Skip to content

Commit

Permalink
[8.x] [Security Solution] workflow insights service CRUD methods (#20…
Browse files Browse the repository at this point in the history
…1724) (#202284)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[Security Solution] workflow insights service CRUD methods
(#201724)](#201724)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Joey F.
Poon","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-29T12:03:10Z","message":"[Security
Solution] workflow insights service CRUD methods (#201724)\n\n##
Summary\n\nAdd implementation of create, update, and fetch methods for
the\n`SecurityWorkflowInsightsService`.\n\n\n### Checklist\n\n- [x]
[Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n\nCo-authored-by:
Konrad Szwarc
<[email protected]>","sha":"2ba067ef58a6df72eeacceea1d4736a67b21a72e","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Defend
Workflows","backport:prev-minor","v8.18.0"],"title":"[Security Solution]
workflow insights service CRUD
methods","number":201724,"url":"https://github.com/elastic/kibana/pull/201724","mergeCommit":{"message":"[Security
Solution] workflow insights service CRUD methods (#201724)\n\n##
Summary\n\nAdd implementation of create, update, and fetch methods for
the\n`SecurityWorkflowInsightsService`.\n\n\n### Checklist\n\n- [x]
[Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n\nCo-authored-by:
Konrad Szwarc
<[email protected]>","sha":"2ba067ef58a6df72eeacceea1d4736a67b21a72e"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/201724","number":201724,"mergeCommit":{"message":"[Security
Solution] workflow insights service CRUD methods (#201724)\n\n##
Summary\n\nAdd implementation of create, update, and fetch methods for
the\n`SecurityWorkflowInsightsService`.\n\n\n### Checklist\n\n- [x]
[Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n\nCo-authored-by:
Konrad Szwarc
<[email protected]>","sha":"2ba067ef58a6df72eeacceea1d4736a67b21a72e"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Joey F. Poon <[email protected]>
  • Loading branch information
kibanamachine and joeypoon authored Nov 29, 2024
1 parent ac60e9b commit 6289b6c
Show file tree
Hide file tree
Showing 6 changed files with 419 additions and 29 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import type { Moment } from 'moment';

import type { DefendInsightType } from '@kbn/elastic-assistant-common';
import type { ExceptionListItemSchema } from '@kbn/securitysolution-io-ts-list-types';

export enum Category {
Endpoint = 'endpoint',
}

export enum SourceType {
LlmConnector = 'llm-connector',
}

export enum TargetType {
Endpoint = 'endpoint',
}

export enum ActionType {
Refreshed = 'refreshed', // new or refreshed
Remediated = 'remediated',
Suppressed = 'suppressed', // temporarily supressed, can be refreshed
Dismissed = 'dismissed', // "permanently" dismissed, cannot be normally refreshed
}

export type ExceptionListRemediationType = Pick<
ExceptionListItemSchema,
'list_id' | 'name' | 'description' | 'entries' | 'tags' | 'os_types'
>;

export interface SecurityWorkflowInsight {
id?: string;
'@timestamp': Moment;
message: string;
category: Category;
type: DefendInsightType;
source: {
type: SourceType;
id: string;
data_range_start: Moment;
data_range_end: Moment;
};
target: {
type: TargetType;
ids: string[];
};
action: {
type: ActionType;
timestamp: Moment;
};
value: string;
remediation: {
exception_list_items?: ExceptionListRemediationType[];
};
metadata: {
notes?: Record<string, string>;
message_variables?: string[];
};
}

export interface SearchParams {
size?: number;
from?: number;
ids?: string[];
categories?: Category[];
types?: DefendInsightType[];
sourceTypes?: SourceType[];
sourceIds?: string[];
targetTypes?: TargetType[];
targetIds?: string[];
actionTypes: ActionType[];
}
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
* 2.0.
*/

export const DATA_STREAM_PREFIX = '.security-workflow-insights';
export const DATA_STREAM_PREFIX = '.edr-workflow-insights';
export const COMPONENT_TEMPLATE_NAME = `${DATA_STREAM_PREFIX}-component-template`;
export const INDEX_TEMPLATE_NAME = `${DATA_STREAM_PREFIX}-index-template`;
export const INGEST_PIPELINE_NAME = `${DATA_STREAM_PREFIX}-ingest-pipeline`;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,15 @@
*/

