack/plugins/security_solution/public/timelines/containers/kpis/index.tsx b/x-pack/plugins/security_solution/public/timelines/containers/kpis/index.tsx index f2a1d81ec0294..a260a3d9f9cdd 100644 --- a/x-pack/plugins/security_solution/public/timelines/containers/kpis/index.tsx +++ b/x-pack/plugins/security_solution/public/timelines/containers/kpis/index.tsx @@ -11,14 +11,14 @@ import deepEqual from 'fast-deep-equal'; import { Subscription } from 'rxjs'; import { isCompleteResponse } from '@kbn/data-plugin/public'; +import { TimelineEventsQueries } from '@kbn/timelines-plugin/common'; import type { inputsModel } from '../../../common/store'; import { useKibana } from '../../../common/lib/kibana'; import type { - TimelineKpiStrategyRequest, + TimelineKpiRequestOptionsInput, TimelineKpiStrategyResponse, TimerangeInput, } from '../../../../common/search_strategy'; -import { TimelineEventsQueries } from '../../../../common/search_strategy'; import type { ESQuery } from '../../../../common/typed_json'; import { useAppToasts } from '../../../common/hooks/use_app_toasts'; import * as i18n from './translations'; @@ -41,15 +41,14 @@ export const useTimelineKpis = ({ const abortCtrl = useRef(new AbortController()); const searchSubscription$ = useRef(new Subscription()); const [loading, setLoading] = useState(false); - const [timelineKpiRequest, setTimelineKpiRequest] = useState( - null - ); + const [timelineKpiRequest, setTimelineKpiRequest] = + useState(null); const [timelineKpiResponse, setTimelineKpiResponse] = useState(null); const { addError } = useAppToasts(); const timelineKpiSearch = useCallback( - (request: TimelineKpiStrategyRequest | null) => { + (request: TimelineKpiRequestOptionsInput | null) => { if (request == null) { return; } @@ -58,7 +57,7 @@ export const useTimelineKpis = ({ setLoading(true); searchSubscription$.current = data.search - .search(request, { + .search(request, { strategy: 'timelineSearchStrategy', abortSignal: abortCtrl.current.signal, }) @@ -93,7 +92,7 @@ export const useTimelineKpis = ({ timerange, filterQuery, factoryQueryType: TimelineEventsQueries.kpi, - }; + } as const; if (!deepEqual(prevRequest, myRequest)) { return myRequest; } diff --git a/x-pack/plugins/security_solution/server/search_strategy/endpoint/factory/response_actions/actions/index.ts b/x-pack/plugins/security_solution/server/search_strategy/endpoint/factory/response_actions/actions/index.ts index fbb57a0d22e11..3c24d29ee7b50 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/endpoint/factory/response_actions/actions/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/endpoint/factory/response_actions/actions/index.ts @@ -17,9 +17,7 @@ import type { } from '../../../../../../common/search_strategy/endpoint/response_actions'; export const allActions: EndpointFactory = { - buildDsl: (options: ActionRequestOptions, { authz }) => { - return buildResponseActionsQuery(options, authz); - }, + buildDsl: (options: ActionRequestOptions, { authz }) => buildResponseActionsQuery(options, authz), parse: async ( options: ActionRequestOptions, response: IEsSearchResponse, diff --git a/x-pack/plugins/security_solution/server/search_strategy/endpoint/factory/response_actions/results/index.ts b/x-pack/plugins/security_solution/server/search_strategy/endpoint/factory/response_actions/results/index.ts index 705018f001acb..292f4858ac3c7 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/endpoint/factory/response_actions/results/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/endpoint/factory/response_actions/results/index.ts @@ -16,9 +16,7 @@ import { buildActionResultsQuery } from './query.action_results.dsl'; import type { EndpointFactory } from '../../types'; export const actionResults: EndpointFactory = { - buildDsl: (options: ActionResponsesRequestOptions) => { - return buildActionResultsQuery(options); - }, + buildDsl: (options: ActionResponsesRequestOptions) => buildActionResultsQuery(options), parse: async (options, response): Promise => { const inspect = { dsl: [inspectStringifyObject(buildActionResultsQuery(options))], diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/factory.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/factory.ts index ec08cfbc30965..ac6232f597395 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/factory.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/factory.ts @@ -5,7 +5,7 @@ * 2.0. */ -import type { CtiQueries } from '../../../../../../common/search_strategy/security_solution/cti'; +import type { CtiQueries } from '../../../../../../common/search_strategy'; import type { SecuritySolutionFactory } from '../../types'; import { buildEventEnrichmentQuery } from './query'; import { parseEventEnrichmentResponse } from './response'; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/query.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/query.ts index cef953b5fb557..ec1ca68817f2c 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/query.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/query.ts @@ -5,56 +5,59 @@ * 2.0. */ -import type { CtiQueries } from '../../../../../../common/search_strategy/security_solution/cti'; +import type { EventEnrichmentRequestOptions } from '../../../../../../common/api/search_strategy'; import { createQueryFilterClauses } from '../../../../../utils/build_query'; -import type { SecuritySolutionFactory } from '../../types'; import { buildIndicatorShouldClauses } from './helpers'; -export const buildEventEnrichmentQuery: SecuritySolutionFactory['buildDsl'] = - ({ defaultIndex, eventFields, filterQuery, timerange: { from, to } }) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { term: { 'event.type': 'indicator' } }, - { - range: { - '@timestamp': { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, +export const buildEventEnrichmentQuery = ({ + defaultIndex, + eventFields, + filterQuery, + timerange: { from, to }, +}: EventEnrichmentRequestOptions) => { + const filter = [ + ...createQueryFilterClauses(filterQuery), + { term: { 'event.type': 'indicator' } }, + { + range: { + '@timestamp': { + gte: from, + lte: to, + format: 'strict_date_optional_time', }, }, - ]; + }, + ]; - return { - allow_no_indices: true, - ignore_unavailable: true, - index: defaultIndex, - body: { - _source: false, - fields: [ - { field: '*', include_unmapped: true }, - { - field: '@timestamp', - format: 'strict_date_optional_time', - }, - { - field: 'code_signature.timestamp', - format: 'strict_date_optional_time', - }, - { - field: 'dll.code_signature.timestamp', - format: 'strict_date_optional_time', - }, - ], - stored_fields: ['*'], - query: { - bool: { - should: buildIndicatorShouldClauses(eventFields), - filter, - minimum_should_match: 1, - }, + return { + allow_no_indices: true, + ignore_unavailable: true, + index: defaultIndex, + body: { + _source: false, + fields: [ + { field: '*', include_unmapped: true }, + { + field: '@timestamp', + format: 'strict_date_optional_time', + }, + { + field: 'code_signature.timestamp', + format: 'strict_date_optional_time', + }, + { + field: 'dll.code_signature.timestamp', + format: 'strict_date_optional_time', + }, + ], + stored_fields: ['*'], + query: { + bool: { + should: buildIndicatorShouldClauses(eventFields), + filter, + minimum_should_match: 1, }, }, - }; + }, }; +}; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/response.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/response.ts index 026cf28319e5e..f305eb3254b5a 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/response.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/event_enrichment/response.ts @@ -5,24 +5,26 @@ * 2.0. */ -import type { CtiQueries } from '../../../../../../common/search_strategy/security_solution/cti'; +import type { IEsSearchResponse } from '@kbn/data-plugin/common'; +import type { EventEnrichmentRequestOptions } from '../../../../../../common/api/search_strategy'; import { inspectStringifyObject } from '../../../../../utils/build_query'; -import type { SecuritySolutionFactory } from '../../types'; import { buildIndicatorEnrichments, getTotalCount } from './helpers'; import { buildEventEnrichmentQuery } from './query'; -export const parseEventEnrichmentResponse: SecuritySolutionFactory['parse'] = - async (options, response, deps) => { - const inspect = { - dsl: [inspectStringifyObject(buildEventEnrichmentQuery(options))], - }; - const totalCount = getTotalCount(response.rawResponse.hits.total); - const enrichments = buildIndicatorEnrichments(response.rawResponse.hits.hits); +export const parseEventEnrichmentResponse = async ( + options: EventEnrichmentRequestOptions, + response: IEsSearchResponse +) => { + const inspect = { + dsl: [inspectStringifyObject(buildEventEnrichmentQuery(options))], + }; + const totalCount = getTotalCount(response.rawResponse.hits.total); + const enrichments = buildIndicatorEnrichments(response.rawResponse.hits.hits); - return { - ...response, - enrichments, - inspect, - totalCount, - }; + return { + ...response, + enrichments, + inspect, + totalCount, }; +}; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/index.ts index e43af97e84af0..5192f466ca5d7 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/index.ts @@ -5,13 +5,11 @@ * 2.0. */ -import type { FactoryQueryTypes } from '../../../../../common/search_strategy/security_solution'; import { CtiQueries } from '../../../../../common/search_strategy/security_solution/cti'; -import type { SecuritySolutionFactory } from '../types'; import { eventEnrichment } from './event_enrichment'; import { dataSource } from './threat_intel_source'; -export const ctiFactoryTypes: Record> = { +export const ctiFactoryTypes = { [CtiQueries.eventEnrichment]: eventEnrichment, [CtiQueries.dataSource]: dataSource, }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/threat_intel_source/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/threat_intel_source/index.ts index dcd311ece1f9f..5052c4cc73fa7 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/threat_intel_source/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/threat_intel_source/index.ts @@ -10,15 +10,14 @@ import type { SecuritySolutionFactory } from '../../types'; import type { CtiDataSourceStrategyResponse, CtiQueries, - CtiDataSourceRequestOptions, } from '../../../../../../common/search_strategy/security_solution/cti'; import { inspectStringifyObject } from '../../../../../utils/build_query'; import { buildTiDataSourceQuery } from './query.threat_intel_source.dsl'; export const dataSource: SecuritySolutionFactory = { - buildDsl: (options: CtiDataSourceRequestOptions) => buildTiDataSourceQuery(options), + buildDsl: (options) => buildTiDataSourceQuery(options), parse: async ( - options: CtiDataSourceRequestOptions, + options, response: IEsSearchResponse ): Promise => { const inspect = { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/threat_intel_source/query.threat_intel_source.dsl.test.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/threat_intel_source/query.threat_intel_source.dsl.test.ts index faeb33b2369a1..54663122eea4b 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/threat_intel_source/query.threat_intel_source.dsl.test.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/threat_intel_source/query.threat_intel_source.dsl.test.ts @@ -7,8 +7,9 @@ import { buildTiDataSourceQuery } from './query.threat_intel_source.dsl'; import { CtiQueries } from '../../../../../../common/search_strategy/security_solution/cti'; +import type { ThreatIntelSourceRequestOptionsInput } from '../../../../../../common/api/search_strategy'; -export const mockOptions = { +export const mockOptions: ThreatIntelSourceRequestOptionsInput = { defaultIndex: ['logs-ti_*', 'filebeat-8*'], factoryQueryType: CtiQueries.dataSource, filterQuery: '', diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/threat_intel_source/query.threat_intel_source.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/threat_intel_source/query.threat_intel_source.dsl.ts index 5aef67e1fc42d..0ea0ddbb3a5a9 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/threat_intel_source/query.threat_intel_source.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/cti/threat_intel_source/query.threat_intel_source.dsl.ts @@ -5,12 +5,12 @@ * 2.0. */ -import type { CtiDataSourceRequestOptions } from '../../../../../../common/search_strategy/security_solution/cti'; +import type { ThreatIntelSourceRequestOptions } from '../../../../../../common/api/search_strategy'; export const buildTiDataSourceQuery = ({ timerange, defaultIndex, -}: CtiDataSourceRequestOptions) => { +}: ThreatIntelSourceRequestOptions) => { const filter = []; if (timerange) { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/all/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/all/__mocks__/index.ts index 8937e480d0966..3db8573a6a606 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/all/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/all/__mocks__/index.ts @@ -8,12 +8,11 @@ import type { KibanaRequest, SavedObjectsClientContract } from '@kbn/core/server'; import { elasticsearchServiceMock } from '@kbn/core/server/mocks'; import type { IEsSearchResponse } from '@kbn/data-plugin/common'; +import type { HostsRequestOptions } from '../../../../../../../common/api/search_strategy'; +import { HostsFields } from '../../../../../../../common/api/search_strategy/hosts/model/sort'; -import type { - HostAggEsItem, - HostsRequestOptions, -} from '../../../../../../../common/search_strategy'; -import { Direction, HostsFields, HostsQueries } from '../../../../../../../common/search_strategy'; +import type { HostAggEsItem } from '../../../../../../../common/search_strategy'; +import { Direction, HostsQueries } from '../../../../../../../common/search_strategy'; import { createMockEndpointAppContext } from '../../../../../../endpoint/mocks'; export const mockOptions: HostsRequestOptions = { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/all/index.test.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/all/index.test.ts index 7abc747eb0c82..600c5414b4fbe 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/all/index.test.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/all/index.test.ts @@ -7,7 +7,6 @@ import { DEFAULT_MAX_TABLE_QUERY_SIZE } from '../../../../../../common/constants'; -import type { HostsRequestOptions } from '../../../../../../common/search_strategy/security_solution'; import { RiskScoreEntity } from '../../../../../../common/search_strategy/security_solution'; import * as buildQuery from './query.all_hosts.dsl'; import * as buildRiskQuery from '../../risk_score/all/query.risk_score.dsl'; @@ -19,6 +18,7 @@ import { mockDeps as defaultMockDeps, } from './__mocks__'; import { get } from 'lodash/fp'; +import type { HostsRequestOptions } from '../../../../../../common/api/search_strategy'; class IndexNotFoundException extends Error { meta: { body: { error: { type: string } } }; @@ -130,6 +130,7 @@ describe('allHosts search strategy', () => { defaultIndex: ['ml_host_risk_score_latest_test-space'], filterQuery: { terms: { 'host.name': [hostName] } }, riskScoreEntity: RiskScoreEntity.host, + factoryQueryType: expect.stringContaining('RiskScore'), }); }); diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/all/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/all/index.ts index 98241e8336fa9..0131f5417d0d5 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/all/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/all/index.ts @@ -14,12 +14,12 @@ import type { HostAggEsItem, HostsStrategyResponse, HostsQueries, - HostsRequestOptions, HostsEdges, } from '../../../../../../common/search_strategy/security_solution/hosts'; import type { HostRiskScore } from '../../../../../../common/search_strategy'; import { + RiskQueries, RiskScoreEntity, getHostRiskIndex, buildHostNamesFilter, @@ -34,14 +34,14 @@ import type { EndpointAppContext } from '../../../../../endpoint/types'; import { buildRiskScoreQuery } from '../../risk_score/all/query.risk_score.dsl'; export const allHosts: SecuritySolutionFactory = { - buildDsl: (options: HostsRequestOptions) => { + buildDsl: (options) => { if (options.pagination && options.pagination.querySize >= DEFAULT_MAX_TABLE_QUERY_SIZE) { throw new Error(`No query size above ${DEFAULT_MAX_TABLE_QUERY_SIZE}`); } return buildHostsQuery(options); }, parse: async ( - options: HostsRequestOptions, + options, response: IEsSearchResponse, deps?: { esClient: IScopedClusterClient; @@ -134,6 +134,7 @@ export async function getHostRiskData( defaultIndex: [getHostRiskIndex(spaceId, true, isNewRiskScoreModuleAvailable)], filterQuery: buildHostNamesFilter(hostNames), riskScoreEntity: RiskScoreEntity.host, + factoryQueryType: RiskQueries.hostsRiskScore, }) ); return hostRiskResponse; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/all/query.all_hosts.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/all/query.all_hosts.dsl.ts index 6a5cc8d008563..cb3c960e1f6ea 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/all/query.all_hosts.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/all/query.all_hosts.dsl.ts @@ -7,12 +7,9 @@ import type { ISearchRequestParams } from '@kbn/data-plugin/common'; import { hostFieldsMap } from '@kbn/securitysolution-ecs'; -import type { - Direction, - HostsRequestOptions, - SortField, -} from '../../../../../../common/search_strategy'; -import { HostsFields } from '../../../../../../common/search_strategy'; +import { HostsFields } from '../../../../../../common/api/search_strategy/hosts/model/sort'; +import type { HostsRequestOptions } from '../../../../../../common/api/search_strategy'; +import type { Direction } from '../../../../../../common/search_strategy'; import { createQueryFilterClauses, reduceFields } from '../../../../../utils/build_query'; import { assertUnreachable } from '../../../../../../common/utility_types'; import { HOSTS_FIELDS } from './helpers'; @@ -88,13 +85,13 @@ export const buildHostsQuery = ({ type QueryOrder = { lastSeen: Direction } | { _key: Direction }; -const getQueryOrder = (sort: SortField): QueryOrder => { +const getQueryOrder = (sort: HostsRequestOptions['sort']): QueryOrder => { switch (sort.field) { case HostsFields.lastSeen: return { lastSeen: sort.direction }; case HostsFields.hostName: return { _key: sort.direction }; default: - return assertUnreachable(sort.field); + return assertUnreachable(sort.field as never); } }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/__mocks__/index.ts index aa4d5c03b23be..3896197198ad1 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/__mocks__/index.ts @@ -6,10 +6,10 @@ */ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; +import type { HostsFields } from '../../../../../../../common/api/search_strategy/hosts/model/sort'; import type { HostDetailsRequestOptions, SortField, - HostsFields, } from '../../../../../../../common/search_strategy'; import { Direction, HostsQueries } from '../../../../../../../common/search_strategy'; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/index.test.tsx b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/index.test.ts similarity index 100% rename from x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/index.test.tsx rename to x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/index.test.ts diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/index.ts index 27f00f5b8734a..96d3a941ef8b8 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/index.ts @@ -17,7 +17,6 @@ import type { HostAggEsData, HostDetailsStrategyResponse, HostsQueries, - HostDetailsRequestOptions, EndpointFields, } from '../../../../../../common/search_strategy/security_solution/hosts'; @@ -28,9 +27,9 @@ import { formatHostItem, getHostEndpoint } from './helpers'; import type { EndpointAppContext } from '../../../../../endpoint/types'; export const hostDetails: SecuritySolutionFactory = { - buildDsl: (options: HostDetailsRequestOptions) => buildHostDetailsQuery(options), + buildDsl: (options) => buildHostDetailsQuery(options), parse: async ( - options: HostDetailsRequestOptions, + options, response: IEsSearchResponse, deps?: { esClient: IScopedClusterClient; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/kpi/hosts/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/kpi/hosts/index.ts index cee0abba2fdb9..f38e0f7b401aa 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/kpi/hosts/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/kpi/hosts/index.ts @@ -11,7 +11,6 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { HostsKpiQueries, HostsKpiHostsStrategyResponse, - HostsKpiHostsRequestOptions, } from '../../../../../../../common/search_strategy/security_solution/hosts'; import { inspectStringifyObject } from '../../../../../../utils/build_query'; import type { SecuritySolutionFactory } from '../../../types'; @@ -19,9 +18,9 @@ import { buildHostsKpiHostsQuery } from './query.hosts_kpi_hosts.dsl'; import { formatGeneralHistogramData } from '../../../common/format_general_histogram_data'; export const hostsKpiHosts: SecuritySolutionFactory = { - buildDsl: (options: HostsKpiHostsRequestOptions) => buildHostsKpiHostsQuery(options), + buildDsl: (options) => buildHostsKpiHostsQuery(options), parse: async ( - options: HostsKpiHostsRequestOptions, + options, response: IEsSearchResponse ): Promise => { const inspect = { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/kpi/hosts/query.hosts_kpi_hosts.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/kpi/hosts/query.hosts_kpi_hosts.dsl.ts index 0383a58a65353..73e5c25e53683 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/kpi/hosts/query.hosts_kpi_hosts.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/kpi/hosts/query.hosts_kpi_hosts.dsl.ts @@ -5,14 +5,14 @@ * 2.0. */ -import type { HostsKpiHostsRequestOptions } from '../../../../../../../common/search_strategy/security_solution/hosts'; +import type { KpiHostsRequestOptions } from '../../../../../../../common/api/search_strategy'; import { createQueryFilterClauses } from '../../../../../../utils/build_query'; export const buildHostsKpiHostsQuery = ({ filterQuery, timerange: { from, to }, defaultIndex, -}: HostsKpiHostsRequestOptions) => { +}: KpiHostsRequestOptions) => { const filter = [ ...createQueryFilterClauses(filterQuery), { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/kpi/unique_ips/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/kpi/unique_ips/index.ts index 2147c48b5763a..8d0eef56b75b9 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/kpi/unique_ips/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/kpi/unique_ips/index.ts @@ -11,7 +11,6 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { HostsKpiQueries, HostsKpiUniqueIpsStrategyResponse, - HostsKpiUniqueIpsRequestOptions, } from '../../../../../../../common/search_strategy/security_solution/hosts'; import { inspectStringifyObject } from '../../../../../../utils/build_query'; import type { SecuritySolutionFactory } from '../../../types'; @@ -19,9 +18,9 @@ import { buildHostsKpiUniqueIpsQuery } from './query.hosts_kpi_unique_ips.dsl'; import { formatGeneralHistogramData } from '../../../common/format_general_histogram_data'; export const hostsKpiUniqueIps: SecuritySolutionFactory = { - buildDsl: (options: HostsKpiUniqueIpsRequestOptions) => buildHostsKpiUniqueIpsQuery(options), + buildDsl: (options) => buildHostsKpiUniqueIpsQuery(options), parse: async ( - options: HostsKpiUniqueIpsRequestOptions, + options, response: IEsSearchResponse ): Promise => { const inspect = { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/kpi/unique_ips/query.hosts_kpi_unique_ips.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/kpi/unique_ips/query.hosts_kpi_unique_ips.dsl.ts index 290f1dc238348..0d18765a1b6a4 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/kpi/unique_ips/query.hosts_kpi_unique_ips.