diff --git a/x-pack/plugins/endpoint/common/generate_data.ts b/x-pack/plugins/endpoint/common/generate_data.ts index 75351bb3bf07d..430ba1d422b96 100644 --- a/x-pack/plugins/endpoint/common/generate_data.ts +++ b/x-pack/plugins/endpoint/common/generate_data.ts @@ -83,6 +83,11 @@ const OTHER_EVENT_CATEGORIES: EventInfo[] = [ ]; interface HostInfo { + elastic: { + agent: { + id: string; + }; + }; agent: { version: string; id: string; @@ -116,6 +121,11 @@ export class EndpointDocGenerator { version: this.randomVersion(), id: this.seededUUIDv4(), }, + elastic: { + agent: { + id: this.seededUUIDv4(), + }, + }, host: { id: this.seededUUIDv4(), hostname: this.randomHostname(), diff --git a/x-pack/plugins/endpoint/common/types.ts b/x-pack/plugins/endpoint/common/types.ts index b3eb518e35ae3..565f47e7a0d6f 100644 --- a/x-pack/plugins/endpoint/common/types.ts +++ b/x-pack/plugins/endpoint/common/types.ts @@ -257,6 +257,11 @@ export type HostMetadata = Immutable<{ event: { created: number; }; + elastic: { + agent: { + id: string; + }; + }; endpoint: { policy: { id: string; diff --git a/x-pack/plugins/endpoint/server/test_data/all_metadata_data.json b/x-pack/plugins/endpoint/server/test_data/all_metadata_data.json index 3c824185ec083..3c8486aa127ea 100644 --- a/x-pack/plugins/endpoint/server/test_data/all_metadata_data.json +++ b/x-pack/plugins/endpoint/server/test_data/all_metadata_data.json @@ -23,6 +23,11 @@ "event" : { "created" : "2020-01-23T21:56:55.336Z" }, + "elastic": { + "agent": { + "id": "56a75650-3c8a-4e4f-ac17-6dd729c650e2" + } + }, "endpoint" : { "policy" : { "id" : "C2A9093E-E289-4C0A-AA44-8C32A414FA7A" @@ -73,6 +78,11 @@ "event" : { "created" : "2020-01-23T21:56:55.336Z" }, + "elastic": { + "agent": { + "id": "56a75650-3c8a-4e4f-ac17-6dd729c650e2" + } + }, "endpoint" : { "policy" : { "id" : "C2A9093E-E289-4C0A-AA44-8C32A414FA7A" @@ -115,6 +125,11 @@ "event" : { "created" : "2020-01-23T21:56:55.336Z" }, + "elastic": { + "agent": { + "id": "c2d84d8f-d355-40de-8b54-5d318d4d1312" + } + }, "endpoint" : { "policy" : { "id" : "C2A9093E-E289-4C0A-AA44-8C32A414FA7A" @@ -165,6 +180,11 @@ "event" : { "created" : "2020-01-23T21:56:55.336Z" }, + "elastic": { + "agent": { + "id": "c2d84d8f-d355-40de-8b54-5d318d4d1312" + } + }, "endpoint" : { "policy" : { "id" : "C2A9093E-E289-4C0A-AA44-8C32A414FA7A" diff --git a/x-pack/test/api_integration/apis/endpoint/metadata.ts b/x-pack/test/api_integration/apis/endpoint/metadata.ts index a363f17df9faa..ad495d4505404 100644 --- a/x-pack/test/api_integration/apis/endpoint/metadata.ts +++ b/x-pack/test/api_integration/apis/endpoint/metadata.ts @@ -192,6 +192,27 @@ export default function({ getService }: FtrProviderContext) { expect(body.request_page_index).to.eql(0); }); + it('metadata api should return the endpoint based on the elastic agent id', async () => { + const targetEndpointId = 'fc0ff548-feba-41b6-8367-65e8790d0eaf'; + const targetElasticAgentId = '023fa40c-411d-4188-a941-4147bfadd095'; + const { body } = await supertest + .post('/api/endpoint/metadata') + .set('kbn-xsrf', 'xxx') + .send({ + filter: `elastic.agent.id:${targetElasticAgentId}`, + }) + .expect(200); + expect(body.total).to.eql(1); + const resultHostId: string = body.hosts[0].host.id; + const resultElasticAgentId: string = body.hosts[0].elastic.agent.id; + expect(resultHostId).to.eql(targetEndpointId); + expect(resultElasticAgentId).to.eql(targetElasticAgentId); + expect(body.hosts[0].event.created).to.eql(1579881969541); + expect(body.hosts.length).to.eql(1); + expect(body.request_page_size).to.eql(10); + expect(body.request_page_index).to.eql(0); + }); + it('metadata