import type { ElasticsearchClient } from '@kbn/core/server';
import { elasticsearchServiceMock } from '@kbn/core-elasticsearch-server-mocks';

import { DataStreamSpacesAdapter } from '@kbn/data-stream-adapter';
import { DefendInsightType } from '@kbn/elastic-assistant-common';
import { elasticsearchServiceMock } from '@kbn/core-elasticsearch-server-mocks';
import { kibanaPackageJson } from '@kbn/repo-info';

import { createDatastream, createPipeline } from './helpers';
import type { SearchParams } from '../../../../common/endpoint/types/workflow_insights';

import { buildEsQueryParams, createDatastream, createPipeline } from './helpers';
import {
DATA_STREAM_PREFIX,
COMPONENT_TEMPLATE_NAME,
Expand All @@ -19,6 +23,12 @@ import {
TOTAL_FIELDS_LIMIT,
} from './constants';
import { securityWorkflowInsightsFieldMap } from './field_map_configurations';
import {
ActionType,
Category,
SourceType,
TargetType,
} from '../../../../common/endpoint/types/workflow_insights';

jest.mock('@kbn/data-stream-adapter', () => ({
DataStreamSpacesAdapter: jest.fn().mockImplementation(() => ({
Expand Down Expand Up @@ -77,4 +87,64 @@ describe('helpers', () => {
});
});
});

describe('buildEsQueryParams', () => {
it('should build es query correct', () => {
const searchParams: SearchParams = {
size: 50,
from: 50,
ids: ['id1', 'id2'],
categories: [Category.Endpoint],
types: [DefendInsightType.Enum.incompatible_antivirus],
sourceTypes: [SourceType.LlmConnector],
sourceIds: ['source-id1', 'source-id2'],
targetTypes: [TargetType.Endpoint],
targetIds: ['target-id1', 'target-id2'],
actionTypes: [ActionType.Refreshed, ActionType.Remediated],
};
const result = buildEsQueryParams(searchParams);
expect(result).toEqual([
{
terms: {
_id: ['id1', 'id2'],
},
},
{
terms: {
categories: ['endpoint'],
},
},
{
terms: {
types: ['incompatible_antivirus'],
},
},
{
terms: {
'source.type': ['llm-connector'],
},
},
{
terms: {
'source.id': ['source-id1', 'source-id2'],
},
},
{
terms: {
'target.type': ['endpoint'],
},
},
{
terms: {
'target.id': ['target-id1', 'target-id2'],
},
},
{
terms: {
'action.type': ['refreshed', 'remediated'],
},
},
]);
});
});
});
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,15 @@
* 2.0.
*/

import { get as _get } from 'lodash';

import type { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types';
import type { ElasticsearchClient } from '@kbn/core/server';

import { DataStreamSpacesAdapter } from '@kbn/data-stream-adapter';

import type { SearchParams } from '../../../../common/endpoint/types/workflow_insights';

import {
COMPONENT_TEMPLATE_NAME,
DATA_STREAM_PREFIX,
Expand Down Expand Up @@ -60,3 +65,34 @@ export async function createPipeline(esClient: ElasticsearchClient): Promise<boo
});
return response.acknowledged;
}

const validKeys = new Set([
'ids',
'categories',
'types',
'sourceTypes',
'sourceIds',
'targetTypes',
'targetIds',
'actionTypes',
]);
const paramFieldMap = {
ids: '_id',
sourceTypes: 'source.type',
sourceIds: 'source.id',
targetTypes: 'target.type',
targetIds: 'target.id',
actionTypes: 'action.type',
};
export function buildEsQueryParams(searchParams: SearchParams): QueryDslQueryContainer[] {
return Object.entries(searchParams).reduce((acc: object[], [k, v]) => {
if (!validKeys.has(k)) {
return acc;
}

const paramKey = _get(paramFieldMap, k, k);
const next = { terms: { [paramKey]: v } };

return [...acc, next];
}, []);
}
Loading

0 comments on commit 6289b6c

Please sign in to comment.