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/kpi/unique_ips/query.hosts_kpi_unique_ips.dsl.ts @@ -5,14 +5,14 @@ * 2.0. */ -import type { HostsKpiUniqueIpsRequestOptions } from '../../../../../../../common/search_strategy/security_solution/hosts'; +import type { KpiUniqueIpsRequestOptions } from '../../../../../../../common/api/search_strategy'; import { createQueryFilterClauses } from '../../../../../../utils/build_query'; export const buildHostsKpiUniqueIpsQuery = ({ filterQuery, timerange: { from, to }, defaultIndex, -}: HostsKpiUniqueIpsRequestOptions) => { +}: KpiUniqueIpsRequestOptions) => { const filter = [ ...createQueryFilterClauses(filterQuery), { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/overview/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/overview/__mocks__/index.ts index ce87321c3b18f..d4b1e310ae5d6 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/overview/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/overview/__mocks__/index.ts @@ -6,8 +6,8 @@ */ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; +import type { HostOverviewRequestOptions } from '../../../../../../../common/api/search_strategy'; -import type { HostOverviewRequestOptions } from '../../../../../../../common/search_strategy'; import { HostsQueries } from '../../../../../../../common/search_strategy'; export const mockOptions: HostOverviewRequestOptions = { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/overview/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/overview/index.ts index c7d08f92ab55a..83e3f6eb93b98 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/overview/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/overview/index.ts @@ -11,7 +11,6 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { HostsOverviewStrategyResponse, HostsQueries, - HostOverviewRequestOptions, OverviewHostHit, } from '../../../../../../common/search_strategy/security_solution/hosts'; import { inspectStringifyObject } from '../../../../../utils/build_query'; @@ -19,9 +18,9 @@ import type { SecuritySolutionFactory } from '../../types'; import { buildOverviewHostQuery } from './query.overview_host.dsl'; export const hostOverview: SecuritySolutionFactory = { - buildDsl: (options: HostOverviewRequestOptions) => buildOverviewHostQuery(options), + buildDsl: (options) => buildOverviewHostQuery(options), parse: async ( - options: HostOverviewRequestOptions, + options, response: IEsSearchResponse ): Promise => { // @ts-expect-error specify aggregations type explicitly diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/overview/query.overview_host.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/overview/query.overview_host.dsl.ts index 2ad25f8907ff2..c55703e17cc47 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/overview/query.overview_host.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/overview/query.overview_host.dsl.ts @@ -6,8 +6,8 @@ */ import type { ISearchRequestParams } from '@kbn/data-plugin/common'; +import type { HostOverviewRequestOptions } from '../../../../../../common/api/search_strategy/hosts/hosts'; import { createQueryFilterClauses } from '../../../../../utils/build_query'; -import type { HostOverviewRequestOptions } from '../../../../../../common/search_strategy/security_solution/hosts'; export const buildOverviewHostQuery = ({ filterQuery, diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/uncommon_processes/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/uncommon_processes/__mocks__/index.ts index f51b8082d0ffa..b5fc2ea7dbf73 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/uncommon_processes/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/uncommon_processes/__mocks__/index.ts @@ -5,10 +5,10 @@ * 2.0. */ -import type { SortField } from '../../../../../../../common/search_strategy'; -import { HostsQueries } from '../../../../../../../common/search_strategy'; +import type { HostUncommonProcessesRequestOptions } from '../../../../../../../common/api/search_strategy'; +import { Direction, HostsQueries } from '../../../../../../../common/search_strategy'; -export const mockOptions = { +export const mockOptions: HostUncommonProcessesRequestOptions = { defaultIndex: [ 'apm-*-transaction*', 'traces-apm*', @@ -28,12 +28,15 @@ export const mockOptions = { fakePossibleCount: 50, querySize: 10, }, + sort: { + direction: Direction.desc, + field: '@timestamp', + }, timerange: { interval: '12h', from: '2020-09-06T15:23:52.757Z', to: '2020-09-07T15:23:52.757Z', }, - sort: {} as SortField, }; export const mockSearchStrategyResponse = { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/uncommon_processes/dsl/query.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/uncommon_processes/dsl/query.dsl.ts index abb65529084c3..c7364dd8b375d 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/uncommon_processes/dsl/query.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/uncommon_processes/dsl/query.dsl.ts @@ -6,17 +6,19 @@ */ import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; import { hostFieldsMap, processFieldsMap, userFieldsMap } from '@kbn/securitysolution-ecs'; +import type { HostUncommonProcessesRequestOptions } from '../../../../../../../common/api/search_strategy'; import { createQueryFilterClauses } from '../../../../../../utils/build_query'; import { reduceFields } from '../../../../../../utils/build_query/reduce_fields'; -import type { RequestOptionsPaginated } from '../../../../../../../common/search_strategy/security_solution'; import { UNCOMMON_PROCESSES_FIELDS } from '../helpers'; export const buildQuery = ({ defaultIndex, filterQuery, - pagination: { querySize }, + pagination, timerange: { from, to }, -}: RequestOptionsPaginated) => { +}: HostUncommonProcessesRequestOptions) => { + const querySize = pagination?.querySize ?? 10; + const processUserFields = reduceFields(UNCOMMON_PROCESSES_FIELDS, { ...processFieldsMap, ...userFieldsMap, diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/uncommon_processes/index.test.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/uncommon_processes/index.test.ts index 4f3f88eaa29c9..3033c40bfba52 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/uncommon_processes/index.test.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/uncommon_processes/index.test.ts @@ -7,7 +7,6 @@ import { DEFAULT_MAX_TABLE_QUERY_SIZE } from '../../../../../../common/constants'; -import type { HostsUncommonProcessesRequestOptions } from '../../../../../../common/search_strategy/security_solution'; import * as buildQuery from './dsl/query.dsl'; import { uncommonProcesses } from '.'; import { @@ -15,6 +14,7 @@ import { mockSearchStrategyResponse, formattedSearchStrategyResponse, } from './__mocks__'; +import type { HostUncommonProcessesRequestOptions } from '../../../../../../common/api/search_strategy'; describe('uncommonProcesses search strategy', () => { const buildUncommonProcessesQuery = jest.spyOn(buildQuery, 'buildQuery'); @@ -36,7 +36,7 @@ describe('uncommonProcesses search strategy', () => { ...mockOptions.pagination, querySize: DEFAULT_MAX_TABLE_QUERY_SIZE, }, - } as HostsUncommonProcessesRequestOptions; + } as HostUncommonProcessesRequestOptions; expect(() => { uncommonProcesses.buildDsl(overSizeOptions); diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/uncommon_processes/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/uncommon_processes/index.ts index dfa63911c8d8a..920dbd351bf97 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/uncommon_processes/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/uncommon_processes/index.ts @@ -12,10 +12,7 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import { processFieldsMap, userFieldsMap } from '@kbn/securitysolution-ecs'; import { DEFAULT_MAX_TABLE_QUERY_SIZE } from '../../../../../../common/constants'; import type { HostsQueries } from '../../../../../../common/search_strategy/security_solution'; -import type { - HostsUncommonProcessesRequestOptions, - HostsUncommonProcessesStrategyResponse, -} from '../../../../../../common/search_strategy/security_solution/hosts/uncommon_processes'; +import type { HostsUncommonProcessesStrategyResponse } from '../../../../../../common/search_strategy/security_solution/hosts/uncommon_processes'; import { inspectStringifyObject } from '../../../../../utils/build_query'; @@ -24,14 +21,14 @@ import { buildQuery } from './dsl/query.dsl'; import { formatUncommonProcessesData, getHits } from './helpers'; export const uncommonProcesses: SecuritySolutionFactory = { - buildDsl: (options: HostsUncommonProcessesRequestOptions) => { + buildDsl: (options) => { if (options.pagination && options.pagination.querySize >= DEFAULT_MAX_TABLE_QUERY_SIZE) { throw new Error(`No query size above ${DEFAULT_MAX_TABLE_QUERY_SIZE}`); } return buildQuery(options); }, parse: async ( - options: HostsUncommonProcessesRequestOptions, + options, response: IEsSearchResponse ): Promise => { const { activePage, cursorStart, fakePossibleCount, querySize } = options.pagination; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/last_first_seen/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/last_first_seen/__mocks__/index.ts index e1c192af513bd..86cbb97ed68b9 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/last_first_seen/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/last_first_seen/__mocks__/index.ts @@ -5,10 +5,10 @@ * 2.0. */ -import type { FirstLastSeenRequestOptions } from '../../../../../../common/search_strategy'; +import type { FirstLastSeenRequestOptionsInput } from '../../../../../../common/api/search_strategy'; import { Direction, FirstLastSeenQuery } from '../../../../../../common/search_strategy'; -export const mockOptions: FirstLastSeenRequestOptions = { +export const mockOptions: FirstLastSeenRequestOptionsInput = { defaultIndex: [ 'apm-*-transaction*', 'traces-apm*', diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/last_first_seen/index.test.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/last_first_seen/index.test.ts index c8edf6a96b2e2..658b7cc008bb8 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/last_first_seen/index.test.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/last_first_seen/index.test.ts @@ -7,7 +7,6 @@ import { ZodError } from 'zod'; -import type { FirstLastSeenRequestOptions } from '../../../../../common/search_strategy'; import { Direction } from '../../../../../common/search_strategy'; import * as buildQuery from './query.first_or_last_seen.dsl'; import { firstOrLastSeen } from '.'; @@ -18,6 +17,7 @@ import { formattedSearchStrategyLastResponse, formattedSearchStrategyFirstResponse, } from './__mocks__'; +import type { FirstLastSeenRequestOptionsInput } from '../../../../../common/api/search_strategy'; describe('firstLastSeen search strategy', () => { describe('first seen search strategy', () => { @@ -54,7 +54,7 @@ describe('firstLastSeen search strategy', () => { describe('buildDsl', () => { test('should build dsl query', () => { - const options: FirstLastSeenRequestOptions = { ...mockOptions, order: Direction.desc }; + const options: FirstLastSeenRequestOptionsInput = { ...mockOptions, order: Direction.desc }; firstOrLastSeen.buildDsl(options); expect(buildFirstLastSeenQuery).toHaveBeenCalledWith(options); }); @@ -72,7 +72,7 @@ describe('firstLastSeen search strategy', () => { test('should throw an error when parse fails', async () => { try { await firstOrLastSeen.parse( - { invalidOption: 'key' } as unknown as FirstLastSeenRequestOptions, + { invalidOption: 'key' } as unknown as FirstLastSeenRequestOptionsInput, mockSearchStrategyLastSeenResponse ); } catch (error: unknown) { @@ -84,6 +84,9 @@ describe('firstLastSeen search strategy', () => { expect(error.flatten()).toMatchInlineSnapshot(` Object { "fieldErrors": Object { + "factoryQueryType": Array [ + "Invalid literal value, expected \\"firstlastseen\\"", + ], "field": Array [ "Required", ], diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/last_first_seen/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/last_first_seen/index.ts index 396dfed867c18..9cd28bfc1c121 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/last_first_seen/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/last_first_seen/index.ts @@ -8,6 +8,7 @@ import { getOr } from 'lodash/fp'; import type { IEsSearchResponse } from '@kbn/data-plugin/common'; +import { firstLastSeenRequestOptionsSchema } from '../../../../../common/api/search_strategy'; import type { FactoryQueryTypes, FirstLastSeenStrategyResponse, @@ -17,14 +18,15 @@ import { FirstLastSeenQuery } from '../../../../../common/search_strategy/securi import { inspectStringifyObject } from '../../../../utils/build_query'; import type { SecuritySolutionFactory } from '../types'; import { buildFirstOrLastSeenQuery } from './query.first_or_last_seen.dsl'; -import { parseOptions } from './parse_options'; export const firstOrLastSeen: SecuritySolutionFactory = { - buildDsl: (options: unknown) => buildFirstOrLastSeenQuery(options), + buildDsl: (options) => buildFirstOrLastSeenQuery(options), parse: async ( - options: unknown, + options, response: IEsSearchResponse ): Promise => { + firstLastSeenRequestOptionsSchema.parse(options); + // First try to get the formatted field if it exists or not. const formattedField: string | null = getOr( null, @@ -36,7 +38,7 @@ export const firstOrLastSeen: SecuritySolutionFactory dsl: [inspectStringifyObject(buildFirstOrLastSeenQuery(options))], }; - const { order } = parseOptions(options); + const { order } = options; if (order === 'asc') { return { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/last_first_seen/query.first_or_last_seen.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/last_first_seen/query.first_or_last_seen.dsl.ts index cee6d19ce54ae..8ea331207d302 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/last_first_seen/query.first_or_last_seen.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/last_first_seen/query.first_or_last_seen.dsl.ts @@ -5,14 +5,12 @@ * 2.0. */ -import type { FirstLastSeenRequestOptions } from '../../../../../common/api/search_strategy/first_seen_last_seen/first_seen_last_seen'; +import type { FirstLastSeenRequestOptions } from '../../../../../common/api/search_strategy'; import { createQueryFilterClauses } from '../../../../utils/build_query'; -import { parseOptions } from './parse_options'; -export const buildFirstOrLastSeenQuery = (options: unknown) => { - const { field, value, defaultIndex, order, filterQuery }: FirstLastSeenRequestOptions = - parseOptions(options); +export const buildFirstOrLastSeenQuery = (options: FirstLastSeenRequestOptions) => { + const { field, value, defaultIndex, order, filterQuery } = options; const filter = [...createQueryFilterClauses(filterQuery), { term: { [field]: value } }]; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/alerts/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/alerts/__mocks__/index.ts index 4f6b910fbccf7..dda3395b54c1a 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/alerts/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/alerts/__mocks__/index.ts @@ -5,9 +5,11 @@ * 2.0. */ +import type { MatrixHistogramRequestOptions } from '../../../../../../../common/api/search_strategy'; +import { MatrixHistogramQuery } from '../../../../../../../common/api/search_strategy'; import { MatrixHistogramType } from '../../../../../../../common/search_strategy'; -export const mockOptions = { +export const mockOptions: MatrixHistogramRequestOptions = { defaultIndex: [ 'apm-*-transaction*', 'traces-apm*', @@ -23,6 +25,9 @@ export const mockOptions = { histogramType: MatrixHistogramType.alerts, timerange: { interval: '12h', from: '2020-09-08T14:23:04.482Z', to: '2020-09-09T14:23:04.482Z' }, stackByField: 'event.module', + includeMissingData: false, + isPtrIncluded: false, + factoryQueryType: MatrixHistogramQuery, }; export const expectedDsl = { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/alerts/query.alerts_histogram.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/alerts/query.alerts_histogram.dsl.ts index 792829ed32f29..bee0f1ac7f457 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/alerts/query.alerts_histogram.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/alerts/query.alerts_histogram.dsl.ts @@ -6,12 +6,12 @@ */ import moment from 'moment'; +import type { MatrixHistogramRequestOptions } from '../../../../../../common/api/search_strategy'; import { createQueryFilterClauses, calculateTimeSeriesInterval, } from '../../../../../utils/build_query'; -import type { MatrixHistogramRequestOptions } from '../../../../../../common/search_strategy/security_solution/matrix_histogram'; export const buildAlertsHistogramQuery = ({ filterQuery, diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/anomalies/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/anomalies/__mocks__/index.ts index 700580655f1b0..69b1977f17083 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/anomalies/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/anomalies/__mocks__/index.ts @@ -5,9 +5,11 @@ * 2.0. */ +import type { MatrixHistogramRequestOptions } from '../../../../../../../common/api/search_strategy'; +import { MatrixHistogramQuery } from '../../../../../../../common/api/search_strategy'; import { MatrixHistogramType } from '../../../../../../../common/search_strategy'; -export const mockOptions = { +export const mockOptions: MatrixHistogramRequestOptions = { defaultIndex: [ 'apm-*-transaction*', 'traces-apm*', @@ -23,6 +25,9 @@ export const mockOptions = { histogramType: MatrixHistogramType.anomalies, timerange: { interval: '12h', from: '2020-09-08T15:14:35.566Z', to: '2020-09-09T15:14:35.566Z' }, stackByField: 'job_id', + includeMissingData: false, + isPtrIncluded: false, + factoryQueryType: MatrixHistogramQuery, }; export const expectedDsl = { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/anomalies/query.anomalies_histogram.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/anomalies/query.anomalies_histogram.dsl.ts index 87e2664d74271..da1b72341c71a 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/anomalies/query.anomalies_histogram.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/anomalies/query.anomalies_histogram.dsl.ts @@ -11,7 +11,7 @@ import { createQueryFilterClauses, calculateTimeSeriesInterval, } from '../../../../../utils/build_query'; -import type { MatrixHistogramRequestOptions } from '../../../../../../common/search_strategy/security_solution/matrix_histogram'; +import type { MatrixHistogramRequestOptions } from '../../../../../../common/api/search_strategy'; export const buildAnomaliesHistogramQuery = ({ filterQuery, diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/authentications/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/authentications/__mocks__/index.ts index b917da12c9ad7..0f7145dc95320 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/authentications/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/authentications/__mocks__/index.ts @@ -5,9 +5,11 @@ * 2.0. */ +import type { MatrixHistogramRequestOptions } from '../../../../../../../common/api/search_strategy'; +import { MatrixHistogramQuery } from '../../../../../../../common/api/search_strategy'; import { MatrixHistogramType } from '../../../../../../../common/search_strategy'; -export const mockOptions = { +export const mockOptions: MatrixHistogramRequestOptions = { defaultIndex: [ 'apm-*-transaction*', 'traces-apm*', @@ -22,6 +24,9 @@ export const mockOptions = { histogramType: MatrixHistogramType.authentications, timerange: { interval: '12h', from: '2020-09-08T15:22:00.325Z', to: '2020-09-09T15:22:00.325Z' }, stackByField: 'event.outcome', + includeMissingData: false, + isPtrIncluded: false, + factoryQueryType: MatrixHistogramQuery, }; export const expectedDsl = { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/authentications/query.authentications_histogram.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/authentications/query.authentications_histogram.dsl.ts index 9ebd629d1e858..a0bae6ad6d322 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/authentications/query.authentications_histogram.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/authentications/query.authentications_histogram.dsl.ts @@ -11,7 +11,7 @@ import { createQueryFilterClauses, calculateTimeSeriesInterval, } from '../../../../../utils/build_query'; -import type { MatrixHistogramRequestOptions } from '../../../../../../common/search_strategy/security_solution/matrix_histogram'; +import type { MatrixHistogramRequestOptions } from '../../../../../../common/api/search_strategy'; export const buildAuthenticationsHistogramQuery = ({ filterQuery, diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/dns/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/dns/__mocks__/index.ts index d4e721a5ebe80..5823206d58b63 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/dns/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/dns/__mocks__/index.ts @@ -5,9 +5,11 @@ * 2.0. */ +import type { MatrixHistogramRequestOptions } from '../../../../../../../common/api/search_strategy'; +import { MatrixHistogramQuery } from '../../../../../../../common/api/search_strategy'; import { MatrixHistogramType } from '../../../../../../../common/search_strategy'; -export const mockOptions = { +export const mockOptions: MatrixHistogramRequestOptions = { defaultIndex: [ 'apm-*-transaction*', 'traces-apm*', @@ -23,6 +25,8 @@ export const mockOptions = { isPtrIncluded: false, timerange: { interval: '12h', from: '2020-09-08T15:41:15.528Z', to: '2020-09-09T15:41:15.529Z' }, stackByField: 'dns.question.registered_domain', + includeMissingData: false, + factoryQueryType: MatrixHistogramQuery, }; export const expectedDsl = { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/dns/query.dns_histogram.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/dns/query.dns_histogram.dsl.ts index c547f0a6ada3f..825f121c87fb3 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/dns/query.dns_histogram.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/dns/query.dns_histogram.dsl.ts @@ -7,7 +7,7 @@ import moment from 'moment'; -import type { MatrixHistogramRequestOptions } from '../../../../../../common/search_strategy'; +import type { MatrixHistogramRequestOptions } from '../../../../../../common/api/search_strategy'; import { calculateTimeSeriesInterval, createQueryFilterClauses, diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/events/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/events/__mocks__/index.ts index cb469a1708334..e1b25916ec978 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/events/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/events/__mocks__/index.ts @@ -5,7 +5,7 @@ * 2.0. */ -import type { MatrixHistogramRequestOptions } from '../../../../../../../common/search_strategy'; +import type { MatrixHistogramRequestOptions } from '../../../../../../../common/api/search_strategy'; import { MatrixHistogramQuery, MatrixHistogramType, @@ -37,6 +37,8 @@ export const mockOptions: MatrixHistogramRequestOptions = { timerange: { interval: '12h', from: '2020-09-08T16:11:26.215Z', to: '2020-09-09T16:11:26.215Z' }, stackByField: 'event.action', runtimeMappings, + includeMissingData: true, + isPtrIncluded: false, }; export const expectedDsl = { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/events/query.events_histogram.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/events/query.events_histogram.dsl.ts index 2c7d3e017def2..fe09a005770fe 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/events/query.events_histogram.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/events/query.events_histogram.dsl.ts @@ -12,7 +12,7 @@ import { createQueryFilterClauses, calculateTimeSeriesInterval, } from '../../../../../utils/build_query'; -import type { MatrixHistogramRequestOptions } from '../../../../../../common/search_strategy/security_solution/matrix_histogram'; +import type { MatrixHistogramRequestOptions } from '../../../../../../common/api/search_strategy'; import * as i18n from './translations'; import type { BaseQuery } from './helpers'; import { buildThresholdCardinalityQuery, buildThresholdTermsQuery } from './helpers'; @@ -23,7 +23,7 @@ export const buildEventsHistogramQuery = ({ defaultIndex, stackByField = 'event.action', threshold, - includeMissingData = true, + includeMissingData, runtimeMappings, }: MatrixHistogramRequestOptions) => { const [queryFilterFirstClause, ...queryFilterClauses] = createQueryFilterClauses(filterQuery); diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/index.test.