diff --git a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx index fb083b7a7da2f..5a6759fd07221 100644 --- a/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx +++ b/x-pack/legacy/plugins/siem/public/pages/hosts/navigation/authentications_query_tab_body.tsx @@ -25,15 +25,15 @@ const AuthenticationTableManage = manageQuery(AuthenticationTable); const ID = 'authenticationsOverTimeQuery'; const authStackByOptions: MatrixHistogramOption[] = [ { - text: 'event.type', - value: 'event.type', + text: 'event.outcome', + value: 'event.outcome', }, ]; -const DEFAULT_STACK_BY = 'event.type'; +const DEFAULT_STACK_BY = 'event.outcome'; enum AuthMatrixDataGroup { - authSuccess = 'authentication_success', - authFailure = 'authentication_failure', + authSuccess = 'success', + authFailure = 'failure', } export const authMatrixDataMappingFields: MatrixHistogramMappingTypes = { diff --git a/x-pack/legacy/plugins/siem/server/lib/authentications/query.dsl.ts b/x-pack/legacy/plugins/siem/server/lib/authentications/query.dsl.ts index 333cc79fadabc..b9ed88e91f87d 100644 --- a/x-pack/legacy/plugins/siem/server/lib/authentications/query.dsl.ts +++ b/x-pack/legacy/plugins/siem/server/lib/authentications/query.dsl.ts @@ -70,7 +70,7 @@ export const buildQuery = ({ failures: { filter: { term: { - 'event.type': 'authentication_failure', + 'event.outcome': 'failure', }, }, aggs: { @@ -86,7 +86,7 @@ export const buildQuery = ({ successes: { filter: { term: { - 'event.type': 'authentication_success', + 'event.outcome': 'success', }, }, aggs: { diff --git a/x-pack/legacy/plugins/siem/server/lib/kpi_hosts/mock.ts b/x-pack/legacy/plugins/siem/server/lib/kpi_hosts/mock.ts index b82a540900bd0..ed9fbf0ba0646 100644 --- a/x-pack/legacy/plugins/siem/server/lib/kpi_hosts/mock.ts +++ b/x-pack/legacy/plugins/siem/server/lib/kpi_hosts/mock.ts @@ -356,15 +356,15 @@ export const mockKpiHostDetailsUniqueIpsQuery = [ ]; const mockAuthAggs = { - authentication_success: { filter: { term: { 'event.type': 'authentication_success' } } }, + authentication_success: { filter: { term: { 'event.outcome': 'success' } } }, authentication_success_histogram: { auto_date_histogram: { field: '@timestamp', buckets: '6' }, - aggs: { count: { filter: { term: { 'event.type': 'authentication_success' } } } }, + aggs: { count: { filter: { term: { 'event.outcome': 'success' } } } }, }, - authentication_failure: { filter: { term: { 'event.type': 'authentication_failure' } } }, + authentication_failure: { filter: { term: { 'event.outcome': 'failure' } } }, authentication_failure_histogram: { auto_date_histogram: { field: '@timestamp', buckets: '6' }, - aggs: { count: { filter: { term: { 'event.type': 'authentication_failure' } } } }, + aggs: { count: { filter: { term: { 'event.outcome': 'failure' } } } }, }, }; diff --git a/x-pack/legacy/plugins/siem/server/lib/kpi_hosts/query_authentication.dsl.ts b/x-pack/legacy/plugins/siem/server/lib/kpi_hosts/query_authentication.dsl.ts index 5734aa6ee88cc..0b7803d007194 100644 --- a/x-pack/legacy/plugins/siem/server/lib/kpi_hosts/query_authentication.dsl.ts +++ b/x-pack/legacy/plugins/siem/server/lib/kpi_hosts/query_authentication.dsl.ts @@ -49,7 +49,7 @@ export const buildAuthQuery = ({ authentication_success: { filter: { term: { - 'event.type': 'authentication_success', + 'event.outcome': 'success', }, }, }, @@ -62,7 +62,7 @@ export const buildAuthQuery = ({ count: { filter: { term: { - 'event.type': 'authentication_success', + 'event.outcome': 'success', }, }, }, @@ -71,7 +71,7 @@ export const buildAuthQuery = ({ authentication_failure: { filter: { term: { - 'event.type': 'authentication_failure', + 'event.outcome': 'failure', }, }, }, @@ -84,7 +84,7 @@ export const buildAuthQuery = ({ count: { filter: { term: { - 'event.type': 'authentication_failure', + 'event.outcome': 'failure', }, }, }, diff --git