Skip to content

Commit

Permalink
Merge remote-tracking branch 'upstream/main' into rule-customized-ind…
Browse files Browse the repository at this point in the history
…ication-rule-details-page
  • Loading branch information
nikitaindik committed Jun 26, 2024
2 parents b9c5d86 + 34f76ad commit 5a7600a
Show file tree
Hide file tree
Showing 11 changed files with 207 additions and 883 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -10,52 +10,13 @@
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Risk Scoring API
* title: RiskScoresCalculation types
* version: 1
*/

import { z } from 'zod';

import {
AfterKeys,
DataViewId,
Filter,
PageSize,
IdentifierType,
DateRange,
RiskScoreWeights,
EntityRiskScoreRecord,
} from '../common/common.gen';

export type RiskScoresCalculationRequest = z.infer<typeof RiskScoresCalculationRequest>;
export const RiskScoresCalculationRequest = z.object({
/**
* Used to calculate a specific "page" of risk scores. If unspecified, the first "page" of scores is returned. See also the `after_keys` key in a risk scores response.
*/
after_keys: AfterKeys.optional(),
/**
* The identifier of the Kibana data view to be used when generating risk scores. If a data view is not found, the provided ID will be used as the query's index pattern instead.
*/
data_view_id: DataViewId,
/**
* If set to `true`, the internal ES requests/responses will be logged in Kibana.
*/
debug: z.boolean().optional(),
/**
* An elasticsearch DSL filter object. Used to filter the data being scored, which implicitly filters the risk scores calculated.
*/
filter: Filter.optional(),
page_size: PageSize.optional(),
/**
* Used to restrict the type of risk scores calculated.
*/
identifier_type: IdentifierType,
/**
* Defines the time period over which scores will be evaluated. If unspecified, a range of `[now, now-30d]` will be used.
*/
range: DateRange,
weights: RiskScoreWeights.optional(),
});
import { AfterKeys, EntityRiskScoreRecord } from '../common/common.gen';

export type RiskScoresCalculationResponse = z.infer<typeof RiskScoresCalculationResponse>;
export const RiskScoresCalculationResponse = z.object({
Expand Down
Original file line number Diff line number Diff line change
@@ -1,75 +1,12 @@
openapi: 3.0.0

info:
title: RiskScoresCalculation types
version: '1'
title: Risk Scoring API
description: These APIs allow the consumer to manage Entity Risk Scores within Entity Analytics.

servers:
- url: 'http://{kibana_host}:{port}'
variables:
kibana_host:
default: localhost
port:
default: '5601'

paths:
/api/risk_scores/calculation:
post:
x-labels: [ess, serverless]
x-internal: true
summary: Trigger calculation of Risk Scores
description: Calculates and persists a segment of Risk Scores, returning details about the calculation.
requestBody:
description: Details about the Risk Scores being calculated
content:
application/json:
schema:
$ref: '#/components/schemas/RiskScoresCalculationRequest'
required: true
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/RiskScoresCalculationResponse'
'400':
description: Invalid request
paths: {}

components:
schemas:
RiskScoresCalculationRequest:
type: object
required:
- data_view_id
- identifier_type
- range
properties:
after_keys:
description: Used to calculate a specific "page" of risk scores. If unspecified, the first "page" of scores is returned. See also the `after_keys` key in a risk scores response.
$ref: '../common/common.schema.yaml#/components/schemas/AfterKeys'
data_view_id:
$ref: '../common/common.schema.yaml#/components/schemas/DataViewId'
description: The identifier of the Kibana data view to be used when generating risk scores. If a data view is not found, the provided ID will be used as the query's index pattern instead.
debug:
description: If set to `true`, the internal ES requests/responses will be logged in Kibana.
type: boolean
filter:
$ref: '../common/common.schema.yaml#/components/schemas/Filter'
description: An elasticsearch DSL filter object. Used to filter the data being scored, which implicitly filters the risk scores calculated.
page_size:
$ref: '../common/common.schema.yaml#/components/schemas/PageSize'
identifier_type:
description: Used to restrict the type of risk scores calculated.
allOf:
- $ref: '../common/common.schema.yaml#/components/schemas/IdentifierType'
range:
$ref: '../common/common.schema.yaml#/components/schemas/DateRange'
description: Defines the time period over which scores will be evaluated. If unspecified, a range of `[now, now-30d]` will be used.
weights:
$ref: '../common/common.schema.yaml#/components/schemas/RiskScoreWeights'