api should return all hosts when filter is empty string', async () => { const { body } = await supertest .post('/api/endpoint/metadata') diff --git a/x-pack/test/functional/es_archives/endpoint/metadata/api_feature/data.json b/x-pack/test/functional/es_archives/endpoint/metadata/api_feature/data.json index 56c58a2baa039..2046f46db9f53 100644 --- a/x-pack/test/functional/es_archives/endpoint/metadata/api_feature/data.json +++ b/x-pack/test/functional/es_archives/endpoint/metadata/api_feature/data.json @@ -10,6 +10,11 @@ "version": "6.6.1", "name" : "Elastic Endpoint" }, + "elastic": { + "agent": { + "id": "11488bae-880b-4e7b-8d28-aac2aa9de816" + } + }, "endpoint": { "policy": { "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A" @@ -54,6 +59,11 @@ "version": "6.0.0", "name" : "Elastic Endpoint" }, + "elastic": { + "agent": { + "id": "92ac1ce0-e1f7-409e-8af6-f17e97b1fc71" + } + }, "endpoint": { "policy": { "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A" @@ -97,6 +107,11 @@ "version": "6.8.0", "name" : "Elastic Endpoint" }, + "elastic": { + "agent": { + "id": "023fa40c-411d-4188-a941-4147bfadd095" + } + }, "endpoint": { "policy": { "id": "00000000-0000-0000-0000-000000000000" @@ -138,6 +153,11 @@ "version": "6.6.1", "name" : "Elastic Endpoint" }, + "elastic": { + "agent": { + "id": "11488bae-880b-4e7b-8d28-aac2aa9de816" + } + }, "endpoint": { "policy": { "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A" @@ -182,6 +202,11 @@ "version": "6.0.0", "name" : "Elastic Endpoint" }, + "elastic": { + "agent": { + "id": "92ac1ce0-e1f7-409e-8af6-f17e97b1fc71" + } + }, "endpoint": { "policy": { "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A" @@ -224,6 +249,11 @@ "version": "6.8.0", "name" : "Elastic Endpoint" }, + "elastic": { + "agent": { + "id": "023fa40c-411d-4188-a941-4147bfadd095" + } + }, "endpoint": { "policy": { "id": "00000000-0000-0000-0000-000000000000" @@ -266,6 +296,11 @@ "version": "6.6.1", "name" : "Elastic Endpoint" }, + "elastic": { + "agent": { + "id": "11488bae-880b-4e7b-8d28-aac2aa9de816" + } + }, "endpoint": { "policy": { "id": "00000000-0000-0000-0000-000000000000" @@ -309,6 +344,11 @@ "version": "6.0.0", "name" : "Elastic Endpoint" }, + "elastic": { + "agent": { + "id": "92ac1ce0-e1f7-409e-8af6-f17e97b1fc71" + } + }, "endpoint": { "policy": { "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A" @@ -351,6 +391,11 @@ "version": "6.8.0", "name" : "Elastic Endpoint" }, + "elastic": { + "agent": { + "id": "023fa40c-411d-4188-a941-4147bfadd095" + } + }, "endpoint": { "policy": { "id": "00000000-0000-0000-0000-000000000000" @@ -379,4 +424,4 @@ } } } -} \ No newline at end of file +} diff --git a/x-pack/test/functional/es_archives/endpoint/metadata/api_feature/mappings.json b/x-pack/test/functional/es_archives/endpoint/metadata/api_feature/mappings.json index 61ddf3c4e65db..c9a6c183f0489 100644 --- a/x-pack/test/functional/es_archives/endpoint/metadata/api_feature/mappings.json +++ b/x-pack/test/functional/es_archives/endpoint/metadata/api_feature/mappings.json @@ -9,6 +9,23 @@ "@timestamp": { "type": "long" }, + "elastic": { + "properties": { + "agent": { + "properties": { + "id": { + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + }, + "type": "text" + } + } + } + } + }, "agent": { "properties": { "id": { @@ -153,4 +170,4 @@ } } } -} \ No newline at end of file +}