Skip to content

Commit

Permalink
Added meta object for the UI to utilize
Browse files Browse the repository at this point in the history
  • Loading branch information
FrankHassanabad committed Nov 20, 2019
1 parent 43fcd16 commit ca5b198
Show file tree
Hide file tree
Showing 13 changed files with 110 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ export const sampleSignalAlertParams = (
filter: undefined,
filters: undefined,
savedId: undefined,
meta: undefined,
size: 1000,
});

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ export const createSignals = async ({
query,
language,
savedId,
meta,
filters,
ruleId,
immutable,
Expand Down Expand Up @@ -51,6 +52,7 @@ export const createSignals = async ({
language,
outputIndex,
savedId,
meta,
filters,
maxSignals,
riskScore,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ export const signalsAlertType = ({ logger }: { logger: Logger }): SignalAlertTyp
language: schema.nullable(schema.string()),
outputIndex: schema.string(),
savedId: schema.nullable(schema.string()),
meta: schema.nullable(schema.object({}, { allowUnknowns: true })),
query: schema.nullable(schema.string()),
filters: schema.nullable(schema.arrayOf(schema.object({}, { allowUnknowns: true }))),
maxSignals: schema.number({ defaultValue: 10000 }),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ export interface SignalAlertParams {
query: string | undefined | null;
references: string[];
savedId: string | undefined | null;
meta: Record<string, {}> | undefined | null;
severity: string;
size: number | undefined | null;
tags: string[];
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ export const updateSignal = async ({
language,
outputIndex,
savedId,
meta,
filters,
filter,
from,
Expand Down Expand Up @@ -93,6 +94,7 @@ export const updateSignal = async ({
language,
outputIndex,
savedId,
meta,
filters,
index,
maxSignals,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ export const buildRule = ({
rule_id: signalParams.ruleId,
false_positives: signalParams.falsePositives,
saved_id: signalParams.savedId,
meta: signalParams.meta,
max_signals: signalParams.maxSignals,
risk_score: signalParams.riskScore,
output_index: signalParams.outputIndex,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,7 @@ export const getResult = (): SignalAlertType => ({
language: 'kuery',
outputIndex: '.siem-signals',
savedId: null,
meta: null,
filters: null,
riskScore: 50,
maxSignals: 100,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ export const createCreateSignalsRoute: Hapi.ServerRoute = {
output_index: outputIndex,
// eslint-disable-next-line @typescript-eslint/camelcase
saved_id: savedId,
meta,
filters,
// eslint-disable-next-line @typescript-eslint/camelcase
rule_id: ruleId,
Expand Down Expand Up @@ -87,6 +88,7 @@ export const createCreateSignalsRoute: Hapi.ServerRoute = {
language,
outputIndex,
savedId,
meta,
filters,
ruleId: ruleId != null ? ruleId : uuid.v4(),
index,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -910,6 +910,58 @@ describe('schemas', () => {
}).error
).toBeFalsy();
});

test('You can set meta to any object you want', () => {
expect(
createSignalsSchema.validate<Partial<SignalAlertParamsRest>>({
rule_id: 'rule-1',
output_index: '.siem-signals',
risk_score: 50,
description: 'some description',
from: 'now-5m',
to: 'now',
immutable: true,
index: ['index-1'],
name: 'some-name',
severity: 'severity',
interval: '5m',
type: 'query',
references: ['index-1'],
query: 'some query',
language: 'kuery',
max_signals: 1,
meta: {
somethingMadeUp: { somethingElse: true },
},
}).error
).toBeFalsy();
});

test('You cannot create meta as a string', () => {
expect(
createSignalsSchema.validate<
Partial<Omit<SignalAlertParamsRest, 'meta'> & { meta: string }>
>({
rule_id: 'rule-1',
output_index: '.siem-signals',
risk_score: 50,
description: 'some description',
from: 'now-5m',
to: 'now',
immutable: true,
index: ['index-1'],
name: 'some-name',
severity: 'severity',
interval: '5m',
type: 'query',
references: ['index-1'],
query: 'some query',
language: 'kuery',
max_signals: 1,
meta: 'should not work',
}).error
).toBeTruthy();
});
});

describe('update signals schema', () => {
Expand Down Expand Up @@ -1647,6 +1699,26 @@ describe('schemas', () => {
}).error
).toBeFalsy();
});

test('meta can be updated', () => {
expect(
updateSignalSchema.validate<Partial<UpdateSignalAlertParamsRest>>({
id: 'rule-1',
meta: { whateverYouWant: 'anything_at_all' },
}).error
).toBeFalsy();
});

test('You update meta as a string', () => {
expect(
updateSignalSchema.validate<
Partial<Omit<UpdateSignalAlertParamsRest, 'meta'> & { meta: string }>
>({
id: 'rule-1',
meta: 'should not work',
}).error
).toBeTruthy();
});
});

describe('find signals schema', () => {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ const query = Joi.string();
const language = Joi.string().valid('kuery', 'lucene');
const output_index = Joi.string();
const saved_id = Joi.string();
const meta = Joi.object();
const max_signals = Joi.number().greater(0);
const name = Joi.string();
const risk_score = Joi.number()
Expand Down Expand Up @@ -73,6 +74,7 @@ export const createSignalsSchema = Joi.object({
then: Joi.required(),
otherwise: Joi.forbidden(),
}),
meta,
risk_score: risk_score.required(),
max_signals: max_signals.default(100),
name: name.required(),
Expand Down Expand Up @@ -107,6 +109,7 @@ export const updateSignalSchema = Joi.object({
then: Joi.optional(),
otherwise: Joi.forbidden(),
}),
meta,
risk_score,
max_signals,
name,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ export const createUpdateSignalsRoute: Hapi.ServerRoute = {
output_index: outputIndex,
// eslint-disable-next-line @typescript-eslint/camelcase
saved_id: savedId,
meta,
filters,
// eslint-disable-next-line @typescript-eslint/camelcase
rule_id: ruleId,
Expand Down Expand Up @@ -78,6 +79,7 @@ export const createUpdateSignalsRoute: Hapi.ServerRoute = {
language,
outputIndex,
savedId,
meta,
filters,
id,
ruleId,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ export const transformAlertToSignal = (signal: SignalAlertType): Partial<OutputS
query: signal.alertTypeParams.query,
references: signal.alertTypeParams.references,
saved_id: signal.alertTypeParams.savedId,
meta: signal.alertTypeParams.meta,
severity: signal.alertTypeParams.severity,
size: signal.alertTypeParams.size,
updated_by: signal.updatedBy,
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
{
"rule_id": "rule-meta-data",
"risk_score": 1,
"description": "Detecting root and admin users",
"index": ["auditbeat-*", "filebeat-*", "packetbeat-*", "winlogbeat-*"],
"interval": "5m",
"name": "Detect Root/Admin Users",
"output_index": ".siem-signals",
"severity": "high",
"type": "query",
"from": "now-6m",
"to": "now",
"query": "user.name: root or user.name: admin",
"language": "kuery",
"references": ["http://www.example.com", "https://ww.example.com"],
"meta": {
"anything_i_want": {
"total_meta_for_ui_needs": true
}
}
}

0 comments on commit ca5b198

Please sign in to comment.