From e9c35a8e67080da65d5fc38977ad4824ab32f0c3 Mon Sep 17 00:00:00 2001 From: Garrett Spong Date: Sat, 17 Aug 2019 07:34:07 -0600 Subject: [PATCH] [SIEM] Fixes index substring incorrectly matching configured indices and failing to install ML job (#43409) (#43501) ## Summary As described in https://github.com/elastic/siem-team/issues/441, when checking which ML ConfigTemplates are valid to install, a substring of a configured index would match and the job would fail to install. This fixes this by ensuring the complete index name matches. --- .../siem/public/components/ml_popover/api.tsx | 20 +++++++++---------- .../components/ml_popover/helpers.test.tsx | 15 +++++++++++--- .../public/components/ml_popover/helpers.tsx | 6 +++--- .../ml_popover/hooks/use_index_patterns.tsx | 8 ++++---- .../components/ml_popover/ml_popover.tsx | 8 ++++---- 5 files changed, 32 insertions(+), 25 deletions(-) diff --git a/x-pack/legacy/plugins/siem/public/components/ml_popover/api.tsx b/x-pack/legacy/plugins/siem/public/components/ml_popover/api.tsx index d2843b86f187..f711d27b4b22 100644 --- a/x-pack/legacy/plugins/siem/public/components/ml_popover/api.tsx +++ b/x-pack/legacy/plugins/siem/public/components/ml_popover/api.tsx @@ -21,7 +21,7 @@ import { throwIfErrorAttachedToSetup, } from '../ml/api/throw_if_not_ok'; -const emptyIndexPattern: string = ''; +const emptyIndexPattern: string[] = []; /** * Fetches ML Groups Data @@ -196,7 +196,7 @@ export const jobsSummary = async ( */ export const getIndexPatterns = async ( headers: Record -): Promise => { +): Promise => { const response = await fetch( `${chrome.getBasePath()}/api/saved_objects/_find?type=index-pattern&fields=title&fields=type&per_page=10000`, { @@ -214,15 +214,13 @@ export const getIndexPatterns = async ( const results: IndexPatternResponse = await response.json(); if (results.saved_objects && Array.isArray(results.saved_objects)) { - return results.saved_objects - .reduce( - (acc: string[], v) => [ - ...acc, - ...(v.attributes && v.attributes.title ? [v.attributes.title] : []), - ], - [] - ) - .join(', '); + return results.saved_objects.reduce( + (acc: string[], v) => [ + ...acc, + ...(v.attributes && v.attributes.title ? [v.attributes.title] : []), + ], + [] + ); } else { return emptyIndexPattern; } diff --git a/x-pack/legacy/plugins/siem/public/components/ml_popover/helpers.test.tsx b/x-pack/legacy/plugins/siem/public/components/ml_popover/helpers.test.tsx index 943d1ae1c9a0..84bb6dea972f 100644 --- a/x-pack/legacy/plugins/siem/public/components/ml_popover/helpers.test.tsx +++ b/x-pack/legacy/plugins/siem/public/components/ml_popover/helpers.test.tsx @@ -34,7 +34,7 @@ describe('helpers', () => { const configTemplatesToInstall = getConfigTemplatesToInstall( mockConfigTemplates, [], - 'auditbeat-*, winlogbeat-*' + ['auditbeat-*', 'winlogbeat-*'] ); expect(configTemplatesToInstall.length).toEqual(2); }); @@ -43,7 +43,7 @@ describe('helpers', () => { const configTemplatesToInstall = getConfigTemplatesToInstall( mockConfigTemplates, [], - 'auditbeat-*, spongbeat-*' + ['auditbeat-*', 'spongbeat-*'] ); expect(configTemplatesToInstall.length).toEqual(1); }); @@ -52,10 +52,19 @@ describe('helpers', () => { const configTemplatesToInstall = getConfigTemplatesToInstall( mockConfigTemplates, mockInstalledJobIds, - 'auditbeat-*, winlogbeat-*' + ['auditbeat-*', 'winlogbeat-*'] ); expect(configTemplatesToInstall.length).toEqual(2); }); + + test('returns no configTemplates if index is substring of indexPatterns', () => { + const