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/index.test.ts index 885322e92cf6c..4b09dcf1971d9 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/index.test.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/index.test.ts @@ -5,10 +5,7 @@ * 2.0. */ -import type { - MatrixHistogramRequestOptions, - MatrixHistogramType, -} from '../../../../../common/search_strategy/security_solution'; +import type { MatrixHistogramType } from '../../../../../common/search_strategy/security_solution'; import { matrixHistogram } from '.'; import { formattedAlertsSearchStrategyResponse, @@ -36,6 +33,7 @@ import { mockOptions as mockAuthenticationsOptions } from './authentications/__m import { mockOptions as mockEventsOptions } from './events/__mocks__'; import { mockOptions as mockDnsOptions } from './dns/__mocks__'; import { mockOptions as mockPreviewOptions } from './preview/__mocks__'; +import type { MatrixHistogramRequestOptions } from '../../../../../common/api/search_strategy/matrix_histogram/matrix_histogram'; describe('Alerts matrixHistogram search strategy', () => { const buildMatrixHistogramQuery = jest.spyOn(alertsMatrixHistogramConfig, 'buildDsl'); @@ -58,7 +56,7 @@ describe('Alerts matrixHistogram search strategy', () => { expect(() => { matrixHistogram.buildDsl(invalidOptions); - }).toThrowError(`This histogram type xxx is unknown to the server side`); + }).toThrowError(/This histogram type xxx is unknown to the server side/); }); }); @@ -94,7 +92,7 @@ describe('Anomalies matrixHistogram search strategy', () => { expect(() => { matrixHistogram.buildDsl(invalidOptions); - }).toThrowError(`This histogram type xxx is unknown to the server side`); + }).toThrowError(/This histogram type xxx is unknown to the server side/); }); }); @@ -130,7 +128,7 @@ describe('Authentications matrixHistogram search strategy', () => { expect(() => { matrixHistogram.buildDsl(invalidOptions); - }).toThrowError(`This histogram type xxx is unknown to the server side`); + }).toThrowError(/This histogram type xxx is unknown to the server side/); }); }); @@ -166,7 +164,7 @@ describe('Events matrixHistogram search strategy', () => { expect(() => { matrixHistogram.buildDsl(invalidOptions); - }).toThrowError(`This histogram type xxx is unknown to the server side`); + }).toThrowError(/This histogram type xxx is unknown to the server side/); }); }); @@ -202,7 +200,7 @@ describe('Dns matrixHistogram search strategy', () => { expect(() => { matrixHistogram.buildDsl(invalidOptions); - }).toThrowError(`This histogram type xxx is unknown to the server side`); + }).toThrowError(/This histogram type xxx is unknown to the server side/); }); }); @@ -235,7 +233,7 @@ describe('Preview matrixHistogram search strategy', () => { expect(() => { matrixHistogram.buildDsl(invalidOptions); - }).toThrowError(`This histogram type xxx is unknown to the server side`); + }).toThrowError(/This histogram type xxx is unknown to the server side/); }); }); diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/index.ts index a389200c87795..567bdcbd1f78b 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/index.ts @@ -10,7 +10,6 @@ import { getOr } from 'lodash/fp'; import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { FactoryQueryTypes, - MatrixHistogramRequestOptions, MatrixHistogramStrategyResponse, MatrixHistogramDataConfig, } from '../../../../../common/search_strategy/security_solution'; @@ -38,7 +37,7 @@ const matrixHistogramConfig: MatrixHistogramDataConfig = { }; export const matrixHistogram: SecuritySolutionFactory = { - buildDsl: (options: MatrixHistogramRequestOptions) => { + buildDsl: (options) => { const myConfig = getOr(null, options.histogramType, matrixHistogramConfig); if (myConfig == null) { throw new Error(`This histogram type ${options.histogramType} is unknown to the server side`); @@ -46,7 +45,7 @@ export const matrixHistogram: SecuritySolutionFactory ): Promise => { const myConfig = getOr(null, options.histogramType, matrixHistogramConfig); diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/preview/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/preview/__mocks__/index.ts index 95f5bccb18303..4b7ef376b8cd3 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/preview/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/preview/__mocks__/index.ts @@ -5,15 +5,20 @@ * 2.0. */ +import type { MatrixHistogramRequestOptions } from '../../../../../../../common/api/search_strategy'; +import { MatrixHistogramQuery } from '../../../../../../../common/api/search_strategy'; import { MatrixHistogramType } from '../../../../../../../common/search_strategy'; -export const mockOptions = { +export const mockOptions: MatrixHistogramRequestOptions = { defaultIndex: ['.siem-preview-signals-default'], filterQuery: '{"bool":{"must":[],"filter":[{"match_all":{}},{"bool":{"filter":[{"bool":{"should":[{"match":{"signal.rule.id":"test-preview-id"}}],"minimum_should_match":1}}]}}],"should":[],"must_not":[]}}', histogramType: MatrixHistogramType.preview, timerange: { interval: '12h', from: '2020-09-08T14:23:04.482Z', to: '2020-09-09T14:23:04.482Z' }, stackByField: 'event.category', + includeMissingData: false, + isPtrIncluded: false, + factoryQueryType: MatrixHistogramQuery, }; export const expectedDsl = { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/preview/query.preview_histogram.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/preview/query.preview_histogram.dsl.ts index 2854ee25f9c43..56f1ce122bfd0 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/preview/query.preview_histogram.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/preview/query.preview_histogram.dsl.ts @@ -12,7 +12,7 @@ import { createQueryFilterClauses, calculateTimeSeriesInterval, } from '../../../../../utils/build_query'; -import type { MatrixHistogramRequestOptions } from '../../../../../../common/search_strategy/security_solution/matrix_histogram'; +import type { MatrixHistogramRequestOptions } from '../../../../../../common/api/search_strategy'; export const buildPreviewHistogramQuery = ({ filterQuery, diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/details/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/details/__mocks__/index.ts index 3e3ccbe7a41e1..892ce7b8f1d86 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/details/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/details/__mocks__/index.ts @@ -6,8 +6,8 @@ */ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; +import type { NetworkDetailsRequestOptions } from '../../../../../../../common/api/search_strategy'; -import type { NetworkDetailsRequestOptions } from '../../../../../../../common/search_strategy'; import { NetworkQueries } from '../../../../../../../common/search_strategy'; export const mockOptions: NetworkDetailsRequestOptions = { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/details/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/details/index.ts index 5201eca70a210..e7fa6c3e8d094 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/details/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/details/index.ts @@ -12,7 +12,6 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { NetworkDetailsStrategyResponse, NetworkQueries, - NetworkDetailsRequestOptions, } from '../../../../../../common/search_strategy/security_solution/network'; import { inspectStringifyObject } from '../../../../../utils/build_query'; @@ -23,9 +22,9 @@ import { buildNetworkDetailsQuery } from './query.details_network.dsl'; import { unflattenObject } from '../../../../helpers/format_response_object_values'; export const networkDetails: SecuritySolutionFactory = { - buildDsl: (options: NetworkDetailsRequestOptions) => buildNetworkDetailsQuery(options), + buildDsl: (options) => buildNetworkDetailsQuery(options), parse: async ( - options: NetworkDetailsRequestOptions, + options, response: IEsSearchResponse ): Promise => { const inspect = { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/details/query.details_network.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/details/query.details_network.dsl.ts index 9bac6909271ba..3d964fd81e583 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/details/query.details_network.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/details/query.details_network.dsl.ts @@ -5,7 +5,7 @@ * 2.0. */ -import type { NetworkDetailsRequestOptions } from '../../../../../../common/search_strategy/security_solution/network'; +import type { NetworkDetailsRequestOptions } from '../../../../../../common/api/search_strategy'; const getAggs = (type: string, ip: string) => { return { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/dns/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/dns/__mocks__/index.ts index f49f2bc153ba4..7d89aae61439e 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/dns/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/dns/__mocks__/index.ts @@ -6,8 +6,8 @@ */ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; +import type { NetworkDnsRequestOptions } from '../../../../../../../common/api/search_strategy'; -import type { NetworkDnsRequestOptions } from '../../../../../../../common/search_strategy'; import { Direction, NetworkDnsFields, diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/dns/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/dns/index.ts index 6ff153f8eab4c..59b837ce7fbdc 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/dns/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/dns/index.ts @@ -12,27 +12,25 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import { DEFAULT_MAX_TABLE_QUERY_SIZE } from '../../../../../../common/constants'; import type { NetworkDnsStrategyResponse, - NetworkQueries, - NetworkDnsRequestOptions, NetworkDnsEdges, + NetworkQueries, } from '../../../../../../common/search_strategy/security_solution/network'; import { inspectStringifyObject } from '../../../../../utils/build_query'; -import type { SecuritySolutionFactory } from '../../types'; import { getDnsEdges } from './helpers'; import { buildDnsQuery } from './query.dns_network.dsl'; +import type { SecuritySolutionFactory } from '../../types'; export const networkDns: SecuritySolutionFactory = { - // @ts-expect-error dns_name_query_count is incompatbile. Maybe' is not assignable to type 'string | undefined - buildDsl: (options: NetworkDnsRequestOptions) => { + buildDsl: (options) => { if (options.pagination && options.pagination.querySize >= DEFAULT_MAX_TABLE_QUERY_SIZE) { throw new Error(`No query size above ${DEFAULT_MAX_TABLE_QUERY_SIZE}`); } return buildDnsQuery(options); }, parse: async ( - options: NetworkDnsRequestOptions, + options, response: IEsSearchResponse ): Promise => { const { activePage, fakePossibleCount } = options.pagination; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/dns/query.dns_network.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/dns/query.dns_network.dsl.ts index 6197fe8c603df..122bc739c7187 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/dns/query.dns_network.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/dns/query.dns_network.dsl.ts @@ -5,8 +5,7 @@ * 2.0. */ -import { assertUnreachable } from '../../../../../../common/utility_types'; -import type { SortField, NetworkDnsRequestOptions } from '../../../../../../common/search_strategy'; +import type { NetworkDnsRequestOptions } from '../../../../../../common/api/search_strategy'; import { Direction, NetworkDnsFields } from '../../../../../../common/search_strategy'; import { createQueryFilterClauses } from '../../../../../utils/build_query'; @@ -19,20 +18,20 @@ type QueryOrder = | { dns_bytes_in: { order: Direction } } | { dns_bytes_out: { order: Direction } }; -const getQueryOrder = (sort: SortField): QueryOrder => { - switch (sort.field) { - case NetworkDnsFields.queryCount: - return { _count: { order: sort.direction } }; - case NetworkDnsFields.dnsName: - return { _key: { order: sort.direction } }; - case NetworkDnsFields.uniqueDomains: - return { unique_domains: { order: sort.direction } }; - case NetworkDnsFields.dnsBytesIn: - return { dns_bytes_in: { order: sort.direction } }; - case NetworkDnsFields.dnsBytesOut: - return { dns_bytes_out: { order: sort.direction } }; +const getQueryOrder = (sort: NetworkDnsRequestOptions['sort']): QueryOrder => { + if (sort.field === NetworkDnsFields.queryCount) { + return { _count: { order: sort.direction } }; + } else if (sort.field === NetworkDnsFields.dnsName) { + return { _key: { order: sort.direction } }; + } else if (sort.field === NetworkDnsFields.uniqueDomains) { + return { unique_domains: { order: sort.direction } }; + } else if (sort.field === NetworkDnsFields.dnsBytesIn) { + return { dns_bytes_in: { order: sort.direction } }; + } else if (sort.field === NetworkDnsFields.dnsBytesOut) { + return { dns_bytes_out: { order: sort.direction } }; + } else { + throw new Error(`Invalid NetworkDnsQuery sort field: ${JSON.stringify(sort)}`); } - assertUnreachable(sort.field); }; const getCountAgg = () => ({ diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/http/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/http/__mocks__/index.ts index 32837920d5fc8..01ceb455b080c 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/http/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/http/__mocks__/index.ts @@ -6,13 +6,14 @@ */ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; +import type { NetworkHttpRequestOptions } from '../../../../../../../common/api/search_strategy'; -import type { +import type { SortField } from '../../../../../../../common/search_strategy'; +import { + Direction, + NetworkQueries, NetworkDnsFields, - NetworkHttpRequestOptions, - SortField, } from '../../../../../../../common/search_strategy'; -import { Direction, NetworkQueries } from '../../../../../../../common/search_strategy'; export const mockOptions: NetworkHttpRequestOptions = { defaultIndex: [ @@ -28,7 +29,10 @@ export const mockOptions: NetworkHttpRequestOptions = { factoryQueryType: NetworkQueries.http, filterQuery: '{"bool":{"must":[],"filter":[{"match_all":{}}],"should":[],"must_not":[]}}', pagination: { activePage: 0, cursorStart: 0, fakePossibleCount: 50, querySize: 10 }, - sort: { direction: Direction.desc } as SortField, + sort: { + direction: Direction.desc, + field: NetworkDnsFields.dnsName, + } as SortField, timerange: { interval: '12h', from: '2020-09-13T09:00:43.249Z', to: '2020-09-14T09:00:43.249Z' }, } as NetworkHttpRequestOptions; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/http/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/http/index.ts index 9fd347137504e..170b0ba67c329 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/http/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/http/index.ts @@ -13,7 +13,6 @@ import { DEFAULT_MAX_TABLE_QUERY_SIZE } from '../../../../../../common/constants import type { NetworkHttpStrategyResponse, NetworkQueries, - NetworkHttpRequestOptions, NetworkHttpEdges, } from '../../../../../../common/search_strategy/security_solution/network'; @@ -24,14 +23,14 @@ import { getHttpEdges } from './helpers'; import { buildHttpQuery } from './query.http_network.dsl'; export const networkHttp: SecuritySolutionFactory = { - buildDsl: (options: NetworkHttpRequestOptions) => { + buildDsl: (options) => { if (options.pagination && options.pagination.querySize >= DEFAULT_MAX_TABLE_QUERY_SIZE) { throw new Error(`No query size above ${DEFAULT_MAX_TABLE_QUERY_SIZE}`); } return buildHttpQuery(options); }, parse: async ( - options: NetworkHttpRequestOptions, + options, response: IEsSearchResponse ): Promise => { const { activePage, cursorStart, fakePossibleCount, querySize } = options.pagination; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/http/query.http_network.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/http/query.http_network.dsl.ts index 372c6a096f1b5..4128de4c2ffbe 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/http/query.http_network.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/http/query.http_network.dsl.ts @@ -5,12 +5,10 @@ * 2.0. */ +import type { NetworkHttpRequestOptions } from '../../../../../../common/api/search_strategy'; import { createQueryFilterClauses } from '../../../../../utils/build_query'; -import type { - NetworkHttpRequestOptions, - SortField, -} from '../../../../../../common/search_strategy'; +import type { SortField } from '../../../../../../common/search_strategy'; const getCountAgg = () => ({ http_count: { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/index.ts index 9cc45f3594c33..c9ff1d1409ce9 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/index.ts @@ -5,7 +5,6 @@ * 2.0. */ -import type { FactoryQueryTypes } from '../../../../../common/search_strategy/security_solution'; import { NetworkQueries, NetworkKpiQueries, @@ -16,7 +15,6 @@ import { networkKpiNetworkEvents } from './kpi/network_events'; import { networkKpiTlsHandshakes } from './kpi/tls_handshakes'; import { networkKpiUniqueFlows } from './kpi/unique_flows'; import { networkKpiUniquePrivateIps } from './kpi/unique_private_ips'; -import type { SecuritySolutionFactory } from '../types'; import { networkDetails } from './details'; import { networkDns } from './dns'; import { networkHttp } from './http'; @@ -26,10 +24,9 @@ import { networkTopCountries } from './top_countries'; import { networkTopNFlow } from './top_n_flow'; import { networkUsers } from './users'; -export const networkFactory: Record< - NetworkQueries | NetworkKpiQueries, - SecuritySolutionFactory -> = { +// TODO: add safer type for the strategy map +// eslint-disable-next-line @typescript-eslint/no-explicit-any +export const networkFactory: Record = { [NetworkQueries.details]: networkDetails, [NetworkQueries.dns]: networkDns, [NetworkQueries.http]: networkHttp, diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/dns/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/dns/index.ts index 110b5fb8b7ae4..09dcc714b444c 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/dns/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/dns/index.ts @@ -9,16 +9,15 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { NetworkKpiQueries, NetworkKpiDnsStrategyResponse, - NetworkKpiDnsRequestOptions, } from '../../../../../../../common/search_strategy/security_solution/network'; import { inspectStringifyObject } from '../../../../../../utils/build_query'; import type { SecuritySolutionFactory } from '../../../types'; import { buildDnsQuery } from './query.network_kpi_dns.dsl'; export const networkKpiDns: SecuritySolutionFactory = { - buildDsl: (options: NetworkKpiDnsRequestOptions) => buildDnsQuery(options), + buildDsl: (options) => buildDnsQuery(options), parse: async ( - options: NetworkKpiDnsRequestOptions, + options, response: IEsSearchResponse ): Promise => { const inspect = { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/dns/query.network_kpi_dns.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/dns/query.network_kpi_dns.dsl.ts index 30f0fe405e122..a55cb8f026664 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/dns/query.network_kpi_dns.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/dns/query.network_kpi_dns.dsl.ts @@ -5,7 +5,8 @@ * 2.0. */ -import type { NetworkKpiDnsRequestOptions } from '../../../../../../../common/search_strategy/security_solution/network'; +import type { NetworkKpiDnsRequestOptions } from '../../../../../../../common/api/search_strategy'; + import { createQueryFilterClauses } from '../../../../../../utils/build_query'; const getDnsQueryFilter = () => [ diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/network_events/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/network_events/index.ts index dd4570c259116..6751c829cc350 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/network_events/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/network_events/index.ts @@ -9,16 +9,15 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { NetworkKpiQueries, NetworkKpiNetworkEventsStrategyResponse, - NetworkKpiNetworkEventsRequestOptions, } from '../../../../../../../common/search_strategy/security_solution/network'; import { inspectStringifyObject } from '../../../../../../utils/build_query'; import type { SecuritySolutionFactory } from '../../../types'; import { buildNetworkEventsQuery } from './query.network_kpi_network_events.dsl'; export const networkKpiNetworkEvents: SecuritySolutionFactory = { - buildDsl: (options: NetworkKpiNetworkEventsRequestOptions) => buildNetworkEventsQuery(options), + buildDsl: (options) => buildNetworkEventsQuery(options), parse: async ( - options: NetworkKpiNetworkEventsRequestOptions, + options, response: IEsSearchResponse ): Promise => { const inspect = { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/network_events/query.network_kpi_network_events.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/network_events/query.network_kpi_network_events.dsl.ts index 4d996e7438688..96f67b8e17600 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/network_events/query.network_kpi_network_events.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/network_events/query.network_kpi_network_events.dsl.ts @@ -5,7 +5,7 @@ * 2.0. */ -import type { NetworkKpiNetworkEventsRequestOptions } from '../../../../../../../common/search_strategy/security_solution/network'; +import type { NetworkKpiEventsRequestOptions } from '../../../../../../../common/api/search_strategy'; import { createQueryFilterClauses } from '../../../../../../utils/build_query'; import { getIpFilter } from '../common'; @@ -13,7 +13,7 @@ export const buildNetworkEventsQuery = ({ filterQuery, timerange: { from, to }, defaultIndex, -}: NetworkKpiNetworkEventsRequestOptions) => { +}: NetworkKpiEventsRequestOptions) => { const filter = [ ...createQueryFilterClauses(filterQuery), ...getIpFilter(), diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/tls_handshakes/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/tls_handshakes/index.ts index 9e90f088ecd5e..3b8e65fb163af 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/tls_handshakes/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/tls_handshakes/index.ts @@ -9,16 +9,15 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { NetworkKpiQueries, NetworkKpiTlsHandshakesStrategyResponse, - NetworkKpiTlsHandshakesRequestOptions, } from '../../../../../../../common/search_strategy/security_solution/network'; import { inspectStringifyObject } from '../../../../../../utils/build_query'; import type { SecuritySolutionFactory } from '../../../types'; import { buildTlsHandshakeQuery } from './query.network_kpi_tls_handshakes.dsl'; export const networkKpiTlsHandshakes: SecuritySolutionFactory = { - buildDsl: (options: NetworkKpiTlsHandshakesRequestOptions) => buildTlsHandshakeQuery(options), + buildDsl: (options) => buildTlsHandshakeQuery(options), parse: async ( - options: NetworkKpiTlsHandshakesRequestOptions, + options, response: IEsSearchResponse ): Promise => { const inspect = { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/tls_handshakes/query.network_kpi_tls_handshakes.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/tls_handshakes/query.network_kpi_tls_handshakes.dsl.ts index 6c60ddeb89a14..2797a2e814506 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/tls_handshakes/query.network_kpi_tls_handshakes.