Skip to content

Commit

Permalink
Merge branch 'master' into deps_1
Browse files Browse the repository at this point in the history
  • Loading branch information
kibanamachine authored Dec 22, 2020
2 parents db908ad + a79e8a3 commit 5a9651f
Show file tree
Hide file tree
Showing 247 changed files with 3,683 additions and 2,567 deletions.
189 changes: 188 additions & 1 deletion docs/user/security/audit-logging.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -47,9 +47,11 @@ For information on how to configure `xpack.security.audit.appender`, refer to

Refer to the table of events that can be logged for auditing purposes.

Each event is broken down into `category`, `type`, `action` and `outcome` fields
Each event is broken down into <<field-event-category, category>>, <<field-event-type, type>>, <<field-event-action, action>> and <<field-event-outcome, outcome>> fields
to make it easy to filter, query and aggregate the resulting logs.

Refer to <<xpack-security-ecs-audit-schema>> for a table of fields that get logged with audit event.

[NOTE]
============================================================================
To ensure that a record of every operation is persisted even in case of an
Expand Down Expand Up @@ -230,3 +232,188 @@ Refer to the corresponding {es} logs for potential write errors.
| `http_request`
| `unknown` | User is making an HTTP request.
|======


[[xpack-security-ecs-audit-schema]]
==== ECS audit schema

Audit logs are written in JSON using https://www.elastic.co/guide/en/ecs/1.6/index.html[Elastic Common Schema (ECS)] specification.

[cols="2*<"]
|======

2+a| ===== Base Fields

| *Field*
| *Description*

| `@timestamp`
| Time when the event was generated.

Example: `2016-05-23T08:05:34.853Z`

| `message`
| Human readable description of the event.

2+a| ===== Event Fields

| *Field*
| *Description*

| [[field-event-action]] `event.action`
| The action captured by the event.

Refer to <<xpack-security-ecs-audit-logging>> for a table of possible actions.

| [[field-event-category]] `event.category`
| High level category associated with the event.

This field is closely related to `event.type`, which is used as a subcategory.

Possible values:
`database`,
`web`,
`authentication`

| [[field-event-type]] `event.type`
| Subcategory associated with the event.

This field can be used along with the `event.category` field to enable filtering events down to a level appropriate for single visualization.

Possible values:
`creation`,
`access`,
`change`,
`deletion`

| [[field-event-outcome]] `event.outcome`
| Denotes whether the event represents a success or failure.

Possible values:
`success`,
`failure`,
`unknown`

2+a| ===== User Fields

| *Field*
| *Description*

| `user.name`
| Login name of the user.

Example: `jdoe`

| `user.roles[]`
| Set of user roles at the time of the event.

Example: `[kibana_admin, reporting_user]`

2+a| ===== Kibana Fields

| *Field*
| *Description*

| `kibana.space_id`
| ID of the space associated with the event.

Example: `default`

| `kibana.session_id`
| ID of the user session associated with the event.

Each login attempt results in a unique session id.

| `kibana.saved_object.type`
| Type of saved object associated with the event.

Example: `dashboard`

| `kibana.saved_object.id`
| ID of the saved object associated with the event.

| `kibana.authentication_provider`
| Name of the authentication provider associated with the event.

Example: `my-saml-provider`

| `kibana.authentication_type`
| Type of the authentication provider associated with the event.

Example: `saml`

| `kibana.authentication_realm`
| Name of the Elasticsearch realm that has authenticated the user.

Example: `native`

| `kibana.lookup_realm`
| Name of the Elasticsearch realm where the user details were retrieved from.

Example: `native`

| `kibana.add_to_spaces[]`
| Set of space IDs that a saved object is being shared to as part of the event.

Example: `[default, marketing]`

| `kibana.delete_from_spaces[]`
| Set of space IDs that a saved object is being removed from as part of the event.

Example: `[marketing]`

2+a| ===== Error Fields

| *Field*
| *Description*

| `error.code`
| Error code describing the error.

| `error.message`
| Error message.

2+a| ===== HTTP and URL Fields

| *Field*
| *Description*

| `http.request.method`
| HTTP request method.

Example: `get`, `post`, `put`, `delete`

| `url.domain`
| Domain of the url.

Example: `www.elastic.co`

| `url.path`
| Path of the request.

Example: `/search`

| `url.port`
| Port of the request.

Example: `443`

| `url.query`
| The query field describes the query string of the request.

Example: `q=elasticsearch`

| `url.scheme`
| Scheme of the request.

Example: `https`

2+a| ===== Tracing Fields

| *Field*
| *Description*

| `trace.id`
| Unique identifier allowing events of the same transaction from {kib} and {es} to be be correlated.

