-
Notifications
You must be signed in to change notification settings - Fork 8.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[8.x] [Security Solution] workflow insights service CRUD methods (#20…
…1724) (#202284) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] workflow insights service CRUD methods (#201724)](#201724) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Joey F. Poon","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-29T12:03:10Z","message":"[Security Solution] workflow insights service CRUD methods (#201724)\n\n## Summary\n\nAdd implementation of create, update, and fetch methods for the\n`SecurityWorkflowInsightsService`.\n\n\n### Checklist\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n\nCo-authored-by: Konrad Szwarc <[email protected]>","sha":"2ba067ef58a6df72eeacceea1d4736a67b21a72e","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Defend Workflows","backport:prev-minor","v8.18.0"],"title":"[Security Solution] workflow insights service CRUD methods","number":201724,"url":"https://github.com/elastic/kibana/pull/201724","mergeCommit":{"message":"[Security Solution] workflow insights service CRUD methods (#201724)\n\n## Summary\n\nAdd implementation of create, update, and fetch methods for the\n`SecurityWorkflowInsightsService`.\n\n\n### Checklist\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n\nCo-authored-by: Konrad Szwarc <[email protected]>","sha":"2ba067ef58a6df72eeacceea1d4736a67b21a72e"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/201724","number":201724,"mergeCommit":{"message":"[Security Solution] workflow insights service CRUD methods (#201724)\n\n## Summary\n\nAdd implementation of create, update, and fetch methods for the\n`SecurityWorkflowInsightsService`.\n\n\n### Checklist\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n\nCo-authored-by: Konrad Szwarc <[email protected]>","sha":"2ba067ef58a6df72eeacceea1d4736a67b21a72e"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Joey F. Poon <[email protected]>
- Loading branch information
1 parent
ac60e9b
commit 6289b6c
Showing
6 changed files
with
419 additions
and
29 deletions.
There are no files selected for viewing
78 changes: 78 additions & 0 deletions
78
x-pack/plugins/security_solution/common/endpoint/types/workflow_insights.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import type { Moment } from 'moment'; | ||
|
||
import type { DefendInsightType } from '@kbn/elastic-assistant-common'; | ||
import type { ExceptionListItemSchema } from '@kbn/securitysolution-io-ts-list-types'; | ||
|
||
export enum Category { | ||
Endpoint = 'endpoint', | ||
} | ||
|
||
export enum SourceType { | ||
LlmConnector = 'llm-connector', | ||
} | ||
|
||
export enum TargetType { | ||
Endpoint = 'endpoint', | ||
} | ||
|
||
export enum ActionType { | ||
Refreshed = 'refreshed', // new or refreshed | ||
Remediated = 'remediated', | ||
Suppressed = 'suppressed', // temporarily supressed, can be refreshed | ||
Dismissed = 'dismissed', // "permanently" dismissed, cannot be normally refreshed | ||
} | ||
|
||
export type ExceptionListRemediationType = Pick< | ||
ExceptionListItemSchema, | ||
'list_id' | 'name' | 'description' | 'entries' | 'tags' | 'os_types' | ||
>; | ||
|
||
export interface SecurityWorkflowInsight { | ||
id?: string; | ||
'@timestamp': Moment; | ||
message: string; | ||
category: Category; | ||
type: DefendInsightType; | ||
source: { | ||
type: SourceType; | ||
id: string; | ||
data_range_start: Moment; | ||
data_range_end: Moment; | ||
}; | ||
target: { | ||
type: TargetType; | ||
ids: string[]; | ||
}; | ||
action: { | ||
type: ActionType; | ||
timestamp: Moment; | ||
}; | ||
value: string; | ||
remediation: { | ||
exception_list_items?: ExceptionListRemediationType[]; | ||
}; | ||
metadata: { | ||
notes?: Record<string, string>; | ||
message_variables?: string[]; | ||
}; | ||
} | ||
|
||
export interface SearchParams { | ||
size?: number; | ||
from?: number; | ||
ids?: string[]; | ||
categories?: Category[]; | ||
types?: DefendInsightType[]; | ||
sourceTypes?: SourceType[]; | ||
sourceIds?: string[]; | ||
targetTypes?: TargetType[]; | ||
targetIds?: string[]; | ||
actionTypes: ActionType[]; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.