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/tls_handshakes/query.network_kpi_tls_handshakes.dsl.ts @@ -5,7 +5,7 @@ * 2.0. */ -import type { NetworkKpiTlsHandshakesRequestOptions } from '../../../../../../../common/search_strategy/security_solution/network'; +import type { NetworkKpiTlsHandshakesRequestOptions } from '../../../../../../../common/api/search_strategy'; import { createQueryFilterClauses } from '../../../../../../utils/build_query'; import { getIpFilter } from '../common'; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/unique_flows/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/unique_flows/index.ts index f03629d92c7e0..e245d1af846f8 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/unique_flows/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/unique_flows/index.ts @@ -11,16 +11,15 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { NetworkKpiQueries, NetworkKpiUniqueFlowsStrategyResponse, - NetworkKpiUniqueFlowsRequestOptions, } from '../../../../../../../common/search_strategy/security_solution/network'; import { inspectStringifyObject } from '../../../../../../utils/build_query'; import type { SecuritySolutionFactory } from '../../../types'; import { buildUniqueFlowsQuery } from './query.network_kpi_unique_flows.dsl'; export const networkKpiUniqueFlows: SecuritySolutionFactory = { - buildDsl: (options: NetworkKpiUniqueFlowsRequestOptions) => buildUniqueFlowsQuery(options), + buildDsl: (options) => buildUniqueFlowsQuery(options), parse: async ( - options: NetworkKpiUniqueFlowsRequestOptions, + options, response: IEsSearchResponse ): Promise => { const inspect = { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/unique_flows/query.network_kpi_unique_flows.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/unique_flows/query.network_kpi_unique_flows.dsl.ts index c713ecd6a1c07..29e4c386fc348 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/unique_flows/query.network_kpi_unique_flows.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/unique_flows/query.network_kpi_unique_flows.dsl.ts @@ -5,7 +5,8 @@ * 2.0. */ -import type { NetworkKpiUniqueFlowsRequestOptions } from '../../../../../../../common/search_strategy/security_solution/network'; +import type { NetworkKpiUniqueFlowsRequestOptions } from '../../../../../../../common/api/search_strategy'; + import { createQueryFilterClauses } from '../../../../../../utils/build_query'; import { getIpFilter } from '../common'; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/unique_private_ips/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/unique_private_ips/index.ts index bef9505d5283f..a3d72e6e15898 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/unique_private_ips/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/unique_private_ips/index.ts @@ -11,7 +11,6 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { NetworkKpiQueries, NetworkKpiUniquePrivateIpsStrategyResponse, - NetworkKpiUniquePrivateIpsRequestOptions, } from '../../../../../../../common/search_strategy/security_solution/network'; import { inspectStringifyObject } from '../../../../../../utils/build_query'; import type { SecuritySolutionFactory } from '../../../types'; @@ -21,10 +20,9 @@ import { buildUniquePrivateIpsQuery } from './query.network_kpi_unique_private_i export const networkKpiUniquePrivateIps: SecuritySolutionFactory = { // @ts-expect-error auto_date_histogram.buckets is incompatible - buildDsl: (options: NetworkKpiUniquePrivateIpsRequestOptions) => - buildUniquePrivateIpsQuery(options), + buildDsl: (options) => buildUniquePrivateIpsQuery(options), parse: async ( - options: NetworkKpiUniquePrivateIpsRequestOptions, + options, response: IEsSearchResponse ): Promise => { const inspect = { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/unique_private_ips/query.network_kpi_unique_private_ips.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/unique_private_ips/query.network_kpi_unique_private_ips.dsl.ts index 97e4619cdd9c4..6b31e5af05797 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/unique_private_ips/query.network_kpi_unique_private_ips.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/unique_private_ips/query.network_kpi_unique_private_ips.dsl.ts @@ -5,10 +5,8 @@ * 2.0. */ -import type { - NetworkKpiUniquePrivateIpsRequestOptions, - UniquePrivateAttributeQuery, -} from '../../../../../../../common/search_strategy/security_solution/network'; +import type { NetworkKpiUniquePrivateIpsRequestOptions } from '../../../../../../../common/api/search_strategy'; +import type { UniquePrivateAttributeQuery } from '../../../../../../../common/search_strategy/security_solution/network'; import { createQueryFilterClauses } from '../../../../../../utils/build_query'; const getUniquePrivateIpsFilter = (attrQuery: UniquePrivateAttributeQuery) => ({ diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/overview/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/overview/__mocks__/index.ts index 7f1865e658843..4574a6491a40b 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/overview/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/overview/__mocks__/index.ts @@ -6,8 +6,8 @@ */ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; +import type { NetworkOverviewRequestOptions } from '../../../../../../../common/api/search_strategy'; -import type { NetworkOverviewRequestOptions } from '../../../../../../../common/search_strategy'; import { NetworkQueries } from '../../../../../../../common/search_strategy'; export const mockOptions: NetworkOverviewRequestOptions = { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/overview/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/overview/index.ts index 6fd27fa4dea46..b0c5244593464 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/overview/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/overview/index.ts @@ -11,7 +11,6 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { NetworkQueries, NetworkOverviewStrategyResponse, - NetworkOverviewRequestOptions, OverviewNetworkHit, } from '../../../../../../common/search_strategy/security_solution/network'; import { inspectStringifyObject } from '../../../../../utils/build_query'; @@ -19,9 +18,9 @@ import type { SecuritySolutionFactory } from '../../types'; import { buildOverviewNetworkQuery } from './query.overview_network.dsl'; export const networkOverview: SecuritySolutionFactory = { - buildDsl: (options: NetworkOverviewRequestOptions) => buildOverviewNetworkQuery(options), + buildDsl: (options) => buildOverviewNetworkQuery(options), parse: async ( - options: NetworkOverviewRequestOptions, + options, response: IEsSearchResponse ): Promise => { // @ts-expect-error specify aggregations type explicitly diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/overview/query.overview_network.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/overview/query.overview_network.dsl.ts index 95b7d41ee440a..ff236881f05a4 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/overview/query.overview_network.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/overview/query.overview_network.dsl.ts @@ -6,8 +6,8 @@ */ import type { ISearchRequestParams } from '@kbn/data-plugin/common'; +import type { NetworkOverviewRequestOptions } from '../../../../../../common/api/search_strategy'; import { createQueryFilterClauses } from '../../../../../utils/build_query'; -import type { NetworkOverviewRequestOptions } from '../../../../../../common/search_strategy/security_solution/network'; export const buildOverviewNetworkQuery = ({ filterQuery, diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/tls/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/tls/__mocks__/index.ts index 9957534bccc2e..4f7f61be13451 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/tls/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/tls/__mocks__/index.ts @@ -6,8 +6,8 @@ */ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; +import type { NetworkTlsRequestOptions } from '../../../../../../../common/api/search_strategy'; -import type { NetworkTlsRequestOptions } from '../../../../../../../common/search_strategy'; import { Direction, FlowTargetSourceDest, diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/tls/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/tls/index.ts index 1dd07133d1d0c..0d39ffc062bc4 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/tls/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/tls/index.ts @@ -13,7 +13,6 @@ import { DEFAULT_MAX_TABLE_QUERY_SIZE } from '../../../../../../common/constants import type { NetworkTlsStrategyResponse, NetworkQueries, - NetworkTlsRequestOptions, NetworkTlsEdges, } from '../../../../../../common/search_strategy/security_solution/network'; @@ -24,14 +23,14 @@ import { getNetworkTlsEdges } from './helpers'; import { buildNetworkTlsQuery } from './query.tls_network.dsl'; export const networkTls: SecuritySolutionFactory = { - buildDsl: (options: NetworkTlsRequestOptions) => { + buildDsl: (options) => { if (options.pagination && options.pagination.querySize >= DEFAULT_MAX_TABLE_QUERY_SIZE) { throw new Error(`No query size above ${DEFAULT_MAX_TABLE_QUERY_SIZE}`); } return buildNetworkTlsQuery(options); }, parse: async ( - options: NetworkTlsRequestOptions, + options, response: IEsSearchResponse ): Promise => { const { activePage, cursorStart, fakePossibleCount, querySize } = options.pagination; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/tls/query.tls_network.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/tls/query.tls_network.dsl.ts index 9801cc7c0361f..faa07bd770fa2 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/tls/query.tls_network.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/tls/query.tls_network.dsl.ts @@ -5,17 +5,14 @@ * 2.0. */ +import type { NetworkTlsRequestOptions } from '../../../../../../common/api/search_strategy'; import { assertUnreachable } from '../../../../../../common/utility_types'; import { createQueryFilterClauses } from '../../../../../utils/build_query'; -import type { - Direction, - NetworkTlsRequestOptions, - SortField, -} from '../../../../../../common/search_strategy'; +import type { Direction } from '../../../../../../common/search_strategy'; import { NetworkTlsFields } from '../../../../../../common/search_strategy'; -const getAggs = (querySize: number, sort: SortField) => ({ +const getAggs = (querySize: number, sort: NetworkTlsRequestOptions['sort']) => ({ count: { cardinality: { field: 'tls.server.hash.sha1', @@ -99,11 +96,11 @@ interface QueryOrder { _key: Direction; } -const getQueryOrder = (sort: SortField): QueryOrder => { +const getQueryOrder = (sort: NetworkTlsRequestOptions['sort']): QueryOrder => { switch (sort.field) { case NetworkTlsFields._id: return { _key: sort.direction }; default: - return assertUnreachable(sort.field); + return assertUnreachable(sort.field as never); } }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_countries/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_countries/__mocks__/index.ts index 81802dd4aed9d..8835a98621ea3 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_countries/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_countries/__mocks__/index.ts @@ -6,8 +6,8 @@ */ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; +import type { NetworkTopCountriesRequestOptions } from '../../../../../../../common/api/search_strategy'; -import type { NetworkTopCountriesRequestOptions } from '../../../../../../../common/search_strategy'; import { Direction, FlowTargetSourceDest, diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_countries/helpers.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_countries/helpers.ts index cc5f2a44783ee..d6be351ffea36 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_countries/helpers.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_countries/helpers.ts @@ -8,10 +8,10 @@ import { getOr } from 'lodash/fp'; import type { IEsSearchResponse } from '@kbn/data-plugin/common'; +import type { NetworkTopCountriesRequestOptions } from '../../../../../../common/api/search_strategy'; import type { NetworkTopCountriesBuckets, NetworkTopCountriesEdges, - NetworkTopCountriesRequestOptions, FlowTargetSourceDest, } from '../../../../../../common/search_strategy/security_solution/network'; import { getOppositeField } from '../helpers'; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_countries/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_countries/index.ts index cde9fb4bb44eb..c12db1dae90c9 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_countries/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_countries/index.ts @@ -13,7 +13,6 @@ import { DEFAULT_MAX_TABLE_QUERY_SIZE } from '../../../../../../common/constants import type { NetworkTopCountriesStrategyResponse, NetworkQueries, - NetworkTopCountriesRequestOptions, NetworkTopCountriesEdges, } from '../../../../../../common/search_strategy/security_solution/network'; @@ -24,14 +23,14 @@ import { getTopCountriesEdges } from './helpers'; import { buildTopCountriesQuery } from './query.top_countries_network.dsl'; export const networkTopCountries: SecuritySolutionFactory = { - buildDsl: (options: NetworkTopCountriesRequestOptions) => { + buildDsl: (options) => { if (options.pagination && options.pagination.querySize >= DEFAULT_MAX_TABLE_QUERY_SIZE) { throw new Error(`No query size above ${DEFAULT_MAX_TABLE_QUERY_SIZE}`); } return buildTopCountriesQuery(options); }, parse: async ( - options: NetworkTopCountriesRequestOptions, + options, response: IEsSearchResponse ): Promise => { const { activePage, cursorStart, fakePossibleCount, querySize } = options.pagination; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_countries/query.top_countries_network.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_countries/query.top_countries_network.dsl.ts index 9df7726427038..72f339fb939bc 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_countries/query.top_countries_network.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_countries/query.top_countries_network.dsl.ts @@ -5,13 +5,10 @@ * 2.0. */ +import type { NetworkTopCountriesRequestOptions } from '../../../../../../common/api/search_strategy'; import { createQueryFilterClauses } from '../../../../../utils/build_query'; import { assertUnreachable } from '../../../../../../common/utility_types'; -import type { - Direction, - NetworkTopCountriesRequestOptions, - SortField, -} from '../../../../../../common/search_strategy'; +import type { Direction } from '../../../../../../common/search_strategy'; import { FlowTargetSourceDest, NetworkTopTablesFields, @@ -77,7 +74,7 @@ export const buildTopCountriesQuery = ({ }; const getFlowTargetAggs = ( - sort: SortField, + sort: NetworkTopCountriesRequestOptions['sort'], flowTarget: FlowTargetSourceDest, querySize: number ) => ({ @@ -137,7 +134,7 @@ type QueryOrder = | { source_ips: Direction }; const getQueryOrder = ( - networkTopCountriesSortField: SortField + networkTopCountriesSortField: NetworkTopCountriesRequestOptions['sort'] ): QueryOrder => { switch (networkTopCountriesSortField.field) { case NetworkTopTablesFields.bytes_in: @@ -151,5 +148,8 @@ const getQueryOrder = ( case NetworkTopTablesFields.source_ips: return { source_ips: networkTopCountriesSortField.direction }; } - assertUnreachable(networkTopCountriesSortField.field); + + throw new Error( + `Invalid networkTopCountriesSortField ${JSON.stringify(networkTopCountriesSortField)}` + ); }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_n_flow/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_n_flow/__mocks__/index.ts index 77b0b1e459bcd..16d938b269f9b 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_n_flow/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_n_flow/__mocks__/index.ts @@ -6,11 +6,9 @@ */ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; +import type { NetworkTopNFlowRequestOptions } from '../../../../../../../common/api/search_strategy'; -import type { - NetworkTopNFlowRequestOptions, - NetworkTopNFlowStrategyResponse, -} from '../../../../../../../common/search_strategy'; +import type { NetworkTopNFlowStrategyResponse } from '../../../../../../../common/search_strategy'; import { Direction, FlowTargetSourceDest, diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_n_flow/helpers.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_n_flow/helpers.ts index 54419b3902539..8f4722f723af4 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_n_flow/helpers.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_n_flow/helpers.ts @@ -8,14 +8,12 @@ import { getOr } from 'lodash/fp'; import type { IEsSearchResponse } from '@kbn/data-plugin/common'; -import { assertUnreachable } from '../../../../../../common/utility_types'; +import type { NetworkTopNFlowRequestOptions } from '../../../../../../common/api/search_strategy'; import type { Direction, GeoItem, - SortField, NetworkTopNFlowBuckets, NetworkTopNFlowEdges, - NetworkTopNFlowRequestOptions, AutonomousSystemItem, FlowTargetSourceDest, } from '../../../../../../common/search_strategy'; @@ -114,19 +112,19 @@ type QueryOrder = | { source_ips: Direction }; export const getQueryOrder = ( - networkTopNFlowSortField: SortField + networkTopNFlowSortField: NetworkTopNFlowRequestOptions['sort'] ): QueryOrder => { - switch (networkTopNFlowSortField.field) { - case NetworkTopTablesFields.bytes_in: - return { bytes_in: networkTopNFlowSortField.direction }; - case NetworkTopTablesFields.bytes_out: - return { bytes_out: networkTopNFlowSortField.direction }; - case NetworkTopTablesFields.flows: - return { flows: networkTopNFlowSortField.direction }; - case NetworkTopTablesFields.destination_ips: - return { destination_ips: networkTopNFlowSortField.direction }; - case NetworkTopTablesFields.source_ips: - return { source_ips: networkTopNFlowSortField.direction }; + if (networkTopNFlowSortField.field === NetworkTopTablesFields.bytes_in) { + return { bytes_in: networkTopNFlowSortField.direction }; + } else if (networkTopNFlowSortField.field === NetworkTopTablesFields.bytes_out) { + return { bytes_out: networkTopNFlowSortField.direction }; + } else if (networkTopNFlowSortField.field === NetworkTopTablesFields.flows) { + return { flows: networkTopNFlowSortField.direction }; + } else if (networkTopNFlowSortField.field === NetworkTopTablesFields.destination_ips) { + return { destination_ips: networkTopNFlowSortField.direction }; + } else if (networkTopNFlowSortField.field === NetworkTopTablesFields.source_ips) { + return { source_ips: networkTopNFlowSortField.direction }; + } else { + throw new Error(`Ordering on ${networkTopNFlowSortField.field} not currently supported`); } - assertUnreachable(networkTopNFlowSortField.field); }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_n_flow/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_n_flow/index.ts index 3a6a5176f726f..1ce4f185c26aa 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_n_flow/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_n_flow/index.ts @@ -13,7 +13,6 @@ import { DEFAULT_MAX_TABLE_QUERY_SIZE } from '../../../../../../common/constants import type { NetworkTopNFlowStrategyResponse, NetworkQueries, - NetworkTopNFlowRequestOptions, NetworkTopNFlowEdges, } from '../../../../../../common/search_strategy/security_solution/network'; @@ -24,14 +23,14 @@ import { getTopNFlowEdges } from './helpers'; import { buildTopNFlowQuery } from './query.top_n_flow_network.dsl'; export const networkTopNFlow: SecuritySolutionFactory = { - buildDsl: (options: NetworkTopNFlowRequestOptions) => { + buildDsl: (options) => { if (options.pagination && options.pagination.querySize >= DEFAULT_MAX_TABLE_QUERY_SIZE) { throw new Error(`No query size above ${DEFAULT_MAX_TABLE_QUERY_SIZE}`); } return buildTopNFlowQuery(options); }, parse: async ( - options: NetworkTopNFlowRequestOptions, + options, response: IEsSearchResponse ): Promise => { const { activePage, cursorStart, fakePossibleCount, querySize } = options.pagination; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_n_flow/query.top_n_flow_network.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_n_flow/query.top_n_flow_network.dsl.ts index e3cb06ac2ced1..1dcb3605afcfd 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_n_flow/query.top_n_flow_network.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_n_flow/query.top_n_flow_network.dsl.ts @@ -5,12 +5,8 @@ * 2.0. */ -import type { - SortField, - FlowTargetSourceDest, - NetworkTopTablesFields, - NetworkTopNFlowRequestOptions, -} from '../../../../../../common/search_strategy'; +import type { NetworkTopNFlowRequestOptions } from '../../../../../../common/api/search_strategy'; +import type { FlowTargetSourceDest } from '../../../../../../common/search_strategy'; import { createQueryFilterClauses } from '../../../../../utils/build_query'; import { getOppositeField } from '../helpers'; import { getQueryOrder } from './helpers'; @@ -28,10 +24,12 @@ export const buildTopNFlowQuery = ({ filterQuery, flowTarget, sort, - pagination: { querySize }, + pagination, timerange: { from, to }, ip, }: NetworkTopNFlowRequestOptions) => { + const querySize = pagination?.querySize ?? 10; + const filter = [ ...createQueryFilterClauses(filterQuery), { @@ -82,7 +80,7 @@ export const buildTopNFlowQuery = ({ }; const getFlowTargetAggs = ( - sort: SortField, + sort: NetworkTopNFlowRequestOptions['sort'], flowTarget: FlowTargetSourceDest, querySize: number ) => ({ diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/users/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/users/__mocks__/index.ts index 6d7faf096d021..a4970837343d6 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/users/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/users/__mocks__/index.ts @@ -6,8 +6,8 @@ */ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; +import type { NetworkUsersRequestOptions } from '../../../../../../../common/api/search_strategy'; -import type { NetworkUsersRequestOptions } from '../../../../../../../common/search_strategy'; import { Direction, FlowTargetSourceDest, diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/users/index.test.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/users/index.test.ts index e2b169e2acf73..e3159bcbf4b60 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/users/index.test.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/users/index.test.ts @@ -6,8 +6,6 @@ */ import { DEFAULT_MAX_TABLE_QUERY_SIZE } from '../../../../../../common/constants'; -import type { NetworkUsersRequestOptions } from '../../../../../../common/search_strategy/security_solution/network'; - import * as buildQuery from './query.users_network.dsl'; import { networkUsers } from '.'; import { @@ -15,6 +13,7 @@ import { mockSearchStrategyResponse, formattedSearchStrategyResponse, } from './__mocks__'; +import type { NetworkUsersRequestOptions } from '../../../../../../common/api/search_strategy'; describe('networkUsers search strategy', () => { const buildUsersQuery = jest.spyOn(buildQuery, 'buildUsersQuery'); diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/users/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/users/index.ts index 17340c5c1ed0d..496dfa9c00485 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/users/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/users/index.ts @@ -13,7 +13,6 @@ import { DEFAULT_MAX_TABLE_QUERY_SIZE } from '../../../../../../common/constants import type { NetworkUsersStrategyResponse, NetworkQueries, - NetworkUsersRequestOptions, } from '../../../../../../common/search_strategy/security_solution/network'; import { inspectStringifyObject } from '../../../../../utils/build_query'; @@ -23,14 +22,14 @@ import { getUsersEdges } from './helpers'; import { buildUsersQuery } from './query.users_network.dsl'; export const networkUsers: SecuritySolutionFactory = { - buildDsl: (options: NetworkUsersRequestOptions) => { + buildDsl: (options) => { if (options.pagination && options.pagination.querySize >= DEFAULT_MAX_TABLE_QUERY_SIZE) { throw new Error(`No query size above ${DEFAULT_MAX_TABLE_QUERY_SIZE}`); } return buildUsersQuery(options); }, parse: async ( - options: NetworkUsersRequestOptions, + options, response: IEsSearchResponse ): Promise => { const { activePage, cursorStart, fakePossibleCount, querySize } = options.pagination; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/users/query.users_network.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/users/query.users_network.dsl.ts index 3adab346d7063..3f3135d379d80 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/users/query.users_network.