|======
4 changes: 2 additions & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@
"@babel/core": "^7.11.6",
"@babel/runtime": "^7.11.2",
"@elastic/datemath": "link:packages/elastic-datemath",
"@elastic/elasticsearch": "7.10.0",
"@elastic/elasticsearch": "npm:@elastic/elasticsearch-canary@^8.0.0-canary",
"@elastic/ems-client": "7.11.0",
"@elastic/eui": "30.6.0",
"@elastic/filesaver": "1.1.2",
Expand Down Expand Up @@ -824,7 +824,7 @@
"url-loader": "^2.2.0",
"use-resize-observer": "^6.0.0",
"val-loader": "^1.1.1",
"vega": "^5.17.0",
"vega": "^5.17.1",
"vega-lite": "^4.17.0",
"vega-schema-url-parser": "^2.1.0",
"vega-tooltip": "^0.24.2",
Expand Down
1 change: 1 addition & 0 deletions src/core/public/doc_links/doc_links_service.ts
Original file line number Diff line number Diff line change
Expand Up @@ -147,6 +147,7 @@ export class DocLinksService {
featureImportance: `${ELASTIC_WEBSITE_URL}guide/en/machine-learning/${DOC_LINK_VERSION}/ml-feature-importance.html`,
outlierDetectionRoc: `${ELASTIC_WEBSITE_URL}guide/en/machine-learning/${DOC_LINK_VERSION}/ml-dfanalytics-evaluate.html#ml-dfanalytics-roc`,
regressionEvaluation: `${ELASTIC_WEBSITE_URL}guide/en/machine-learning/${DOC_LINK_VERSION}/ml-dfanalytics-evaluate.html#ml-dfanalytics-regression-evaluation`,
classificationAucRoc: `${ELASTIC_WEBSITE_URL}guide/en/machine-learning/${DOC_LINK_VERSION}/ml-dfanalytics-evaluate.html#ml-dfanalytics-class-aucroc`,
},
transforms: {
guide: `${ELASTIC_WEBSITE_URL}guide/en/elasticsearch/reference/${DOC_LINK_VERSION}/transforms.html`,
Expand Down
1 change: 0 additions & 1 deletion src/dev/run_find_plugins_with_circular_deps.ts
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,6 @@ type CircularDepList = Set<string>;

const allowedList: CircularDepList = new Set([
'src/plugins/charts -> src/plugins/discover',
'src/plugins/charts -> src/plugins/vis_default_editor',
'src/plugins/vis_default_editor -> src/plugins/visualizations',
'src/plugins/visualizations -> src/plugins/visualize',
'x-pack/plugins/actions -> x-pack/plugins/case',
Expand Down
3 changes: 1 addition & 2 deletions src/plugins/charts/kibana.json
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,5 @@
"version": "kibana",
"server": true,
"ui": true,
"requiredPlugins": ["expressions"],
"requiredBundles": ["visDefaultEditor"]
"requiredPlugins": ["expressions"]
}
9 changes: 0 additions & 9 deletions src/plugins/charts/public/static/components/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -17,17 +17,8 @@
* under the License.
*/

export { BasicOptions } from './basic_options';
export { ColorMode, LabelRotation, defaultCountLabel } from './collections';
export { ColorRanges, SetColorRangeValue } from './color_ranges';
export { ColorSchemaOptions, SetColorSchemaOptionsValue } from './color_schema';
export { ColorSchemaParams, Labels, Style } from './types';
export { NumberInputOption } from './number_input';
export { RangeOption } from './range';
export { RequiredNumberInputOption } from './required_number_input';
export { SelectOption } from './select';
export { SwitchOption } from './switch';
export { TextInputOption } from './text_input';
export { LegendToggle } from './legend_toggle';
export { ColorPicker } from './color_picker';
export { CurrentTime } from './current_time';
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ export const stubIndexPattern: IIndexPattern = {
fields: stubFields,
title: 'logstash-*',
timeFieldName: '@timestamp',
getTimeField: () => ({ name: '@timestamp', type: 'date' }),
};

export const stubIndexPatternWithFields: IIndexPattern = {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ export const getDateHistogramBucketAgg = ({
type: 'field',
filterFieldTypes: KBN_FIELD_TYPES.DATE,
default(agg: IBucketDateHistogramAggConfig) {
return agg.getIndexPattern().timeFieldName;
return agg.getIndexPattern().getTimeField?.()?.name;
},
onChange(agg: IBucketDateHistogramAggConfig) {
if (isAutoInterval(get(agg, 'params.interval')) && !agg.fieldIsTimeField()) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,8 @@ describe('esaggs expression function - public', () => {
});
});

test('calls agg.postFlightRequest if it exiests', async () => {
test('calls agg.postFlightRequest if it exiests and agg is enabled', async () => {
mockParams.aggs.aggs[0].enabled = true;
await handleRequest(mockParams);
expect(mockParams.aggs.aggs[0].type.postFlightRequest).toHaveBeenCalledTimes(1);

Expand All @@ -160,6 +161,12 @@ describe('esaggs expression function - public', () => {
expect(async () => await handleRequest(mockParams)).not.toThrowError();
});

test('should skip agg.postFlightRequest call if the agg is disabled', async () => {
mockParams.aggs.aggs[0].enabled = false;
await handleRequest(mockParams);
expect(mockParams.aggs.aggs[0].type.postFlightRequest).toHaveBeenCalledTimes(0);
});

test('tabifies response data', async () => {
await handleRequest(mockParams);
expect(tabifyAggResponse).toHaveBeenCalledWith(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,7 @@ export const handleRequest = async ({
// response data incorrectly in the inspector.
let response = (searchSource as any).rawResponse;
for (const agg of aggs.aggs) {
if (typeof agg.type.postFlightRequest === 'function') {
if (agg.enabled && typeof agg.type.postFlightRequest === 'function') {
response = await agg.type.postFlightRequest(
response,
aggs,
Expand Down
Loading

0 comments on commit 5a9651f

Please sign in to comment.