a/x-pack/legacy/plugins/siem/server/lib/matrix_histogram/query.authentications_over_time.dsl.ts b/x-pack/legacy/plugins/siem/server/lib/matrix_histogram/query.authentications_over_time.dsl.ts index ccf0d235abdd3..34a3804f974de 100644 --- a/x-pack/legacy/plugins/siem/server/lib/matrix_histogram/query.authentications_over_time.dsl.ts +++ b/x-pack/legacy/plugins/siem/server/lib/matrix_histogram/query.authentications_over_time.dsl.ts @@ -13,10 +13,21 @@ export const buildAuthenticationsOverTimeQuery = ({ sourceConfiguration: { fields: { timestamp }, }, - stackByField = 'event.type', + stackByField = 'event.outcome', }: MatrixHistogramRequestOptions) => { const filter = [ ...createQueryFilterClauses(filterQuery), + { + bool: { + must: [ + { + term: { + 'event.category': 'authentication', + }, + }, + ], + }, + }, { range: { [timestamp]: { @@ -45,7 +56,7 @@ export const buildAuthenticationsOverTimeQuery = ({ eventActionGroup: { terms: { field: stackByField, - include: ['authentication_success', 'authentication_failure'], + include: ['success', 'failure'], order: { _count: 'desc', }, diff --git a/x-pack/plugins/ml/public/application/app.tsx b/x-pack/plugins/ml/public/application/app.tsx index 6269c11fca896..8c3e0c066f411 100644 --- a/x-pack/plugins/ml/public/application/app.tsx +++ b/x-pack/plugins/ml/public/application/app.tsx @@ -23,45 +23,16 @@ type MlDependencies = MlSetupDependencies & MlStartDependencies; interface AppProps { coreStart: CoreStart; deps: MlDependencies; - appMountParams: AppMountParameters; } const localStorage = new Storage(window.localStorage); -const App: FC = ({ coreStart, deps, appMountParams }) => { - setDependencyCache({ - indexPatterns: deps.data.indexPatterns, - timefilter: deps.data.query.timefilter, - fieldFormats: deps.data.fieldFormats, - autocomplete: deps.data.autocomplete, - config: coreStart.uiSettings!, - chrome: coreStart.chrome!, - docLinks: coreStart.docLinks!, - toastNotifications: coreStart.notifications.toasts, - overlays: coreStart.overlays, - recentlyAccessed: coreStart.chrome!.recentlyAccessed, - basePath: coreStart.http.basePath, - savedObjectsClient: coreStart.savedObjects.client, - application: coreStart.application, - http: coreStart.http, - security: deps.security, - urlGenerators: deps.share.urlGenerators, - }); - - const mlLicense = setLicenseCache(deps.licensing); - - appMountParams.onAppLeave(actions => { - mlLicense.unsubscribe(); - clearCache(); - return actions.default(); - }); - +const App: FC = ({ coreStart, deps }) => { const pageDeps = { indexPatterns: deps.data.indexPatterns, config: coreStart.uiSettings!, setBreadcrumbs: coreStart.chrome!.setBreadcrumbs, }; - const services = { appName: 'ML', data: deps.data, @@ -85,10 +56,34 @@ export const renderApp = ( deps: MlDependencies, appMountParams: AppMountParameters ) => { - ReactDOM.render( - , - appMountParams.element - ); + setDependencyCache({ + indexPatterns: deps.data.indexPatterns, + timefilter: deps.data.query.timefilter, + fieldFormats: deps.data.fieldFormats, + autocomplete: deps.data.autocomplete, + config: coreStart.uiSettings!, + chrome: coreStart.chrome!, + docLinks: coreStart.docLinks!, + toastNotifications: coreStart.notifications.toasts, + overlays: coreStart.overlays, + recentlyAccessed: coreStart.chrome!.recentlyAccessed, + basePath: coreStart.http.basePath, + savedObjectsClient: coreStart.savedObjects.client, + application: coreStart.application, + http: coreStart.http, + security: deps.security, + urlGenerators: deps.share.urlGenerators, + }); - return () => ReactDOM.unmountComponentAtNode(appMountParams.element); + const mlLicense = setLicenseCache(deps.licensing); + + appMountParams.onAppLeave(actions => actions.default()); + + ReactDOM.render(, appMountParams.element); + + return () => { + mlLicense.unsubscribe(); + clearCache(); + ReactDOM.unmountComponentAtNode(appMountParams.element); + }; };