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/users/query.users_network.dsl.ts @@ -5,12 +5,9 @@ * 2.0. */ +import type { NetworkUsersRequestOptions } from '../../../../../../common/api/search_strategy'; import { assertUnreachable } from '../../../../../../common/utility_types'; -import type { - Direction, - SortField, - NetworkUsersRequestOptions, -} from '../../../../../../common/search_strategy'; +import type { Direction } from '../../../../../../common/search_strategy'; import { NetworkUsersFields } from '../../../../../../common/search_strategy'; import { createQueryFilterClauses } from '../../../../../utils/build_query'; @@ -19,10 +16,12 @@ export const buildUsersQuery = ({ sort, filterQuery, flowTarget, - pagination: { querySize }, + pagination, defaultIndex, timerange: { from, to }, }: NetworkUsersRequestOptions) => { + const querySize = pagination?.querySize ?? 10; + const filter = [ ...createQueryFilterClauses(filterQuery), { @@ -93,13 +92,12 @@ export const buildUsersQuery = ({ type QueryOrder = { _count: Direction } | { _key: Direction }; -const getQueryOrder = (sort: SortField): QueryOrder => { - switch (sort.field) { - case NetworkUsersFields.name: - return { _key: sort.direction }; - case NetworkUsersFields.count: - return { _count: sort.direction }; - default: - return assertUnreachable(sort.field); +const getQueryOrder = (sort: NetworkUsersRequestOptions['sort']): QueryOrder => { + if (sort.field === NetworkUsersFields.name) { + return { _key: sort.direction }; + } else if (sort.field === NetworkUsersFields.count) { + return { _count: sort.direction }; + } else { + return assertUnreachable(sort.field as never); } }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/related_entities/related_hosts/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/related_entities/related_hosts/__mocks__/index.ts index 5cbc3a39db334..979f80440d44e 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/related_entities/related_hosts/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/related_entities/related_hosts/__mocks__/index.ts @@ -10,13 +10,13 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { SavedObjectsClientContract } from '@kbn/core-saved-objects-api-server'; import type { EndpointAppContextService } from '../../../../../../endpoint/endpoint_app_context_services'; import type { EndpointAppContext } from '../../../../../../endpoint/types'; -import type { UsersRelatedHostsRequestOptions } from '../../../../../../../common/search_strategy/security_solution/related_entities/related_hosts'; import { RelatedEntitiesQueries } from '../../../../../../../common/search_strategy/security_solution/related_entities'; import { elasticsearchServiceMock } from '@kbn/core/server/mocks'; import { allowedExperimentalValues } from '../../../../../../../common/experimental_features'; import { createMockConfig } from '../../../../../../lib/detection_engine/routes/__mocks__'; +import type { RelatedHostsRequestOptions } from '../../../../../../../common/api/search_strategy'; -export const mockOptions: UsersRelatedHostsRequestOptions = { +export const mockOptions: RelatedHostsRequestOptions = { defaultIndex: ['test_indices*'], factoryQueryType: RelatedEntitiesQueries.relatedHosts, userName: 'user1', diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/related_entities/related_hosts/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/related_entities/related_hosts/index.ts index 3bd74e310d77f..ee4787c83c912 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/related_entities/related_hosts/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/related_entities/related_hosts/index.ts @@ -13,7 +13,6 @@ import type { SecuritySolutionFactory } from '../../types'; import type { EndpointAppContext } from '../../../../../endpoint/types'; import type { RelatedEntitiesQueries } from '../../../../../../common/search_strategy/security_solution/related_entities'; import type { - UsersRelatedHostsRequestOptions, UsersRelatedHostsStrategyResponse, RelatedHostBucket, RelatedHost, @@ -23,9 +22,9 @@ import { getHostRiskData } from '../../hosts/all'; import { inspectStringifyObject } from '../../../../../utils/build_query'; export const usersRelatedHosts: SecuritySolutionFactory = { - buildDsl: (options: UsersRelatedHostsRequestOptions) => buildRelatedHostsQuery(options), + buildDsl: (options) => buildRelatedHostsQuery(options), parse: async ( - options: UsersRelatedHostsRequestOptions, + options, response: IEsSearchResponse, deps?: { esClient: IScopedClusterClient; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/related_entities/related_hosts/query.related_hosts.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/related_entities/related_hosts/query.related_hosts.dsl.ts index cb8668c179fea..c03fb4a25c36f 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/related_entities/related_hosts/query.related_hosts.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/related_entities/related_hosts/query.related_hosts.dsl.ts @@ -6,13 +6,13 @@ */ import type { ISearchRequestParams } from '@kbn/data-plugin/common'; -import type { UsersRelatedHostsRequestOptions } from '../../../../../../common/search_strategy/security_solution/related_entities/related_hosts'; +import type { RelatedHostsRequestOptions } from '../../../../../../common/api/search_strategy'; export const buildRelatedHostsQuery = ({ userName, defaultIndex, from, -}: UsersRelatedHostsRequestOptions): ISearchRequestParams => { +}: RelatedHostsRequestOptions): ISearchRequestParams => { const now = new Date(); const filter = [ { term: { 'user.name': userName } }, diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/related_entities/related_users/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/related_entities/related_users/__mocks__/index.ts index 062bb595bce1c..c503928861472 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/related_entities/related_users/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/related_entities/related_users/__mocks__/index.ts @@ -10,13 +10,13 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { SavedObjectsClientContract } from '@kbn/core-saved-objects-api-server'; import type { EndpointAppContextService } from '../../../../../../endpoint/endpoint_app_context_services'; import type { EndpointAppContext } from '../../../../../../endpoint/types'; -import type { HostsRelatedUsersRequestOptions } from '../../../../../../../common/search_strategy/security_solution/related_entities/related_users'; import { RelatedEntitiesQueries } from '../../../../../../../common/search_strategy/security_solution/related_entities'; import { elasticsearchServiceMock } from '@kbn/core/server/mocks'; import { allowedExperimentalValues } from '../../../../../../../common/experimental_features'; import { createMockConfig } from '../../../../../../lib/detection_engine/routes/__mocks__'; +import type { RelatedUsersRequestOptions } from '../../../../../../../common/api/search_strategy'; -export const mockOptions: HostsRelatedUsersRequestOptions = { +export const mockOptions: RelatedUsersRequestOptions = { defaultIndex: ['test_indices*'], factoryQueryType: RelatedEntitiesQueries.relatedUsers, hostName: 'host1', diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/related_entities/related_users/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/related_entities/related_users/index.ts index 1dce51f337130..abe95325ebce1 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/related_entities/related_users/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/related_entities/related_users/index.ts @@ -12,7 +12,6 @@ import type { RiskSeverity } from '../../../../../../common/search_strategy/secu import type { SecuritySolutionFactory } from '../../types'; import type { RelatedEntitiesQueries } from '../../../../../../common/search_strategy/security_solution/related_entities'; import type { - HostsRelatedUsersRequestOptions, HostsRelatedUsersStrategyResponse, RelatedUserBucket, RelatedUser, @@ -22,9 +21,9 @@ import { buildRelatedUsersQuery } from './query.related_users.dsl'; import { getUserRiskData } from '../../users/all'; export const hostsRelatedUsers: SecuritySolutionFactory = { - buildDsl: (options: HostsRelatedUsersRequestOptions) => buildRelatedUsersQuery(options), + buildDsl: (options) => buildRelatedUsersQuery(options), parse: async ( - options: HostsRelatedUsersRequestOptions, + options, response: IEsSearchResponse, deps?: { esClient: IScopedClusterClient; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/related_entities/related_users/query.related_users.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/related_entities/related_users/query.related_users.dsl.ts index 8824c4c359dec..8cc94a2e0c8f4 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/related_entities/related_users/query.related_users.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/related_entities/related_users/query.related_users.dsl.ts @@ -6,13 +6,13 @@ */ import type { ISearchRequestParams } from '@kbn/data-plugin/common'; -import type { HostsRelatedUsersRequestOptions } from '../../../../../../common/search_strategy/security_solution/related_entities/related_users'; +import type { RelatedUsersRequestOptions } from '../../../../../../common/api/search_strategy'; export const buildRelatedUsersQuery = ({ hostName, defaultIndex, from, -}: HostsRelatedUsersRequestOptions): ISearchRequestParams => { +}: RelatedUsersRequestOptions): ISearchRequestParams => { const now = new Date(); const filter = [ { term: { 'host.name': hostName } }, diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/risk_score/all/index.test.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/risk_score/all/index.test.ts index 227744fcc88f1..b1e0d69f9c3c9 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/risk_score/all/index.test.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/risk_score/all/index.test.ts @@ -10,16 +10,15 @@ import type { KibanaRequest } from '@kbn/core-http-server'; import type { SavedObjectsClientContract } from '@kbn/core-saved-objects-api-server'; import { riskScore } from '.'; import type { IEsSearchResponse } from '@kbn/data-plugin/public'; -import type { - HostRiskScore, - RiskScoreRequestOptions, -} from '../../../../../../common/search_strategy'; +import type { HostRiskScore } from '../../../../../../common/search_strategy'; import { RiskScoreEntity, RiskSeverity } from '../../../../../../common/search_strategy'; import * as buildQuery from './query.risk_score.dsl'; import { get } from 'lodash/fp'; import { ruleRegistryMocks } from '@kbn/rule-registry-plugin/server/mocks'; import type { IRuleDataClient } from '@kbn/rule-registry-plugin/server'; import { createMockEndpointAppContext } from '../../../../../endpoint/mocks'; +import type { RiskScoreRequestOptions } from '../../../../../../common/api/search_strategy'; +import { RiskQueries } from '../../../../../../common/api/search_strategy'; export const mockSearchStrategyResponse: IEsSearchResponse = { rawResponse: { @@ -79,6 +78,7 @@ export const mockOptions: RiskScoreRequestOptions = { defaultIndex: ['logs-*'], riskScoreEntity: RiskScoreEntity.host, includeAlertsCount: true, + factoryQueryType: RiskQueries.hostsRiskScore, }; describe('buildRiskScoreQuery search strategy', () => { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/risk_score/all/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/risk_score/all/index.ts index 28602d82dbed6..82836855b8529 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/risk_score/all/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/risk_score/all/index.ts @@ -11,7 +11,6 @@ import type { IRuleDataClient } from '@kbn/rule-registry-plugin/server'; import type { AggregationsMinAggregate } from '@elastic/elasticsearch/lib/api/types'; import type { SecuritySolutionFactory } from '../../types'; import type { - RiskScoreRequestOptions, RiskQueries, BucketItem, HostRiskScore, @@ -26,7 +25,7 @@ import { getTotalCount } from '../../cti/event_enrichment/helpers'; export const riskScore: SecuritySolutionFactory< RiskQueries.hostsRiskScore | RiskQueries.usersRiskScore > = { - buildDsl: (options: RiskScoreRequestOptions) => { + buildDsl: (options) => { if (options.pagination && options.pagination.querySize >= DEFAULT_MAX_TABLE_QUERY_SIZE) { throw new Error(`No query size above ${DEFAULT_MAX_TABLE_QUERY_SIZE}`); } @@ -34,7 +33,7 @@ export const riskScore: SecuritySolutionFactory< return buildRiskScoreQuery(options); }, parse: async ( - options: RiskScoreRequestOptions, + options, response: IEsSearchResponse, deps?: { spaceId?: string; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/risk_score/all/query.risk_score.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/risk_score/all/query.risk_score.dsl.ts index fb105f6514ead..bb28b1de4fe63 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/risk_score/all/query.risk_score.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/risk_score/all/query.risk_score.dsl.ts @@ -6,10 +6,7 @@ */ import type { Sort } from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; -import type { - RiskScoreRequestOptions, - RiskScoreSortField, -} from '../../../../../../common/search_strategy'; +import type { RiskScoreRequestOptions } from '../../../../../../common/api/search_strategy'; import { Direction, RiskScoreFields, @@ -65,7 +62,7 @@ export const buildRiskScoreQuery = ({ return dslQuery; }; -const getQueryOrder = (sort?: RiskScoreSortField): Sort => { +const getQueryOrder = (sort?: RiskScoreRequestOptions['sort']): Sort => { if (!sort) { return [ { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/risk_score/kpi/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/risk_score/kpi/__mocks__/index.ts index e494849cc6ceb..0cc4f4b5ab409 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/risk_score/kpi/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/risk_score/kpi/__mocks__/index.ts @@ -5,10 +5,10 @@ * 2.0. */ -import type { KpiRiskScoreRequestOptions } from '../../../../../../../common/search_strategy'; +import type { RiskScoreKpiRequestOptionsInput } from '../../../../../../../common/api/search_strategy'; import { RiskScoreEntity, RiskQueries } from '../../../../../../../common/search_strategy'; -export const mockOptions: KpiRiskScoreRequestOptions = { +export const mockOptions: RiskScoreKpiRequestOptionsInput = { defaultIndex: [ 'apm-*-transaction*', 'traces-apm*', diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/risk_score/kpi/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/risk_score/kpi/index.ts index 6e3901e66892e..333b59bc15c04 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/risk_score/kpi/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/risk_score/kpi/index.ts @@ -9,7 +9,6 @@ import { getOr } from 'lodash/fp'; import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { - KpiRiskScoreRequestOptions, KpiRiskScoreStrategyResponse, RiskQueries, RiskSeverity, @@ -25,9 +24,9 @@ interface AggBucket { } export const kpiRiskScore: SecuritySolutionFactory = { - buildDsl: (options: KpiRiskScoreRequestOptions) => buildKpiRiskScoreQuery(options), + buildDsl: (options) => buildKpiRiskScoreQuery(options), parse: async ( - options: KpiRiskScoreRequestOptions, + options, response: IEsSearchResponse ): Promise => { const inspect = { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/risk_score/kpi/query.kpi_risk_score.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/risk_score/kpi/query.kpi_risk_score.dsl.ts index f68eb647ad88c..4a98089eb239c 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/risk_score/kpi/query.kpi_risk_score.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/risk_score/kpi/query.kpi_risk_score.dsl.ts @@ -5,15 +5,15 @@ * 2.0. */ +import type { RiskScoreKpiRequestOptions } from '../../../../../../common/api/search_strategy'; import { RiskScoreEntity, RiskScoreFields } from '../../../../../../common/search_strategy'; -import type { KpiRiskScoreRequestOptions } from '../../../../../../common/search_strategy'; import { createQueryFilterClauses } from '../../../../../utils/build_query'; export const buildKpiRiskScoreQuery = ({ defaultIndex, filterQuery, entity, -}: KpiRiskScoreRequestOptions) => { +}: RiskScoreKpiRequestOptions) => { const filter = [...createQueryFilterClauses(filterQuery)]; const dslQuery = { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/all/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/all/__mocks__/index.ts index 521f315d2411e..2670f2d5b9b65 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/all/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/all/__mocks__/index.ts @@ -9,11 +9,11 @@ import type { KibanaRequest } from '@kbn/core-http-server'; import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import { Direction } from '../../../../../../../common/search_strategy'; import { UsersQueries } from '../../../../../../../common/search_strategy/security_solution/users'; -import type { UsersRequestOptions } from '../../../../../../../common/search_strategy/security_solution/users/all'; import { UsersFields } from '../../../../../../../common/search_strategy/security_solution/users/common'; import { elasticsearchServiceMock } from '@kbn/core/server/mocks'; import type { SavedObjectsClientContract } from '@kbn/core-saved-objects-api-server'; import { createMockEndpointAppContext } from '../../../../../../endpoint/mocks'; +import type { UsersRequestOptions } from '../../../../../../../common/api/search_strategy'; export const mockOptions: UsersRequestOptions = { defaultIndex: ['test_indices*'], diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/all/index.test.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/all/index.test.ts index 18bc75edb5304..4a654a5e86f61 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/all/index.test.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/all/index.test.ts @@ -10,11 +10,11 @@ import { DEFAULT_MAX_TABLE_QUERY_SIZE } from '../../../../../../common/constants import * as buildQuery from './query.all_users.dsl'; import { allUsers } from '.'; import { mockDeps, mockOptions, mockSearchStrategyResponse } from './__mocks__'; -import type { UsersRequestOptions } from '../../../../../../common/search_strategy/security_solution/users/all'; import * as buildRiskQuery from '../../risk_score/all/query.risk_score.dsl'; import { get } from 'lodash/fp'; import { RiskScoreEntity } from '../../../../../../common/search_strategy'; +import type { UsersRequestOptions } from '../../../../../../common/api/search_strategy'; class IndexNotFoundException extends Error { meta: { body: { error: { type: string } } }; @@ -117,6 +117,7 @@ describe('allHosts search strategy', () => { defaultIndex: ['ml_user_risk_score_latest_test-space'], filterQuery: { terms: { 'user.name': userName } }, riskScoreEntity: RiskScoreEntity.user, + factoryQueryType: expect.stringContaining('RiskScore'), }); }); diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/all/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/all/index.ts index a3391a48b5e2b..8f1836e8a05dc 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/all/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/all/index.ts @@ -17,27 +17,27 @@ import { buildUsersQuery } from './query.all_users.dsl'; import type { UsersQueries } from '../../../../../../common/search_strategy/security_solution/users'; import type { User, - UsersRequestOptions, UsersStrategyResponse, } from '../../../../../../common/search_strategy/security_solution/users/all'; import type { AllUsersAggEsItem } from '../../../../../../common/search_strategy/security_solution/users/common'; import { buildRiskScoreQuery } from '../../risk_score/all/query.risk_score.dsl'; import type { RiskSeverity, UserRiskScore } from '../../../../../../common/search_strategy'; import { - RiskScoreEntity, buildUserNamesFilter, getUserRiskIndex, + RiskScoreEntity, + RiskQueries, } from '../../../../../../common/search_strategy'; export const allUsers: SecuritySolutionFactory = { - buildDsl: (options: UsersRequestOptions) => { + buildDsl: (options) => { if (options.pagination && options.pagination.querySize >= DEFAULT_MAX_TABLE_QUERY_SIZE) { throw new Error(`No query size above ${DEFAULT_MAX_TABLE_QUERY_SIZE}`); } return buildUsersQuery(options); }, parse: async ( - options: UsersRequestOptions, + options, response: IEsSearchResponse, deps?: { esClient: IScopedClusterClient; @@ -140,6 +140,7 @@ export async function getUserRiskData( defaultIndex: [getUserRiskIndex(spaceId, true, isNewRiskScoreModuleAvailable)], filterQuery: buildUserNamesFilter(userNames), riskScoreEntity: RiskScoreEntity.user, + factoryQueryType: RiskQueries.usersRiskScore, }) ); return userRiskResponse; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/all/query.all_users.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/all/query.all_users.dsl.ts index 56b90a2972c3e..792830bf65b78 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/all/query.all_users.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/all/query.all_users.dsl.ts @@ -6,20 +6,22 @@ */ import type { ISearchRequestParams } from '@kbn/data-plugin/common'; +import type { UsersRequestOptions } from '../../../../../../common/api/search_strategy'; import type { Direction } from '../../../../../../common/search_strategy'; import { createQueryFilterClauses } from '../../../../../utils/build_query'; -import type { UsersRequestOptions } from '../../../../../../common/search_strategy/security_solution/users/all'; -import type { SortUsersField } from '../../../../../../common/search_strategy/security_solution/users/common'; import { UsersFields } from '../../../../../../common/search_strategy/security_solution/users/common'; import { assertUnreachable } from '../../../../../../common/utility_types'; export const buildUsersQuery = ({ defaultIndex, filterQuery, - pagination: { querySize }, + pagination, sort, timerange: { from, to }, }: UsersRequestOptions): ISearchRequestParams => { + // TODO: replace magic number with defaults + const { querySize } = pagination || { activePage: 0, querySize: 10 }; + const filter = [ ...createQueryFilterClauses(filterQuery), { @@ -80,13 +82,14 @@ export const buildUsersQuery = ({ type QueryOrder = { lastSeen: Direction } | { domain: Direction } | { _key: Direction }; -const getQueryOrder = (sort: SortUsersField): QueryOrder => { - switch (sort.field) { - case UsersFields.lastSeen: - return { lastSeen: sort.direction }; - case UsersFields.name: - return { _key: sort.direction }; - default: - return assertUnreachable(sort.field); +const getQueryOrder = (sort: UsersRequestOptions['sort']): QueryOrder => { + if (!sort) return assertUnreachable(sort); + + if (sort.field === UsersFields.lastSeen) { + return { lastSeen: sort.direction }; + } else if (sort.field === UsersFields.name) { + return { _key: sort.direction }; + } else { + throw new Error(`Invalid sort field provided for Users query: "${sort.field}"`); } }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/authentications/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/authentications/__mocks__/index.ts index 500e5bca6bca2..65da6d7a48d94 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/authentications/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/authentications/__mocks__/index.ts @@ -6,10 +6,8 @@ */ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; -import type { - UserAuthenticationsRequestOptions, - AuthenticationHit, -} from '../../../../../../../common/search_strategy'; +import type { UserAuthenticationsRequestOptions } from '../../../../../../../common/api/search_strategy'; +import type { AuthenticationHit } from '../../../../../../../common/search_strategy'; import { Direction, UsersQueries, diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/authentications/dsl/query.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/authentications/dsl/query.dsl.ts index 1c9f89254ff8f..5c10902482a50 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/authentications/dsl/query.