Skip to content

Commit

Permalink
[SecuritySolution] Asset Criticality ECS compatibility (#194109)
Browse files Browse the repository at this point in the history 
## Summary
* New asset criticality ECS fields in mappings
* Schemas update
* Data client update
* Add check and throw an error if data migration is required
* Create a mappings and data migration
  * When kibana starts
    * Check if a mappings update is required
      * Update mappings
    * Check if data migration is required
      * Schedule a kibana task that runs the migration


New asset criticality fields: asset, host, user
Ts type definition:
https://github.com/elastic/kibana/pull/194109/files#diff-61d0a28910f5cc972f65e47ff8ba189a0b34bae0d7a0c492b88676d8059bc87dR88-R122


Blocked by: elastic/elasticsearch#113588

### Checklist


[x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

---------

Co-authored-by: kibanamachine <[email protected]>
  • Loading branch information
@machadoum @kibanamachine
machadoum and kibanamachine authored Oct 2, 2024
1 parent eebfba4 commit 40eb9b2
Show file tree
Hide file tree
Showing 26 changed files with 1,149 additions and 48 deletions.
45 changes: 45 additions & 0 deletions oas_docs/output/kibana.serverless.staging.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29713,6 +29713,8 @@ components:
allOf:
- $ref: >-
#/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord
- $ref: >-
#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts
- type: object
properties:
'@timestamp':
Expand All @@ -29722,6 +29724,49 @@ components:
type: string
required:
- '@timestamp'
Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts:
type: object
properties:
asset:
type: object
properties:
criticality:
$ref: >-
#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel
required:
- asset
host:
type: object
properties:
asset:
type: object
properties:
criticality:
$ref: >-
#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel
required:
- criticality
name:
type: string
required:
- name
user:
type: object
properties:
asset:
type: object
properties:
criticality:
$ref: >-
#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel
required:
- criticality
name:
type: string
required:
- name
required:
- asset
Security_Entity_Analytics_API_AssetCriticalityRecordIdParts:
type: object
properties:
Expand Down
45 changes: 45 additions & 0 deletions oas_docs/output/kibana.staging.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37722,6 +37722,8 @@ components:
allOf:
- $ref: >-
#/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord
- $ref: >-
#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts
- type: object
properties:
'@timestamp':
Expand All @@ -37731,6 +37733,49 @@ components:
type: string
required:
- '@timestamp'
Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts:
type: object
properties:
asset:
type: object
properties:
criticality:
$ref: >-
#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel
required:
- asset
host:
type: object
properties:
asset:
type: object
properties:
criticality:
$ref: >-
#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel
required:
- criticality
name:
type: string
required:
- name
user:
type: object
properties:
asset:
type: object
properties:
criticality:
$ref: >-
#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel
required:
- criticality
name:
type: string
required:
- name
required:
- asset
Security_Entity_Analytics_API_AssetCriticalityRecordIdParts:
type: object
properties:
Expand Down
29 changes: 29 additions & 0 deletions x-pack/plugins/security_solution/common/api/entity_analytics/asset_criticality/common.gen.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,8 +53,37 @@ export const CreateAssetCriticalityRecord = AssetCriticalityRecordIdParts.merge(
})
);

export type AssetCriticalityRecordEcsParts = z.infer<typeof AssetCriticalityRecordEcsParts>;
export const AssetCriticalityRecordEcsParts = z.object({
asset: z.object({
criticality: AssetCriticalityLevel.optional(),
}),
host: z
.object({
name: z.string(),
asset: z
.object({
criticality: AssetCriticalityLevel,
})
.optional(),
})
.optional(),
user: z
.object({
name: z.string(),
asset: z
.object({
criticality: AssetCriticalityLevel,
})
.optional(),
})
.optional(),
});

export type AssetCriticalityRecord = z.infer<typeof AssetCriticalityRecord>;
export const AssetCriticalityRecord = CreateAssetCriticalityRecord.merge(
AssetCriticalityRecordEcsParts
).merge(
z.object({
/**
* The time the record was created or updated.
Expand Down
41 changes: 41 additions & 0 deletions ...lugins/security_solution/common/api/entity_analytics/asset_criticality/common.schema.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@ components:
AssetCriticalityRecord:
allOf:
- $ref: '#/components/schemas/CreateAssetCriticalityRecord'
- $ref: '#/components/schemas/AssetCriticalityRecordEcsParts'
- type: object
properties:
'@timestamp':
Expand All @@ -70,3 +71,43 @@ components:
description: The time the record was created or updated.
required:
- '@timestamp'
AssetCriticalityRecordEcsParts:
type: object
properties:
'asset':
type: object
properties:
'criticality':
$ref: '#/components/schemas/AssetCriticalityLevel'
required:
- 'asset'
'host':
type: object
properties:
'name':
type: string
'asset':
type: object
properties:
'criticality':
$ref: '#/components/schemas/AssetCriticalityLevel'
required:
- 'criticality'
required:
- 'name'
'user':
type: object
properties:
'name':
type: string
'asset':
type: object
properties:
'criticality':
$ref: '#/components/schemas/AssetCriticalityLevel'
required:
- 'criticality'
required:
- 'name'
required:
- 'asset'
41 changes: 41 additions & 0 deletions ...on/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -592,6 +592,7 @@ components:
AssetCriticalityRecord:
allOf:
- $ref: '#/components/schemas/CreateAssetCriticalityRecord'
- $ref: '#/components/schemas/AssetCriticalityRecordEcsParts'
- type: object
properties:
'@timestamp':
Expand All @@ -601,6 +602,46 @@ components:
type: string
required:
- '@timestamp'
AssetCriticalityRecordEcsParts:
type: object
properties:
asset:
type: object
properties:
criticality:
$ref: '#/components/schemas/AssetCriticalityLevel'
required:
- asset
host:
type: object
properties:
asset:
type: object
properties:
criticality:
$ref: '#/components/schemas/AssetCriticalityLevel'
required:
- criticality
name:
type: string
required:
- name
user:
type: object
properties:
asset:
type: object
properties:
criticality:
$ref: '#/components/schemas/AssetCriticalityLevel'
required:
- criticality
name:
type: string
required:
- name
required:
- asset
AssetCriticalityRecordIdParts:
type: object
properties:
Expand Down
41 changes: 41 additions & 0 deletions .../openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -592,6 +592,7 @@ components:
AssetCriticalityRecord:
allOf:
- $ref: '#/components/schemas/CreateAssetCriticalityRecord'
- $ref: '#/components/schemas/AssetCriticalityRecordEcsParts'
- type: object
properties:
'@timestamp':
Expand All @@ -601,6 +602,46 @@ components:
type: string
required:
- '@timestamp'
AssetCriticalityRecordEcsParts:
type: object
properties:
asset:
type: object
properties:
criticality:
$ref: '#/components/schemas/AssetCriticalityLevel'
required:
- asset
host:
type: object
properties:
asset:
type: object
properties:
criticality:
$ref: '#/components/schemas/AssetCriticalityLevel'
required:
- criticality
name:
type: string
required:
- name
user:
type: object
properties:
asset:
type: object
properties:
criticality:
$ref: '#/components/schemas/AssetCriticalityLevel'
required:
- criticality
name:
type: string
required:
- name
required:
- asset
AssetCriticalityRecordIdParts:
type: object
properties:
Expand Down
Loading

0 comments on commit 40eb9b2

Please sign in to comment.