RiskScoresCalculationResponse:
type: object
required:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,33 @@ servers:
default: '5601'

paths:
# TODO delete on a future serverless release
/api/risk_scores/calculation/entity:
post:
x-labels: [ess, serverless]
x-internal: true
summary: Deprecated Trigger calculation of Risk Scores for an entity. Moved to /internal/risk_score/calculation/entity
description: Calculates and persists Risk Scores for an entity, returning the calculated risk score.
requestBody:
description: The entity type and identifier
content:
application/json:
schema:
$ref: '#/components/schemas/RiskScoresEntityCalculationRequest'
required: true
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/RiskScoresEntityCalculationResponse'
'400':
description: Invalid request

/internal/risk_score/calculation/entity:
post:
x-labels: [ess, serverless]
summary: Trigger calculation of Risk Scores for an entity
description: Calculates and persists Risk Scores for an entity, returning the calculated risk score.
requestBody:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,14 +5,6 @@
* 2.0.
*/

/**
* Public Risk Score routes
*/
export const RISK_ENGINE_PUBLIC_PREFIX = '/api/risk_scores' as const;
export const RISK_SCORE_CALCULATION_URL = `${RISK_ENGINE_PUBLIC_PREFIX}/calculation` as const;
export const RISK_SCORE_ENTITY_CALCULATION_URL =
`${RISK_ENGINE_PUBLIC_PREFIX}/calculation/entity` as const;

/**
* Internal Risk Score routes
*/
Expand All @@ -36,3 +28,5 @@ export const RISK_SCORE_CREATE_STORED_SCRIPT =
export const RISK_SCORE_DELETE_STORED_SCRIPT =
`${INTERNAL_RISK_SCORE_URL}/stored_scripts/delete` as const;
export const RISK_SCORE_PREVIEW_URL = `${INTERNAL_RISK_SCORE_URL}/preview` as const;
export const RISK_SCORE_ENTITY_CALCULATION_URL =
`${INTERNAL_RISK_SCORE_URL}/calculation/entity` as const;
19 changes: 11 additions & 8 deletions x-pack/plugins/security_solution/common/experimental_features.ts
Original file line number Diff line number Diff line change
Expand Up @@ -233,6 +233,17 @@ export const allowedExperimentalValues = Object.freeze({
*/
perFieldPrebuiltRulesDiffingEnabled: true,

/**
* Enables an ability to customize Elastic prebuilt rules.
*
* Ticket: https://github.com/elastic/kibana/issues/174168
* Owners: https://github.com/orgs/elastic/teams/security-detection-rule-management
* Added: on Jun 24, 2024 in https://github.com/elastic/kibana/pull/186823
* Turned: TBD
* Expires: TBD
*/
prebuiltRulesCustomizationEnabled: false,

/**
* Makes Elastic Defend integration's Malware On-Write Scan option available to edit.
*/
Expand Down Expand Up @@ -267,14 +278,6 @@ export const allowedExperimentalValues = Object.freeze({
* Adds a new option to filter descendants of a process for Management / Event Filters
*/
filterProcessDescendantsForEventFiltersEnabled: false,

/**
* Enables an ability to customize Elastic prebuilt rules.
*
* Ticket: https://github.com/elastic/security-team/issues/1974
* Owners: https://github.com/orgs/elastic/teams/security-detection-rule-management
*/
prebuiltRulesCustomizationEnabled: false,
});

type ExperimentalConfigKeys = Array<keyof ExperimentalFeatures>;
Expand Down

This file was deleted.

Loading

0 comments on commit 5a7600a

Please sign in to comment.