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/authentications/dsl/query.dsl.ts @@ -6,7 +6,7 @@ */ import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; -import type { UserAuthenticationsRequestOptions } from '../../../../../../../common/search_strategy/security_solution/users/authentications'; +import type { UserAuthenticationsRequestOptions } from '../../../../../../../common/api/search_strategy'; import { createQueryFilterClauses } from '../../../../../../utils/build_query'; import { authenticationsFields } from '../helpers'; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/authentications/index.test.tsx b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/authentications/index.test.ts similarity index 97% rename from x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/authentications/index.test.tsx rename to x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/authentications/index.test.ts index 3ad509e420757..7b85c45b2f8b6 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/authentications/index.test.tsx +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/authentications/index.test.ts @@ -14,7 +14,7 @@ import { mockSearchStrategyResponse, formattedSearchStrategyResponse, } from './__mocks__'; -import type { UserAuthenticationsRequestOptions } from '../../../../../../common/search_strategy'; +import type { UserAuthenticationsRequestOptions } from '../../../../../../common/api/search_strategy'; describe('authentications search strategy', () => { const buildAuthenticationQuery = jest.spyOn(buildQuery, 'buildQuery'); diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/authentications/index.tsx b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/authentications/index.tsx index 0024444247fa4..9ef7ab6a2f7da 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/authentications/index.tsx +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/authentications/index.tsx @@ -13,7 +13,6 @@ import { DEFAULT_MAX_TABLE_QUERY_SIZE } from '../../../../../../common/constants import type { AuthenticationHit, AuthenticationsEdges, - UserAuthenticationsRequestOptions, UserAuthenticationsStrategyResponse, } from '../../../../../../common/search_strategy'; import type { UsersQueries } from '../../../../../../common/search_strategy/security_solution/users'; @@ -25,7 +24,7 @@ import { buildQuery as buildAuthenticationQuery } from './dsl/query.dsl'; import { formatAuthenticationData, getHits } from './helpers'; export const authentications: SecuritySolutionFactory = { - buildDsl: (options: UserAuthenticationsRequestOptions) => { + buildDsl: (options) => { if (options.pagination && options.pagination.querySize >= DEFAULT_MAX_TABLE_QUERY_SIZE) { throw new Error(`No query size above ${DEFAULT_MAX_TABLE_QUERY_SIZE}`); } @@ -33,7 +32,7 @@ export const authentications: SecuritySolutionFactory ): Promise => { const { activePage, cursorStart, fakePossibleCount, querySize } = options.pagination; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/kpi/authentications/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/kpi/authentications/index.ts index e8bba0eaba107..d8b8d3ba827f2 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/kpi/authentications/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/kpi/authentications/index.ts @@ -12,17 +12,15 @@ import { inspectStringifyObject } from '../../../../../../utils/build_query'; import type { SecuritySolutionFactory } from '../../../types'; import { buildUsersKpiAuthenticationsQuery } from './query.users_kpi_authentications.dsl'; import type { - UsersKpiAuthenticationsRequestOptions, UsersKpiAuthenticationsStrategyResponse, UsersQueries, } from '../../../../../../../common/search_strategy'; import { formatGeneralHistogramData } from '../../../common/format_general_histogram_data'; export const usersKpiAuthentications: SecuritySolutionFactory = { - buildDsl: (options: UsersKpiAuthenticationsRequestOptions) => - buildUsersKpiAuthenticationsQuery(options), + buildDsl: (options) => buildUsersKpiAuthenticationsQuery(options), parse: async ( - options: UsersKpiAuthenticationsRequestOptions, + options, response: IEsSearchResponse ): Promise => { const inspect = { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/kpi/authentications/query.users_kpi_authentications.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/kpi/authentications/query.users_kpi_authentications.dsl.ts index fd087dbb17eff..e3e5af4a32a5e 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/kpi/authentications/query.users_kpi_authentications.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/kpi/authentications/query.users_kpi_authentications.dsl.ts @@ -5,14 +5,14 @@ * 2.0. */ -import type { UsersKpiAuthenticationsRequestOptions } from '../../../../../../../common/search_strategy'; +import type { AuthenticationsKpiRequestOptions } from '../../../../../../../common/api/search_strategy/users/kpi/authentications'; import { createQueryFilterClauses } from '../../../../../../utils/build_query'; export const buildUsersKpiAuthenticationsQuery = ({ filterQuery, timerange: { from, to }, defaultIndex, -}: UsersKpiAuthenticationsRequestOptions) => { +}: AuthenticationsKpiRequestOptions) => { const filter = [ ...createQueryFilterClauses(filterQuery), { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/kpi/total_users/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/kpi/total_users/index.ts index 1d47f5d034820..7086b1c6f4f45 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/kpi/total_users/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/kpi/total_users/index.ts @@ -15,10 +15,7 @@ import { getOr } from 'lodash/fp'; import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { UsersQueries } from '../../../../../../../common/search_strategy/security_solution/users'; -import type { - TotalUsersKpiRequestOptions, - TotalUsersKpiStrategyResponse, -} from '../../../../../../../common/search_strategy/security_solution/users/kpi/total_users'; +import type { TotalUsersKpiStrategyResponse } from '../../../../../../../common/search_strategy/security_solution/users/kpi/total_users'; import { inspectStringifyObject } from '../../../../../../utils/build_query'; import type { SecuritySolutionFactory } from '../../../types'; @@ -26,9 +23,9 @@ import { buildTotalUsersKpiQuery } from './query.build_total_users_kpi.dsl'; import { formatGeneralHistogramData } from '../../../common/format_general_histogram_data'; export const totalUsersKpi: SecuritySolutionFactory = { - buildDsl: (options: TotalUsersKpiRequestOptions) => buildTotalUsersKpiQuery(options), + buildDsl: (options) => buildTotalUsersKpiQuery(options), parse: async ( - options: TotalUsersKpiRequestOptions, + options, response: IEsSearchResponse ): Promise => { const inspect = { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/kpi/total_users/query.build_total_users_kpi.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/kpi/total_users/query.build_total_users_kpi.dsl.ts index 7c5f2619e7f12..9ff10bd22cb1f 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/kpi/total_users/query.build_total_users_kpi.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/kpi/total_users/query.build_total_users_kpi.dsl.ts @@ -5,14 +5,14 @@ * 2.0. */ -import type { HostsKpiHostsRequestOptions } from '../../../../../../../common/search_strategy/security_solution/hosts'; +import type { TotalUsersKpiRequestOptions } from '../../../../../../../common/api/search_strategy'; import { createQueryFilterClauses } from '../../../../../../utils/build_query'; export const buildTotalUsersKpiQuery = ({ filterQuery, timerange: { from, to }, defaultIndex, -}: HostsKpiHostsRequestOptions) => { +}: TotalUsersKpiRequestOptions) => { const filter = [ ...createQueryFilterClauses(filterQuery), { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/managed_details/__snapshots__/index.test.tsx.snap b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/managed_details/__snapshots__/index.test.ts.snap similarity index 100% rename from x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/managed_details/__snapshots__/index.test.tsx.snap rename to x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/managed_details/__snapshots__/index.test.ts.snap diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/managed_details/index.test.tsx b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/managed_details/index.test.ts similarity index 88% rename from x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/managed_details/index.test.tsx rename to x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/managed_details/index.test.ts index cbd601efa90fa..0c02b0347d121 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/managed_details/index.test.tsx +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/managed_details/index.test.ts @@ -7,15 +7,15 @@ import * as buildQuery from './query.managed_user_details.dsl'; import { managedUserDetails } from '.'; -import type { - AzureManagedUser, - ManagedUserDetailsRequestOptions, -} from '../../../../../../common/search_strategy/security_solution/users/managed_details'; +import type { AzureManagedUser } from '../../../../../../common/search_strategy/security_solution/users/managed_details'; import type { IEsSearchResponse } from '@kbn/data-plugin/public'; +import type { ManagedUserDetailsRequestOptionsInput } from '../../../../../../common/api/search_strategy'; +import { UsersQueries } from '../../../../../../common/api/search_strategy'; -export const mockOptions: ManagedUserDetailsRequestOptions = { +export const mockOptions: ManagedUserDetailsRequestOptionsInput = { defaultIndex: ['logs-*'], userName: 'test-user-name', + factoryQueryType: UsersQueries.managedDetails, }; export const mockSearchStrategyResponse: IEsSearchResponse = { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/managed_details/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/managed_details/index.ts index def73159a4793..8175b2bda9c03 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/managed_details/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/managed_details/index.ts @@ -14,14 +14,13 @@ import { buildManagedUserDetailsQuery } from './query.managed_user_details.dsl'; import type { UsersQueries } from '../../../../../../common/search_strategy/security_solution/users'; import type { AzureManagedUser, - ManagedUserDetailsRequestOptions, ManagedUserDetailsStrategyResponse, } from '../../../../../../common/search_strategy/security_solution/users/managed_details'; export const managedUserDetails: SecuritySolutionFactory = { - buildDsl: (options: ManagedUserDetailsRequestOptions) => buildManagedUserDetailsQuery(options), + buildDsl: (options) => buildManagedUserDetailsQuery(options), parse: async ( - options: ManagedUserDetailsRequestOptions, + options, response: IEsSearchResponse ): Promise => { const inspect = { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/managed_details/query.managed_user_details.dsl.test.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/managed_details/query.managed_user_details.dsl.test.ts index 9f29bc98f287f..f5b6d9a7ef8d7 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/managed_details/query.managed_user_details.dsl.test.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/managed_details/query.managed_user_details.dsl.test.ts @@ -5,12 +5,14 @@ * 2.0. */ -import type { ManagedUserDetailsRequestOptions } from '../../../../../../common/search_strategy/security_solution/users/managed_details'; +import type { ManagedUserDetailsRequestOptions } from '../../../../../../common/api/search_strategy'; +import { UsersQueries } from '../../../../../../common/api/search_strategy'; import { buildManagedUserDetailsQuery } from './query.managed_user_details.dsl'; export const mockOptions: ManagedUserDetailsRequestOptions = { defaultIndex: ['logs-*'], userName: 'test-user-name', + factoryQueryType: UsersQueries.managedDetails, }; describe('buildManagedUserDetailsQuery', () => { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/managed_details/query.managed_user_details.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/managed_details/query.managed_user_details.dsl.ts index 8af2bbee0aa0a..ae295829c436a 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/managed_details/query.managed_user_details.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/managed_details/query.managed_user_details.dsl.ts @@ -6,8 +6,8 @@ */ import type { ISearchRequestParams } from '@kbn/data-plugin/common'; +import type { ManagedUserDetailsRequestOptions } from '../../../../../../common/api/search_strategy'; import { EVENT_KIND_ASSET_FILTER } from '../../../../../../common/search_strategy'; -import type { ManagedUserDetailsRequestOptions } from '../../../../../../common/search_strategy/security_solution/users/managed_details'; export const buildManagedUserDetailsQuery = ({ userName, diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/observed_details/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/observed_details/__mocks__/index.ts index 9cf6a6089e21e..de5bc36045877 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/observed_details/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/observed_details/__mocks__/index.ts @@ -6,10 +6,9 @@ */ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; +import type { ObservedUserDetailsRequestOptions } from '../../../../../../../common/api/search_strategy'; import { UsersQueries } from '../../../../../../../common/search_strategy/security_solution/users'; -import type { ObservedUserDetailsRequestOptions } from '../../../../../../../common/search_strategy/security_solution/users/observed_details'; - export const mockOptions: ObservedUserDetailsRequestOptions = { defaultIndex: ['test_indices*'], factoryQueryType: UsersQueries.observedDetails, diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/observed_details/__snapshots__/index.test.tsx.snap b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/observed_details/__snapshots__/index.test.ts.snap similarity index 100% rename from x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/observed_details/__snapshots__/index.test.tsx.snap rename to x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/observed_details/__snapshots__/index.test.ts.snap diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/observed_details/index.test.tsx b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/observed_details/index.test.ts similarity index 100% rename from x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/observed_details/index.test.tsx rename to x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/observed_details/index.test.ts diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/observed_details/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/observed_details/index.ts index 7fd64694fc198..f91ab3b369466 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/observed_details/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/observed_details/index.ts @@ -12,16 +12,13 @@ import type { SecuritySolutionFactory } from '../../types'; import { buildObservedUserDetailsQuery } from './query.observed_user_details.dsl'; import type { UsersQueries } from '../../../../../../common/search_strategy/security_solution/users'; -import type { - ObservedUserDetailsRequestOptions, - ObservedUserDetailsStrategyResponse, -} from '../../../../../../common/search_strategy/security_solution/users/observed_details'; +import type { ObservedUserDetailsStrategyResponse } from '../../../../../../common/search_strategy/security_solution/users/observed_details'; import { formatUserItem } from './helpers'; export const observedUserDetails: SecuritySolutionFactory = { - buildDsl: (options: ObservedUserDetailsRequestOptions) => buildObservedUserDetailsQuery(options), + buildDsl: (options) => buildObservedUserDetailsQuery(options), parse: async ( - options: ObservedUserDetailsRequestOptions, + options, response: IEsSearchResponse ): Promise => { const aggregations = response.rawResponse.aggregations; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/observed_details/query.observed_user_details.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/observed_details/query.observed_user_details.dsl.ts index efbf49231486e..d26af4d198ae9 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/observed_details/query.observed_user_details.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/observed_details/query.observed_user_details.dsl.ts @@ -7,7 +7,7 @@ import type { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; import type { ISearchRequestParams } from '@kbn/data-plugin/common'; -import type { ObservedUserDetailsRequestOptions } from '../../../../../../common/search_strategy/security_solution/users/observed_details'; +import type { ObservedUserDetailsRequestOptions } from '../../../../../../common/api/search_strategy'; import { createQueryFilterClauses } from '../../../../../utils/build_query'; import { buildFieldsTermAggregation } from '../../hosts/details/helpers'; import { USER_FIELDS } from './helpers'; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/index.ts index 1acb6687b8ace..ede2f76c64bb9 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/index.ts @@ -8,44 +8,30 @@ import { map, mergeMap } from 'rxjs/operators'; import type { ISearchStrategy, PluginStart } from '@kbn/data-plugin/server'; import { shimHitsTotal } from '@kbn/data-plugin/server'; -import { ENHANCED_ES_SEARCH_STRATEGY } from '@kbn/data-plugin/common'; import type { KibanaRequest } from '@kbn/core/server'; import type { IRuleDataClient } from '@kbn/rule-registry-plugin/server'; -import type { - FactoryQueryTypes, - StrategyResponseType, - StrategyRequestType, -} from '../../../common/search_strategy/security_solution'; +import { ENHANCED_ES_SEARCH_STRATEGY } from '@kbn/data-plugin/common'; +import type { z } from 'zod'; +import { searchStrategyRequestSchema } from '../../../common/api/search_strategy'; import { securitySolutionFactory } from './factory'; -import type { SecuritySolutionFactory } from './factory/types'; import type { EndpointAppContext } from '../../endpoint/types'; -function isObj(req: unknown): req is Record { - return typeof req === 'object' && req !== null; -} -function assertValidRequestType( - req: unknown -): asserts req is StrategyRequestType & { factoryQueryType: FactoryQueryTypes } { - if (!isObj(req) || req.factoryQueryType == null) { - throw new Error('factoryQueryType is required'); - } -} - -export const securitySolutionSearchStrategyProvider = ( +export const securitySolutionSearchStrategyProvider = ( data: PluginStart, endpointContext: EndpointAppContext, getSpaceId?: (request: KibanaRequest) => string, ruleDataClient?: IRuleDataClient | null -): ISearchStrategy, StrategyResponseType> => { + // eslint-disable-next-line @typescript-eslint/no-explicit-any +): ISearchStrategy, any> => { const es = data.search.getSearchStrategy(ENHANCED_ES_SEARCH_STRATEGY); return { search: (request, options, deps) => { - assertValidRequestType(request); + const parsedRequest = searchStrategyRequestSchema.parse(request); + + const queryFactory = securitySolutionFactory[parsedRequest.factoryQueryType]; - const queryFactory: SecuritySolutionFactory = - securitySolutionFactory[request.factoryQueryType]; - const dsl = queryFactory.buildDsl(request); + const dsl = queryFactory.buildDsl(parsedRequest); return es.search({ ...request, params: dsl }, options, deps).pipe( map((response) => { return { @@ -56,7 +42,7 @@ export const securitySolutionSearchStrategyProvider = - queryFactory.parse(request, esSearchRes, { + queryFactory.parse(parsedRequest, esSearchRes, { esClient: deps.esClient, savedObjectsClient: deps.savedObjectsClient, endpointContext, diff --git a/x-pack/plugins/timelines/common/api/search_strategy/index.ts b/x-pack/plugins/timelines/common/api/search_strategy/index.ts new file mode 100644 index 0000000000000..4ff442c13f62a --- /dev/null +++ b/x-pack/plugins/timelines/common/api/search_strategy/index.ts @@ -0,0 +1,25 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; + +export * from './index_fields'; + +import * as timelineSchemas from './timeline/timeline'; + +export * from './timeline/timeline'; + +export * from './model/timeline_events_queries'; + +export * from './model/runtime_mappings'; + +export const searchStrategyRequestSchema = z.discriminatedUnion('factoryQueryType', [ + timelineSchemas.timelineEventsAllSchema, + timelineSchemas.timelineEventsDetailsSchema, + timelineSchemas.timelineEventsLastEventTimeRequestSchema, + timelineSchemas.timelineKpiRequestOptionsSchema, +]); diff --git a/x-pack/plugins/timelines/common/api/search_strategy/index_fields.ts b/x-pack/plugins/timelines/common/api/search_strategy/index_fields.ts new file mode 100644 index 0000000000000..6d4ada5213fda --- /dev/null +++ b/x-pack/plugins/timelines/common/api/search_strategy/index_fields.ts @@ -0,0 +1,24 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; + +const indexFieldsRequestBase = z.object({ + onlyCheckIfIndicesExist: z.boolean().optional(), + includeUnmapped: z.boolean().optional(), +}); + +export const indexFieldsRequestSchema = z.union([ + indexFieldsRequestBase.extend({ + indices: z.array(z.string()), + }), + indexFieldsRequestBase.extend({ dataViewId: z.string() }), +]); + +export type IndexFieldsRequestInput = z.input; + +export type IndexFieldsRequest = z.infer; diff --git a/x-pack/plugins/timelines/common/api/search_strategy/model/filter_query.ts b/x-pack/plugins/timelines/common/api/search_strategy/model/filter_query.ts new file mode 100644 index 0000000000000..89c6e24dad231 --- /dev/null +++ b/x-pack/plugins/timelines/common/api/search_strategy/model/filter_query.ts @@ -0,0 +1,83 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; + +const esMatchQuerySchema = z.object({ + match: z.record( + z.string(), + z.object({ + query: z.string(), + operator: z.string(), + zero_terms_query: z.string(), + }) + ), +}); + +export type ESMatchQuery = z.infer; + +const esQueryStringQuerySchema = z.object({ + query_string: z.object({ + query: z.string(), + analyze_wildcard: z.boolean(), + }), +}); + +export type ESQueryStringQuery = z.infer; + +const esTermQuerySchema = z.object({ + term: z.record(z.string(), z.string()), +}); + +export type ESTermQuery = z.infer; + +const esBoolQuerySchema = z.object({ + bool: z.object({ + filter: z.array(z.object({})), + must: z.array(z.object({})), + must_not: z.array(z.object({})), + should: z.array(z.object({})), + }), +}); + +export type ESBoolQuery = z.infer; + +const esRangeQuerySchema = z.object({ + range: z.record( + z.string(), + z.object({ + gte: z.number(), + lte: z.number(), + format: z.string(), + }) + ), +}); + +export type ESRangeQuery = z.infer; + +const jsonObjectSchema = z.record(z.string(), z.any()); + +export type JsonObject = z.infer; + +export type ESQuery = + | ESRangeQuery + | ESQueryStringQuery + | ESMatchQuery + | ESTermQuery + | ESBoolQuery + | JsonObject; + +const esQuerySchema = z.union([ + esRangeQuerySchema, + esQueryStringQuerySchema, + esMatchQuerySchema, + esTermQuerySchema, + esBoolQuerySchema, + jsonObjectSchema, +]); + +export const filterQuery = z.union([z.string(), z.undefined(), esQuerySchema]); diff --git a/x-pack/plugins/timelines/common/api/search_strategy/model/language.ts b/x-pack/plugins/timelines/common/api/search_strategy/model/language.ts new file mode 100644 index 0000000000000..0301e2aa0581f --- /dev/null +++ b/x-pack/plugins/timelines/common/api/search_strategy/model/language.ts @@ -0,0 +1,10 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; + +export const language = z.union([z.literal('kuery'), z.literal('lucene')]); diff --git a/x-pack/plugins/timelines/common/api/search_strategy/model/order.ts b/x-pack/plugins/timelines/common/api/search_strategy/model/order.ts new file mode 100644 index 0000000000000..226234a211e82 --- /dev/null +++ b/x-pack/plugins/timelines/common/api/search_strategy/model/order.ts @@ -0,0 +1,11 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { Direction } from '../../../search_strategy'; + +export const order = z.enum([Direction.asc, Direction.desc]); diff --git a/x-pack/plugins/timelines/common/api/search_strategy/model/pagination.ts b/x-pack/plugins/timelines/common/api/search_strategy/model/pagination.ts new file mode 100644 index 0000000000000..b6472a608627e --- /dev/null +++ b/x-pack/plugins/timelines/common/api/search_strategy/model/pagination.ts @@ -0,0 +1,22 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; + +export type PaginationInputPaginatedInput = z.input; + +export const pagination = z + .object({ + /** The activePage parameter defines the page of results you want to fetch */ + activePage: z.number(), + /** The cursorStart parameter defines the start of the results to be displayed */ + cursorStart: z.number().optional(), + /** The querySize parameter is the number of items to be returned */ + querySize: z.number(), + }) + .passthrough() + .optional(); diff --git a/x-pack/plugins/timelines/common/api/search_strategy/model/runtime_mappings.ts b/x-pack/plugins/timelines/common/api/search_strategy/model/runtime_mappings.ts new file mode 100644 index 0000000000000..b3f16c1ed1236 --- /dev/null +++ b/x-pack/plugins/timelines/common/api/search_strategy/model/runtime_mappings.ts @@ -0,0 +1,49 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; + +export type MappingRuntimeFieldType = + | 'boolean' + | 'date' + | 'double' + | 'geo_point' + | 'ip' + | 'keyword' + | 'long' + | 'lookup'; + +export const runtimeMappings = z + .record( + z.object({ + type: z.union([ + z.literal('boolean'), + z.literal('date'), + z.literal('double'), + z.literal('geo_point'), + z.literal('ip'), + z.literal('keyword'), + z.literal('long'), + z.literal('lookup'), + ]), + script: z + .union([ + z.string(), + z.object({ source: z.string() }), + z.object({ id: z.string(), params: z.record(z.any()) }), + ]) + .optional(), + fetch_fields: z.array(z.string()).optional(), + format: z.string().optional(), + input_field: z.string().optional(), + target_field: z.string().optional(), + target_index: z.string().optional(), + }) + ) + .optional(); + +export type RunTimeMappings = z.infer; diff --git a/x-pack/plugins/timelines/common/api/search_strategy/model/sort.ts b/x-pack/plugins/timelines/common/api/search_strategy/model/sort.ts new file mode 100644 index 0000000000000..5a0d5ab9474ec --- /dev/null +++ b/x-pack/plugins/timelines/common/api/search_strategy/model/sort.ts @@ -0,0 +1,18 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { order } from './order'; + +export const sortItem = z.object({ + direction: order, + field: z.string(), + esTypes: z.array(z.string()).optional(), + type: z.string().optional(), +}); + +export const sort = z.array(sortItem); diff --git a/x-pack/plugins/timelines/common/api/search_strategy/model/timeline_events_queries.ts b/x-pack/plugins/timelines/common/api/search_strategy/model/timeline_events_queries.ts new file mode 100644 index 0000000000000..96bd4a1090d3d --- /dev/null +++ b/x-pack/plugins/timelines/common/api/search_strategy/model/timeline_events_queries.ts @@ -0,0 +1,13 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export enum TimelineEventsQueries { + all = 'eventsAll', + details = 'eventsDetails', + kpi = 'eventsKpi', + lastEventTime = 'eventsLastEventTime', +} diff --git a/x-pack/plugins/timelines/common/api/search_strategy/model/timerange.ts b/x-pack/plugins/timelines/common/api/search_strategy/model/timerange.ts new file mode 100644 index 0000000000000..f04ad37a82839 --- /dev/null +++ b/x-pack/plugins/timelines/common/api/search_strategy/model/timerange.ts @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; + +export const timerange = z.object({ + interval: z.string(), + from: z.string(), + to: z.string(), +}); diff --git a/x-pack/plugins/timelines/common/api/search_strategy/timeline/eql.ts b/x-pack/plugins/timelines/common/api/search_strategy/timeline/eql.ts new file mode 100644 index 0000000000000..c07aa3bf8c6cd --- /dev/null +++ b/x-pack/plugins/timelines/common/api/search_strategy/timeline/eql.ts @@ -0,0 +1,28 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { filterQuery } from '../model/filter_query'; +import { runtimeMappings } from '../model/runtime_mappings'; +import { sort } from '../model/sort'; +import { requestPaginated } from './request_paginated'; + +export const timelineEqlRequestOptionsSchema = requestPaginated.extend({ + sort, + filterQuery, + eventCategoryField: z.string().optional(), + tiebreakerField: z.string().optional(), + timestampField: z.string().optional(), + fieldRequested: z.array(z.string()), + size: z.number().optional(), + runTimeMappings: runtimeMappings.optional(), + language: z.literal('eql'), +}); + +export type TimelineEqlRequestOptionsInput = z.input; + +export type TimelineEqlRequestOptions = z.infer; diff --git a/x-pack/plugins/timelines/common/api/search_strategy/timeline/events_all.ts b/x-pack/plugins/timelines/common/api/search_strategy/timeline/events_all.ts new file mode 100644 index 0000000000000..84c046c348ab4 --- /dev/null +++ b/x-pack/plugins/timelines/common/api/search_strategy/timeline/events_all.ts @@ -0,0 +1,45 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { language } from '../model/language'; +import { runtimeMappings } from '../model/runtime_mappings'; +import { sortItem } from '../model/sort'; +import { TimelineEventsQueries } from '../model/timeline_events_queries'; +import { requestPaginated } from './request_paginated'; + +const extendedSortItem = sortItem.extend({ + esTypes: z.array(z.string()), +}); + +const sort = z.array(extendedSortItem); + +export const timelineEventsAllSchema = requestPaginated.extend({ + authFilter: z.object({}).optional(), + excludeEcsData: z.boolean().optional(), + fieldRequested: z.array(z.string()), + sort, + filterQuery: z.any(), + fields: z.array( + z.union([ + z.string(), + z.object({ + field: z.string(), + include_unmapped: z.boolean(), + }), + ]) + ), + runtimeMappings, + language, + factoryQueryType: z.literal(TimelineEventsQueries.all), +}); + +export type TimelineEventsAllOptionsInput = z.input; + +export type TimelineEventsAllOptions = z.infer; + +export type SortItem = z.infer; diff --git a/x-pack/plugins/timelines/common/api/search_strategy/timeline/events_details.ts b/x-pack/plugins/timelines/common/api/search_strategy/timeline/events_details.ts new file mode 100644 index 0000000000000..42444cf2d30e4 --- /dev/null +++ b/x-pack/plugins/timelines/common/api/search_strategy/timeline/events_details.ts @@ -0,0 +1,23 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { runtimeMappings } from '../model/runtime_mappings'; +import { TimelineEventsQueries } from '../model/timeline_events_queries'; +import { requestPaginated } from './request_paginated'; + +export const timelineEventsDetailsSchema = requestPaginated.partial().extend({ + indexName: z.string(), + eventId: z.string(), + authFilter: z.object({}).optional(), + runtimeMappings, + factoryQueryType: z.literal(TimelineEventsQueries.details), +}); + +export type TimelineEventsDetailsRequestOptionsInput = z.input; + +export type TimelineEventsDetailsRequestOptions = z.infer; diff --git a/x-pack/plugins/timelines/common/api/search_strategy/timeline/events_last_event_time.ts b/x-pack/plugins/timelines/common/api/search_strategy/timeline/events_last_event_time.ts new file mode 100644 index 0000000000000..6599c8e3fd91f --- /dev/null +++ b/x-pack/plugins/timelines/common/api/search_strategy/timeline/events_last_event_time.ts @@ -0,0 +1,50 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { TimelineEventsQueries } from '../model/timeline_events_queries'; +import { timelineRequestBasicOptionsSchema } from './request_basic'; + +export enum LastEventIndexKey { + hostDetails = 'hostDetails', + hosts = 'hosts', + users = 'users', + userDetails = 'userDetails', + ipDetails = 'ipDetails', + network = 'network', +} + +export const timelineEventsLastEventTimeRequestSchema = timelineRequestBasicOptionsSchema + .omit({ + runtimeMappings: true, + filterQuery: true, + timerange: true, + }) + .extend({ + indexKey: z.enum([ + LastEventIndexKey.hostDetails, + LastEventIndexKey.hosts, + LastEventIndexKey.users, + LastEventIndexKey.userDetails, + LastEventIndexKey.ipDetails, + LastEventIndexKey.network, + ]), + details: z.object({ + hostName: z.string().nullable().optional(), + userName: z.string().nullable().optional(), + ip: z.string().nullable().optional(), + }), + factoryQueryType: z.literal(TimelineEventsQueries.lastEventTime), + }); + +export type TimelineEventsLastEventTimeRequestOptionsInput = z.input< + typeof timelineEventsLastEventTimeRequestSchema +>; + +export type TimelineEventsLastEventTimeRequestOptions = z.infer< + typeof timelineEventsLastEventTimeRequestSchema +>; diff --git a/x-pack/plugins/timelines/common/api/search_strategy/timeline/kpi.ts b/x-pack/plugins/timelines/common/api/search_strategy/timeline/kpi.ts new file mode 100644 index 0000000000000..a0776ae6c8feb --- /dev/null +++ b/x-pack/plugins/timelines/common/api/search_strategy/timeline/kpi.ts @@ -0,0 +1,18 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { TimelineEventsQueries } from '../model/timeline_events_queries'; +import { timelineRequestBasicOptionsSchema } from './request_basic'; + +export const timelineKpiRequestOptionsSchema = timelineRequestBasicOptionsSchema.extend({ + factoryQueryType: z.literal(TimelineEventsQueries.kpi), +}); + +export type TimelineKpiRequestOptionsInput = z.input; + +export type TimelineKpiRequestOptions = z.infer; diff --git a/x-pack/plugins/timelines/common/api/search_strategy/timeline/request_basic.ts b/x-pack/plugins/timelines/common/api/search_strategy/timeline/request_basic.ts new file mode 100644 index 0000000000000..5e8ea1caaa0fb --- /dev/null +++ b/x-pack/plugins/timelines/common/api/search_strategy/timeline/request_basic.ts @@ -0,0 +1,24 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { z } from 'zod'; +import { filterQuery } from '../model/filter_query'; +import { runtimeMappings } from '../model/runtime_mappings'; +import { timerange } from '../model/timerange'; + +export const timelineRequestBasicOptionsSchema = z.object({ + indexType: z.string().optional(), + timerange: timerange.optional(), + filterQuery, + defaultIndex: z.array(z.string()).optional(), + entityType: z.enum(['events', 'sessions']).optional(), + runtimeMappings, + params: z.any().optional(), + filterStatus: z + .union([z.literal('open'), z.literal('closed'), z.literal('acknowledged')]) + .optional(), +}); diff --git a/x-pack/plugins/timelines/common/api/search_strategy/timeline/request_paginated.ts b/x-pack/plugins/timelines/common/api/search_strategy/timeline/request_paginated.ts new file mode 100644 index 0000000000000..e9565d3233f99 --- /dev/null +++ b/x-pack/plugins/timelines/common/api/search_strategy/timeline/request_paginated.ts @@ -0,0 +1,13 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { pagination } from '../model/pagination'; +import { timelineRequestBasicOptionsSchema } from './request_basic'; + +export const requestPaginated = timelineRequestBasicOptionsSchema.extend({ + pagination, +}); diff --git a/x-pack/plugins/timelines/common/api/search_strategy/timeline/timeline.ts b/x-pack/plugins/timelines/common/api/search_strategy/timeline/timeline.ts new file mode 100644 index 0000000000000..dcb42e8f8fadd --- /dev/null +++ b/x-pack/plugins/timelines/common/api/search_strategy/timeline/timeline.ts @@ -0,0 +1,16 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export * from './events_all'; + +export * from './eql'; + +export * from './events_details'; + +export * from './events_last_event_time'; + +export * from './kpi'; diff --git a/x-pack/plugins/timelines/common/index.ts b/x-pack/plugins/timelines/common/index.ts index 4d2c772651b64..0b8169996473d 100644 --- a/x-pack/plugins/timelines/common/index.ts +++ b/x-pack/plugins/timelines/common/index.ts @@ -5,6 +5,16 @@ * 2.0. */ +export { + LastEventIndexKey, + type TimelineEventsAllOptionsInput, + type TimelineEventsDetailsRequestOptionsInput, + type TimelineEventsLastEventTimeRequestOptionsInput, + type TimelineKpiRequestOptionsInput, + type TimelineEqlRequestOptionsInput, + TimelineEventsQueries, +} from './api/search_strategy'; + // Careful of exporting anything from this file as any file(s) you export here will cause your page bundle size to increase. // If you're using functions/types/etc... internally or within integration tests it's best to import directly from their paths // than expose the functions/types/etc... here. You should _only_ expose functions/types/etc... that need to be shared with other plugins here. @@ -48,24 +58,13 @@ export type { TimelineEdges, TimelineItem, TimelineEventsAllStrategyResponse, - TimelineEventsAllRequestOptions, TimelineEventsDetailsItem, TimelineEventsDetailsStrategyResponse, - TimelineEventsDetailsRequestOptions, TimelineEventsLastEventTimeStrategyResponse, - TimelineEventsLastEventTimeRequestOptions, - TimelineEqlRequestOptions, TimelineEqlResponse, - TimelineKpiStrategyRequest, TimelineKpiStrategyResponse, TotalValue, PaginationInputPaginated, } from './search_strategy'; -export { - Direction, - EntityType, - LastEventIndexKey, - EMPTY_BROWSER_FIELDS, - EMPTY_INDEX_FIELDS, -} from './search_strategy'; +export { Direction, EntityType, EMPTY_BROWSER_FIELDS, EMPTY_INDEX_FIELDS } from './search_strategy'; diff --git a/x-pack/plugins/timelines/common/search_strategy/timeline/events/all/index.ts b/x-pack/plugins/timelines/common/search_strategy/timeline/events/all/index.ts index ce2094334889f..ade162b367faf 100644 --- a/x-pack/plugins/timelines/common/search_strategy/timeline/events/all/index.ts +++ b/x-pack/plugins/timelines/common/search_strategy/timeline/events/all/index.ts @@ -5,13 +5,9 @@ * 2.0. */ -import { JsonObject } from '@kbn/utility-types'; - import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { EcsSecurityExtension as Ecs } from '@kbn/securitysolution-ecs'; import type { CursorType, Inspect, Maybe, PaginationInputPaginated } from '../../../common'; -import type { TimelineRequestOptionsPaginated } from '../..'; -import type { RunTimeMappings } from '../eql'; export interface TimelineEdges { node: TimelineItem; @@ -37,14 +33,3 @@ export interface TimelineEventsAllStrategyResponse extends IEsSearchResponse { pageInfo: Pick; inspect?: Maybe; } - -type AlertWorkflowStatus = 'open' | 'closed' | 'acknowledged'; -export interface TimelineEventsAllRequestOptions extends TimelineRequestOptionsPaginated { - authFilter?: JsonObject; - excludeEcsData?: boolean; - fieldRequested: string[]; - fields: string[] | Array<{ field: string; include_unmapped: boolean }>; - language: 'eql' | 'kuery' | 'lucene'; - runtimeMappings: RunTimeMappings; - filterStatus?: AlertWorkflowStatus; -} diff --git a/x-pack/plugins/timelines/common/search_strategy/timeline/events/details/index.ts b/x-pack/plugins/timelines/common/search_strategy/timeline/events/details/index.ts index 036a7ddb8462f..ae95943139b9b 100644 --- a/x-pack/plugins/timelines/common/search_strategy/timeline/events/details/index.ts +++ b/x-pack/plugins/timelines/common/search_strategy/timeline/events/details/index.ts @@ -5,12 +5,9 @@ * 2.0. */ -import { JsonObject } from '@kbn/utility-types'; - import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import { EcsSecurityExtension as Ecs } from '@kbn/securitysolution-ecs'; import { Inspect, Maybe } from '../../../common'; -import { TimelineRequestOptionsPaginated } from '../..'; export interface TimelineEventsDetailsItem { ariaRowindex?: Maybe; @@ -28,10 +25,3 @@ export interface TimelineEventsDetailsStrategyResponse extends IEsSearchResponse inspect?: Maybe; rawEventData?: Maybe; } - -export interface TimelineEventsDetailsRequestOptions - extends Partial { - indexName: string; - eventId: string; - authFilter?: JsonObject; -} diff --git a/x-pack/plugins/timelines/common/search_strategy/timeline/events/eql/index.ts b/x-pack/plugins/timelines/common/search_strategy/timeline/events/eql/index.ts index 4c9419ccf802a..66758bbcb94d7 100644 --- a/x-pack/plugins/timelines/common/search_strategy/timeline/events/eql/index.ts +++ b/x-pack/plugins/timelines/common/search_strategy/timeline/events/eql/index.ts @@ -6,30 +6,14 @@ */ import { EuiComboBoxOptionOption } from '@elastic/eui'; -import type { - EqlSearchStrategyRequest, - EqlSearchStrategyResponse, - EqlRequestParams, -} from '@kbn/data-plugin/common'; +import type { EqlSearchStrategyResponse } from '@kbn/data-plugin/common'; import type { RuntimeFieldSpec, RuntimePrimitiveTypes } from '@kbn/data-views-plugin/common'; import { EqlSearchResponse, Inspect, Maybe, PaginationInputPaginated } from '../../..'; -import { TimelineEdges, TimelineEventsAllRequestOptions } from '../..'; - -type EqlBody = Pick; +import { TimelineEdges } from '../..'; export type RunTimeMappings = | Record & { type: RuntimePrimitiveTypes }> | undefined; -export interface TimelineEqlRequestOptions - extends EqlSearchStrategyRequest, - Omit { - eventCategoryField?: string; - tiebreakerField?: string; - timestampField?: string; - size?: number; - runtime_mappings?: RunTimeMappings; - body?: Omit & EqlBody & { runtime_mappings?: RunTimeMappings }; -} export interface TimelineEqlResponse extends EqlSearchStrategyResponse> { edges: TimelineEdges[]; diff --git a/x-pack/plugins/timelines/common/search_strategy/timeline/events/index.ts b/x-pack/plugins/timelines/common/search_strategy/timeline/events/index.ts index ef0a5d1af265e..96b74e4e42435 100644 --- a/x-pack/plugins/timelines/common/search_strategy/timeline/events/index.ts +++ b/x-pack/plugins/timelines/common/search_strategy/timeline/events/index.ts @@ -10,13 +10,6 @@ export * from './details'; export * from './last_event_time'; export * from './eql'; -export enum TimelineEventsQueries { - all = 'eventsAll', - details = 'eventsDetails', - kpi = 'eventsKpi', - lastEventTime = 'eventsLastEventTime', -} - export const EntityType = { EVENTS: 'events', SESSIONS: 'sessions', diff --git a/x-pack/plugins/timelines/common/search_strategy/timeline/events/last_event_time/index.ts b/x-pack/plugins/timelines/common/search_strategy/timeline/events/last_event_time/index.ts index a78ba38f4b55e..13e91cd0bca05 100644 --- a/x-pack/plugins/timelines/common/search_strategy/timeline/events/last_event_time/index.ts +++ b/x-pack/plugins/timelines/common/search_strategy/timeline/events/last_event_time/index.ts @@ -7,16 +7,6 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import { Inspect, Maybe } from '../../../common'; -import { TimelineRequestBasicOptions } from '../..'; - -export enum LastEventIndexKey { - hostDetails = 'hostDetails', - hosts = 'hosts', - users = 'users', - userDetails = 'userDetails', - ipDetails = 'ipDetails', - network = 'network', -} export interface LastTimeDetails { hostName?: Maybe; @@ -28,8 +18,6 @@ export interface TimelineEventsLastEventTimeStrategyResponse extends IEsSearchRe lastSeen: Maybe; inspect?: Maybe; } -export type TimelineKpiStrategyRequest = Omit; - export interface TimelineKpiStrategyResponse extends IEsSearchResponse { destinationIpCount: number; inspect?: Maybe; @@ -38,9 +26,3 @@ export interface TimelineKpiStrategyResponse extends IEsSearchResponse { sourceIpCount: number; userCount: number; } - -export interface TimelineEventsLastEventTimeRequestOptions - extends Omit { - indexKey: LastEventIndexKey; - details: LastTimeDetails; -} diff --git a/x-pack/plugins/timelines/common/search_strategy/timeline/index.ts b/x-pack/plugins/timelines/common/search_strategy/timeline/index.ts index 93a61626946b2..aaa9696bb827d 100644 --- a/x-pack/plugins/timelines/common/search_strategy/timeline/index.ts +++ b/x-pack/plugins/timelines/common/search_strategy/timeline/index.ts @@ -5,46 +5,30 @@ * 2.0. */ -import type { IEsSearchRequest } from '@kbn/data-plugin/common'; -import { ESQuery } from '../../typed_json'; import { - TimelineEventsQueries, - TimelineEventsAllRequestOptions, TimelineEventsAllStrategyResponse, - TimelineEventsDetailsRequestOptions, TimelineEventsDetailsStrategyResponse, - TimelineEventsLastEventTimeRequestOptions, TimelineEventsLastEventTimeStrategyResponse, TimelineKpiStrategyResponse, - EntityType, } from './events'; -import { PaginationInputPaginated, TimerangeInput, SortField } from '../common'; -import type { RunTimeMappings } from './events/eql'; +import { SortField } from '../common'; +import { + TimelineEventsAllOptionsInput, + TimelineEventsDetailsRequestOptionsInput, + TimelineEventsLastEventTimeRequestOptionsInput, + TimelineEventsQueries, + TimelineKpiRequestOptionsInput, +} from '../../api/search_strategy'; export * from './events'; export type TimelineFactoryQueryTypes = TimelineEventsQueries; -export interface TimelineRequestBasicOptions extends IEsSearchRequest { - timerange?: TimerangeInput; - filterQuery: ESQuery | string | undefined; - defaultIndex: string[]; - factoryQueryType?: TimelineFactoryQueryTypes; - entityType?: EntityType; - runtimeMappings: RunTimeMappings; -} - export interface TimelineRequestSortField extends SortField { esTypes: string[]; type: string; } -export interface TimelineRequestOptionsPaginated - extends TimelineRequestBasicOptions { - pagination: Pick; - sort: Array>; -} - export type TimelineStrategyResponseType = T extends TimelineEventsQueries.all ? TimelineEventsAllStrategyResponse @@ -58,11 +42,11 @@ export type TimelineStrategyResponseType = export type TimelineStrategyRequestType = T extends TimelineEventsQueries.all - ? TimelineEventsAllRequestOptions + ? TimelineEventsAllOptionsInput : T extends TimelineEventsQueries.details - ? TimelineEventsDetailsRequestOptions + ? TimelineEventsDetailsRequestOptionsInput : T extends TimelineEventsQueries.kpi - ? TimelineRequestBasicOptions + ? TimelineKpiRequestOptionsInput : T extends TimelineEventsQueries.lastEventTime - ? TimelineEventsLastEventTimeRequestOptions + ? TimelineEventsLastEventTimeRequestOptionsInput : never; diff --git a/x-pack/plugins/timelines/server/search_strategy/index_fields/index.ts b/x-pack/plugins/timelines/server/search_strategy/index_fields/index.ts index d9c9ee2374bf1..6af36c4ad6f73 100644 --- a/x-pack/plugins/timelines/server/search_strategy/index_fields/index.ts +++ b/x-pack/plugins/timelines/server/search_strategy/index_fields/index.ts @@ -26,6 +26,7 @@ import { IndexFieldsStrategyResponse, } from '../../../common/search_strategy'; import { StartPlugins } from '../../types'; +import { parseOptions } from './parse_options'; const apmIndexPattern = 'apm-*-transaction*'; const apmDataStreamsPattern = 'traces-apm*'; @@ -100,9 +101,11 @@ export const requestIndexFieldSearch = async ( indexPatterns: DataViewsServerPluginStart, useInternalUser?: boolean ): Promise => { + const options = parseOptions(request); + const indexPatternsFetcherAsCurrentUser = new IndexPatternsFetcher(esClient.asCurrentUser); const indexPatternsFetcherAsInternalUser = new IndexPatternsFetcher(esClient.asInternalUser); - if ('dataViewId' in request && 'indices' in request) { + if ('dataViewId' in options && 'indices' in options) { throw new Error('Provide index field search with either `dataViewId` or `indices`, not both'); } @@ -120,10 +123,10 @@ export const requestIndexFieldSearch = async ( let runtimeMappings = {}; // if dataViewId is provided, get fields and indices from the Kibana Data View - if ('dataViewId' in request) { + if ('dataViewId' in options) { let dataView; try { - dataView = await dataViewService.get(request.dataViewId); + dataView = await dataViewService.get(options.dataViewId); } catch (r) { if ( r.output.payload.statusCode === 404 && @@ -148,14 +151,14 @@ export const requestIndexFieldSearch = async ( [] ); - if (!request.onlyCheckIfIndicesExist) { + if (!options.onlyCheckIfIndicesExist) { const dataViewSpec = dataView.toSpec(); const fieldDescriptor = [Object.values(dataViewSpec.fields ?? {})]; runtimeMappings = dataViewSpec.runtimeFieldMap ?? {}; indexFields = await formatIndexFields(beatFields, fieldDescriptor, patternList); } - } else if ('indices' in request) { - const patternList = dedupeIndexName(request.indices); + } else if ('indices' in options) { + const patternList = dedupeIndexName(options.indices); indicesExist = (await findExistingIndices(patternList, esUser)).reduce( (acc: string[], doesIndexExist, i) => { if (doesIndexExist) { @@ -165,11 +168,11 @@ export const requestIndexFieldSearch = async ( }, [] ); - if (!request.onlyCheckIfIndicesExist) { + if (!options.onlyCheckIfIndicesExist) { const fieldDescriptor = ( await Promise.all( indicesExist.map(async (index, n) => { - const fieldCapsOptions = request.includeUnmapped + const fieldCapsOptions = options.includeUnmapped ? { includeUnmapped: true, allow_no_indices: true } : undefined; if (index.startsWith('.alerts-observability') || useInternalUser) { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/last_first_seen/parse_options.ts b/x-pack/plugins/timelines/server/search_strategy/index_fields/parse_options.ts similarity index 51% rename from x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/last_first_seen/parse_options.ts rename to x-pack/plugins/timelines/server/search_strategy/index_fields/parse_options.ts index 604932496230c..ea47e6de98d2b 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/last_first_seen/parse_options.ts +++ b/x-pack/plugins/timelines/server/search_strategy/index_fields/parse_options.ts @@ -5,6 +5,6 @@ * 2.0. */ -import { firstLastSeenRequestOptionsSchema } from '../../../../../common/api/search_strategy/first_seen_last_seen/first_seen_last_seen'; +import { indexFieldsRequestSchema } from '../../../common/api/search_strategy'; -export const parseOptions = (options: unknown) => firstLastSeenRequestOptionsSchema.parse(options); +export const parseOptions = (options: unknown) => indexFieldsRequestSchema.parse(options); diff --git a/x-pack/plugins/timelines/server/search_strategy/timeline/eql/helpers.test.ts b/x-pack/plugins/timelines/server/search_strategy/timeline/eql/helpers.test.ts index c73d36a15d40c..c0e145aa501f6 100644 --- a/x-pack/plugins/timelines/server/search_strategy/timeline/eql/helpers.test.ts +++ b/x-pack/plugins/timelines/server/search_strategy/timeline/eql/helpers.test.ts @@ -5,7 +5,8 @@ * 2.0. */ -import { Direction, TimelineEqlRequestOptions } from '../../../../common/search_strategy'; +import { TimelineEqlRequestOptions } from '../../../../common/api/search_strategy'; +import { Direction } from '../../../../common/search_strategy'; import { buildEqlDsl, parseEqlResponse } from './helpers'; import { eventsResponse, sequenceResponse } from './__mocks__'; const defaultArgs = { diff --git a/x-pack/plugins/timelines/server/search_strategy/timeline/eql/helpers.ts b/x-pack/plugins/timelines/server/search_strategy/timeline/eql/helpers.ts index e9a2ef7e49cda..e84bf7bd9bda9 100644 --- a/x-pack/plugins/timelines/server/search_strategy/timeline/eql/helpers.ts +++ b/x-pack/plugins/timelines/server/search_strategy/timeline/eql/helpers.ts @@ -7,6 +7,7 @@ import { isEmpty } from 'lodash/fp'; import type { EqlSearchStrategyResponse } from '@kbn/data-plugin/common'; +import { TimelineEqlRequestOptions } from '../../../../common/api/search_strategy/timeline/eql'; import { DEFAULT_MAX_TABLE_QUERY_SIZE } from '../../../../common/constants'; import { EqlSearchResponse, @@ -14,10 +15,7 @@ import { EventHit, TimelineEdges, } from '../../../../common/search_strategy'; -import { - TimelineEqlRequestOptions, - TimelineEqlResponse, -} from '../../../../common/search_strategy/timeline/events/eql'; +import { TimelineEqlResponse } from '../../../../common/search_strategy/timeline/events/eql'; import { inspectStringifyObject } from '../../../utils/build_query'; import { TIMELINE_EVENTS_FIELDS } from '../factory/helpers/constants'; import { formatTimelineData } from '../factory/helpers/format_timeline_data'; @@ -107,7 +105,12 @@ export const parseEqlResponse = async ( options: TimelineEqlRequestOptions, response: EqlSearchStrategyResponse> ): Promise => { - const { activePage, querySize } = options.pagination; + const { + pagination: { activePage, querySize } = { + activePage: 0, + querySize: DEFAULT_MAX_TABLE_QUERY_SIZE, + }, + } = options; let edges: TimelineEdges[] = []; if (response.rawResponse.body.hits.sequences !== undefined) { diff --git a/x-pack/plugins/timelines/server/search_strategy/timeline/eql/index.ts b/x-pack/plugins/timelines/server/search_strategy/timeline/eql/index.ts index 0b59a213e848d..2f52dd9e224f2 100644 --- a/x-pack/plugins/timelines/server/search_strategy/timeline/eql/index.ts +++ b/x-pack/plugins/timelines/server/search_strategy/timeline/eql/index.ts @@ -8,12 +8,11 @@ import { map, mergeMap } from 'rxjs/operators'; import { ISearchStrategy, PluginStart, shimHitsTotal } from '@kbn/data-plugin/server'; import { EqlSearchStrategyResponse, EQL_SEARCH_STRATEGY } from '@kbn/data-plugin/common'; +import { TimelineEqlRequestOptions } from '../../../../common/api/search_strategy'; import { EqlSearchResponse } from '../../../../common/search_strategy'; -import { - TimelineEqlRequestOptions, - TimelineEqlResponse, -} from '../../../../common/search_strategy/timeline/events/eql'; +import { TimelineEqlResponse } from '../../../../common/search_strategy/timeline/events/eql'; import { buildEqlDsl, parseEqlResponse } from './helpers'; +import { parseOptions } from './parse_options'; export const timelineEqlSearchStrategyProvider = ( data: PluginStart @@ -21,7 +20,9 @@ export const timelineEqlSearchStrategyProvider = ( const esEql = data.search.getSearchStrategy(EQL_SEARCH_STRATEGY); return { search: (request, options, deps) => { - const dsl = buildEqlDsl(request); + const parsedOptions = parseOptions(request); + const dsl = buildEqlDsl(parsedOptions); + return esEql.search({ ...request, params: dsl }, options, deps).pipe( map((response) => { return { @@ -33,7 +34,7 @@ export const timelineEqlSearchStrategyProvider = ( }), mergeMap(async (esSearchRes) => parseEqlResponse( - request, + parsedOptions, esSearchRes as unknown as EqlSearchStrategyResponse> ) ) diff --git a/x-pack/plugins/timelines/server/search_strategy/timeline/eql/parse_options.ts b/x-pack/plugins/timelines/server/search_strategy/timeline/eql/parse_options.ts new file mode 100644 index 0000000000000..e0c85d604ad8b --- /dev/null +++ b/x-pack/plugins/timelines/server/search_strategy/timeline/eql/parse_options.ts @@ -0,0 +1,10 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { timelineEqlRequestOptionsSchema } from '../../../../common/api/search_strategy/timeline/eql'; + +export const parseOptions = (options: unknown) => timelineEqlRequestOptionsSchema.parse(options); diff --git a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/all/index.ts b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/all/index.ts index 42740a622d06b..7dea40b3a6c1f 100644 --- a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/all/index.ts +++ b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/all/index.ts @@ -8,12 +8,11 @@ import { cloneDeep, getOr } from 'lodash/fp'; import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import { buildAlertFieldsRequest as buildFieldsRequest } from '@kbn/alerts-as-data-utils'; +import { TimelineEventsQueries } from '../../../../../../common/api/search_strategy'; import { DEFAULT_MAX_TABLE_QUERY_SIZE } from '../../../../../../common/constants'; import { EventHit, - TimelineEventsQueries, TimelineEventsAllStrategyResponse, - TimelineEventsAllRequestOptions, TimelineEdges, } from '../../../../../../common/search_strategy'; import { TimelineFactory } from '../../types'; @@ -23,7 +22,7 @@ import { formatTimelineData } from '../../helpers/format_timeline_data'; import { TIMELINE_EVENTS_FIELDS } from '../../helpers/constants'; export const timelineEventsAll: TimelineFactory = { - buildDsl: ({ authFilter, ...options }: TimelineEventsAllRequestOptions) => { + buildDsl: ({ authFilter, ...options }) => { if (options.pagination && options.pagination.querySize >= DEFAULT_MAX_TABLE_QUERY_SIZE) { throw new Error(`No query size above ${DEFAULT_MAX_TABLE_QUERY_SIZE}`); } @@ -32,14 +31,19 @@ export const timelineEventsAll: TimelineFactory = { return buildTimelineEventsAllQuery({ ...queryOptions, authFilter }); }, parse: async ( - options: TimelineEventsAllRequestOptions, + options, response: IEsSearchResponse ): Promise => { // eslint-disable-next-line prefer-const let { fieldRequested, ...queryOptions } = cloneDeep(options); queryOptions.fields = buildFieldsRequest(fieldRequested, queryOptions.excludeEcsData); - const { activePage, querySize } = options.pagination; + const { + pagination: { activePage, querySize } = { + activePage: undefined, + querySize: DEFAULT_MAX_TABLE_QUERY_SIZE, + }, + } = options; const producerBuckets = getOr([], 'aggregations.producers.buckets', response.rawResponse); const totalCount = response.rawResponse.hits.total || 0; const hits = response.rawResponse.hits.hits; diff --git a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/all/query.events_all.dsl.test.ts b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/all/query.events_all.dsl.test.ts index 77e0d8b377eb1..9a3a4a0261002 100644 --- a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/all/query.events_all.dsl.test.ts +++ b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/all/query.events_all.dsl.test.ts @@ -5,6 +5,7 @@ * 2.0. */ +import { TimelineEventsQueries } from '../../../../../../common/api/search_strategy'; import { Direction } from '../../../../../../common/search_strategy'; import { buildTimelineEventsAllQuery } from './query.events_all.dsl'; @@ -12,10 +13,11 @@ describe('buildTimelineEventsAllQuery', () => { it('should return ip details query if index key is ipDetails', () => { const defaultIndex = ['.siem-signals-default']; const query = buildTimelineEventsAllQuery({ + factoryQueryType: TimelineEventsQueries.all, fields: [], defaultIndex, filterQuery: '', - language: 'eql', + language: 'kuery', pagination: { activePage: 0, querySize: 100, diff --git a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/all/query.events_all.dsl.ts b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/all/query.events_all.dsl.ts index 5ae88bcf6f460..2695ed06132bb 100644 --- a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/all/query.events_all.dsl.ts +++ b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/all/query.events_all.dsl.ts @@ -7,13 +7,12 @@ import { ALERT_RULE_PRODUCER } from '@kbn/rule-data-utils'; import { isEmpty } from 'lodash/fp'; - import { - TimerangeFilter, - TimerangeInput, - TimelineEventsAllRequestOptions, - TimelineRequestSortField, -} from '../../../../../../common/search_strategy'; + SortItem, + TimelineEventsAllOptions, +} from '../../../../../../common/api/search_strategy/timeline/events_all'; + +import { TimerangeFilter, TimerangeInput } from '../../../../../../common/search_strategy'; import { createQueryFilterClauses } from '../../../../../utils/build_query'; import { getPreferredEsType } from './helpers'; @@ -22,11 +21,12 @@ export const buildTimelineEventsAllQuery = ({ defaultIndex, fields, filterQuery, - pagination: { activePage, querySize }, + pagination = { activePage: 0, querySize: 0 }, runtimeMappings, sort, timerange, -}: Omit) => { +}: Omit) => { + const { activePage, querySize } = pagination; const filterClause = [...createQueryFilterClauses(filterQuery)]; const getTimerangeFilter = (timerangeOption: TimerangeInput | undefined): TimerangeFilter[] => { if (timerangeOption) { @@ -51,7 +51,7 @@ export const buildTimelineEventsAllQuery = ({ const filters = [...filterClause, ...getTimerangeFilter(timerange), { match_all: {} }]; const filter = authFilter != null ? [...filters, authFilter] : filters; - const getSortField = (sortFields: TimelineRequestSortField[]) => + const getSortField = (sortFields: SortItem[]) => sortFields.map((item) => { const field: string = item.field === 'timestamp' ? '@timestamp' : item.field; return { diff --git a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/details/index.ts b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/details/index.ts index 72645b4f5eeae..da88bbb213e6b 100644 --- a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/details/index.ts +++ b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/details/index.ts @@ -8,11 +8,10 @@ import { merge } from 'lodash/fp'; import type { IEsSearchResponse } from '@kbn/data-plugin/common'; +import { TimelineEventsQueries } from '../../../../../../common/api/search_strategy'; import { EventHit, - TimelineEventsQueries, TimelineEventsDetailsStrategyResponse, - TimelineEventsDetailsRequestOptions, TimelineEventsDetailsItem, } from '../../../../../../common/search_strategy'; import { inspectStringifyObject } from '../../../../../utils/build_query'; @@ -25,7 +24,8 @@ import { import { buildEcsObjects } from '../../helpers/build_ecs_objects'; export const timelineEventsDetails: TimelineFactory = { - buildDsl: ({ authFilter, ...options }: TimelineEventsDetailsRequestOptions) => { + buildDsl: (parsedRequest) => { + const { authFilter, ...options } = parsedRequest; const { indexName, eventId, runtimeMappings = {} } = options; return buildTimelineDetailsQuery({ indexName, @@ -35,7 +35,7 @@ export const timelineEventsDetails: TimelineFactory ): Promise => { const { indexName, eventId, runtimeMappings = {} } = options; diff --git a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/details/query.events_details.dsl.ts b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/details/query.events_details.dsl.ts index 33ec6d02d6a1a..3074cf006ef82 100644 --- a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/details/query.events_details.dsl.ts +++ b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/details/query.events_details.dsl.ts @@ -6,7 +6,7 @@ */ import { JsonObject } from '@kbn/utility-types'; -import { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; +import { RunTimeMappings } from '../../../../../../common/api/search_strategy/model/runtime_mappings'; export const buildTimelineDetailsQuery = ({ authFilter, @@ -17,7 +17,7 @@ export const buildTimelineDetailsQuery = ({ authFilter?: JsonObject; id: string; indexName: string; - runtimeMappings: MappingRuntimeFields; + runtimeMappings: RunTimeMappings; }) => { const basicFilter = { terms: { diff --git a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/index.ts b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/index.ts index e140fa1038704..cb2935f04c354 100644 --- a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/index.ts +++ b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/index.ts @@ -5,10 +5,7 @@ * 2.0. */ -import { - TimelineFactoryQueryTypes, - TimelineEventsQueries, -} from '../../../../../common/search_strategy/timeline'; +import { TimelineEventsQueries } from '../../../../../common/api/search_strategy'; import { TimelineFactory } from '../types'; import { timelineEventsAll } from './all'; @@ -16,10 +13,9 @@ import { timelineEventsDetails } from './details'; import { timelineKpi } from './kpi'; import { timelineEventsLastEventTime } from './last_event_time'; -export const timelineEventsFactory: Record< - TimelineEventsQueries, - TimelineFactory -> = { +export const timelineEventsFactory: { + [K in TimelineEventsQueries]: TimelineFactory; +} = { [TimelineEventsQueries.all]: timelineEventsAll, [TimelineEventsQueries.details]: timelineEventsDetails, [TimelineEventsQueries.kpi]: timelineKpi, diff --git a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/kpi/index.ts b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/kpi/index.ts index 0973a96c2672f..e12782a85fb83 100644 --- a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/kpi/index.ts +++ b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/kpi/index.ts @@ -8,19 +8,18 @@ import { getOr } from 'lodash/fp'; import type { IEsSearchResponse } from '@kbn/data-plugin/common'; -import { - TimelineEventsQueries, - TimelineRequestBasicOptions, - TimelineKpiStrategyResponse, -} from '../../../../../../common/search_strategy/timeline'; +import { TimelineEventsQueries } from '../../../../../../common/api/search_strategy'; +import { TimelineKpiStrategyResponse } from '../../../../../../common/search_strategy/timeline'; import { inspectStringifyObject } from '../../../../../utils/build_query'; import { TimelineFactory } from '../../types'; import { buildTimelineKpiQuery } from './query.kpi.dsl'; export const timelineKpi: TimelineFactory = { - buildDsl: (options: TimelineRequestBasicOptions) => buildTimelineKpiQuery(options), + buildDsl: (options) => { + return buildTimelineKpiQuery(options); + }, parse: async ( - options: TimelineRequestBasicOptions, + options, response: IEsSearchResponse ): Promise => { const inspect = { diff --git a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/kpi/query.kpi.dsl.ts b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/kpi/query.kpi.dsl.ts index dd87ef177bfe6..fd98122a12eea 100644 --- a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/kpi/query.kpi.dsl.ts +++ b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/kpi/query.kpi.dsl.ts @@ -6,19 +6,16 @@ */ import { isEmpty } from 'lodash/fp'; +import { TimelineKpiRequestOptions } from '../../../../../../common/api/search_strategy/timeline/kpi'; -import { - TimerangeFilter, - TimerangeInput, - TimelineRequestBasicOptions, -} from '../../../../../../common/search_strategy'; +import { TimerangeFilter, TimerangeInput } from '../../../../../../common/search_strategy'; import { createQueryFilterClauses } from '../../../../../utils/filters'; export const buildTimelineKpiQuery = ({ defaultIndex, filterQuery, timerange, -}: TimelineRequestBasicOptions) => { +}: TimelineKpiRequestOptions) => { const filterClause = [...createQueryFilterClauses(filterQuery)]; const getTimerangeFilter = (timerangeOption: TimerangeInput | undefined): TimerangeFilter[] => { diff --git a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/last_event_time/index.ts b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/last_event_time/index.ts index a6425737d6de0..8bd21765f551e 100644 --- a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/last_event_time/index.ts +++ b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/last_event_time/index.ts @@ -8,20 +8,16 @@ import { getOr } from 'lodash/fp'; import type { IEsSearchResponse } from '@kbn/data-plugin/common'; -import { - TimelineEventsQueries, - TimelineEventsLastEventTimeStrategyResponse, - TimelineEventsLastEventTimeRequestOptions, -} from '../../../../../../common/search_strategy/timeline'; +import { TimelineEventsQueries } from '../../../../../../common/api/search_strategy'; +import { TimelineEventsLastEventTimeStrategyResponse } from '../../../../../../common/search_strategy/timeline'; import { inspectStringifyObject } from '../../../../../utils/build_query'; import { TimelineFactory } from '../../types'; import { buildLastEventTimeQuery } from './query.events_last_event_time.dsl'; export const timelineEventsLastEventTime: TimelineFactory = { - buildDsl: (options: TimelineEventsLastEventTimeRequestOptions) => - buildLastEventTimeQuery(options), + buildDsl: (options) => buildLastEventTimeQuery(options), parse: async ( - options: TimelineEventsLastEventTimeRequestOptions, + options, response: IEsSearchResponse ): Promise => { const inspect = { diff --git a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/last_event_time/query.events_last_event_time.dsl.test.ts b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/last_event_time/query.events_last_event_time.dsl.test.ts index 5a17afbdd96d5..0a73089aaf321 100644 --- a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/last_event_time/query.events_last_event_time.dsl.test.ts +++ b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/last_event_time/query.events_last_event_time.dsl.test.ts @@ -5,7 +5,8 @@ * 2.0. */ -import { LastEventIndexKey } from '../../../../../../common/search_strategy'; +import { TimelineEventsQueries } from '../../../../../../common/api/search_strategy'; +import { LastEventIndexKey } from '../../../../../../common/api/search_strategy/timeline/events_last_event_time'; import { buildLastEventTimeQuery } from './query.events_last_event_time.dsl'; describe('buildLastEventTimeQuery', () => { @@ -15,6 +16,7 @@ describe('buildLastEventTimeQuery', () => { indexKey: LastEventIndexKey.ipDetails, details: { ip: '12345567' }, defaultIndex, + factoryQueryType: TimelineEventsQueries.lastEventTime, }); expect(query).toMatchInlineSnapshot(` Object { diff --git a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/last_event_time/query.events_last_event_time.dsl.ts b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/last_event_time/query.events_last_event_time.dsl.ts index 24bd1aa6b9971..6d921918f53da 100644 --- a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/last_event_time/query.events_last_event_time.dsl.ts +++ b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/last_event_time/query.events_last_event_time.dsl.ts @@ -7,9 +7,9 @@ import type { ISearchRequestParams } from '@kbn/data-plugin/common'; import { - TimelineEventsLastEventTimeRequestOptions, LastEventIndexKey, -} from '../../../../../../common/search_strategy'; + TimelineEventsLastEventTimeRequestOptions, +} from '../../../../../../common/api/search_strategy/timeline/timeline'; import { assertUnreachable } from '../../../../../../common/utility_types'; @@ -23,8 +23,8 @@ export const buildLastEventTimeQuery = ({ defaultIndex, }: TimelineEventsLastEventTimeRequestOptions) => { const indicesToQuery: EventIndices = { - hosts: defaultIndex, - network: defaultIndex, + hosts: defaultIndex || [], + network: defaultIndex || [], }; const getUserDetailsFilter = (userName: string) => [{ term: { 'user.name': userName } }]; const getHostDetailsFilter = (hostName: string) => [{ term: { 'host.name': hostName } }]; diff --git a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/index.ts b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/index.ts index 2ac9c343c843a..4ab3ce6e176ce 100644 --- a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/index.ts +++ b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/index.ts @@ -5,13 +5,8 @@ * 2.0. */ -import { TimelineFactoryQueryTypes } from '../../../../common/search_strategy/timeline'; -import { TimelineFactory } from './types'; import { timelineEventsFactory } from './events'; -export const timelineFactory: Record< - TimelineFactoryQueryTypes, - TimelineFactory -> = { +export const timelineFactory = { ...timelineEventsFactory, -}; +} as const; diff --git a/x-pack/plugins/timelines/server/search_strategy/timeline/index.ts b/x-pack/plugins/timelines/server/search_strategy/timeline/index.ts index f1a197733baf0..2281109863976 100644 --- a/x-pack/plugins/timelines/server/search_strategy/timeline/index.ts +++ b/x-pack/plugins/timelines/server/search_strategy/timeline/index.ts @@ -15,43 +15,49 @@ import { import { ENHANCED_ES_SEARCH_STRATEGY, ISearchOptions } from '@kbn/data-plugin/common'; import { SecurityPluginSetup } from '@kbn/security-plugin/server'; import { Logger } from '@kbn/logging'; +import { z } from 'zod'; +import { searchStrategyRequestSchema } from '../../../common/api/search_strategy'; import { TimelineFactoryQueryTypes, - TimelineStrategyResponseType, - TimelineStrategyRequestType, EntityType, + TimelineStrategyRequestType, } from '../../../common/search_strategy/timeline'; import { timelineFactory } from './factory'; import { TimelineFactory } from './factory/types'; import { isAggCardinalityAggregate } from './factory/helpers/is_agg_cardinality_aggregate'; -export const timelineSearchStrategyProvider = ( +export const timelineSearchStrategyProvider = ( data: PluginStart, logger: Logger, security?: SecurityPluginSetup -): ISearchStrategy, TimelineStrategyResponseType> => { + // eslint-disable-next-line @typescript-eslint/no-explicit-any +): ISearchStrategy, any> => { const es = data.search.getSearchStrategy(ENHANCED_ES_SEARCH_STRATEGY); return { search: (request, options, deps) => { - const factoryQueryType = request.factoryQueryType; const entityType = request.entityType; - if (factoryQueryType == null) { - throw new Error('factoryQueryType is required'); - } + const searchStrategyRequest = searchStrategyRequestSchema.parse(request); - const queryFactory: TimelineFactory = timelineFactory[factoryQueryType]; + const queryFactory = timelineFactory[searchStrategyRequest.factoryQueryType]; if (entityType != null && entityType === EntityType.SESSIONS) { return timelineSessionsSearchStrategy({ es, - request, + request: searchStrategyRequest, options, deps, queryFactory, }); } else { - return timelineSearchStrategy({ es, request, options, deps, queryFactory, logger }); + return timelineSearchStrategy({ + es, + request: searchStrategyRequest, + options, + deps, + queryFactory, + logger, + }); } }, cancel: async (id, options, deps) => { @@ -107,7 +113,7 @@ const timelineSessionsSearchStrategy = ({ ...request, defaultIndex: indices, indexName: indices, - }; + } as TimelineStrategyRequestType; const collapse = { field: 'process.entry_leader.entity_id',