configTemplatesToInstall = getConfigTemplatesToInstall( + mockConfigTemplates, + mockInstalledJobIds, + ['winlogbeat-**'] + ); + expect(configTemplatesToInstall.length).toEqual(0); + }); }); describe('getJobsToDisplay', () => { diff --git a/x-pack/legacy/plugins/siem/public/components/ml_popover/helpers.tsx b/x-pack/legacy/plugins/siem/public/components/ml_popover/helpers.tsx index f08724055d94..bdc311d235fd 100644 --- a/x-pack/legacy/plugins/siem/public/components/ml_popover/helpers.tsx +++ b/x-pack/legacy/plugins/siem/public/components/ml_popover/helpers.tsx @@ -19,16 +19,16 @@ export const getJobsToInstall = (templates: ConfigTemplate[]): string[] => * * @param templates ConfigTemplates as provided by ML Team * @param installedJobIds list of installed JobIds - * @param indexPattern Comma separated string of the user's currently configured IndexPattern + * @param indexPatterns list of the user's currently configured IndexPatterns */ export const getConfigTemplatesToInstall = ( templates: ConfigTemplate[], installedJobIds: string[], - indexPattern: string + indexPatterns: string[] ): ConfigTemplate[] => templates .filter(ct => !ct.jobs.every(ctJobId => installedJobIds.includes(ctJobId))) - .filter(ct => indexPattern.indexOf(ct.defaultIndexPattern) >= 0); + .filter(ct => indexPatterns.includes(ct.defaultIndexPattern)); /** * Returns a filtered array of Jobs that based on filterGroup selection (Elastic vs Custom Jobs) and any user provided filterQuery diff --git a/x-pack/legacy/plugins/siem/public/components/ml_popover/hooks/use_index_patterns.tsx b/x-pack/legacy/plugins/siem/public/components/ml_popover/hooks/use_index_patterns.tsx index 56f6942299c1..22c586d00b9e 100644 --- a/x-pack/legacy/plugins/siem/public/components/ml_popover/hooks/use_index_patterns.tsx +++ b/x-pack/legacy/plugins/siem/public/components/ml_popover/hooks/use_index_patterns.tsx @@ -12,10 +12,10 @@ import { errorToToaster } from '../../ml/api/error_to_toaster'; import * as i18n from './translations'; -type Return = [boolean, string]; +type Return = [boolean, string[]]; export const useIndexPatterns = (refreshToggle = false): Return => { - const [indexPattern, setIndexPattern] = useState(''); + const [indexPatterns, setIndexPatterns] = useState([]); const [isLoading, setIsLoading] = useState(true); const config = useContext(KibanaConfigContext); const [, dispatchToaster] = useStateToaster(); @@ -26,7 +26,7 @@ export const useIndexPatterns = (refreshToggle = false): Return => { 'kbn-version': config.kbnVersion, }); - setIndexPattern(data); + setIndexPatterns(data); setIsLoading(false); } catch (error) { errorToToaster({ title: i18n.INDEX_PATTERN_FETCH_FAILURE, error, dispatchToaster }); @@ -39,5 +39,5 @@ export const useIndexPatterns = (refreshToggle = false): Return => { fetchFunc(); }, [refreshToggle]); - return [isLoading, indexPattern]; + return [isLoading, indexPatterns]; }; diff --git a/x-pack/legacy/plugins/siem/public/components/ml_popover/ml_popover.tsx b/x-pack/legacy/plugins/siem/public/components/ml_popover/ml_popover.tsx index 252d3e61b906..b87b213767ca 100644 --- a/x-pack/legacy/plugins/siem/public/components/ml_popover/ml_popover.tsx +++ b/x-pack/legacy/plugins/siem/public/components/ml_popover/ml_popover.tsx @@ -95,7 +95,7 @@ export const MlPopover = React.memo(() => { const [filterQuery, setFilterQuery] = useState(''); const [, dispatchToaster] = useStateToaster(); - const [, configuredIndexPattern] = useIndexPatterns(refreshToggle); + const [, configuredIndexPatterns] = useIndexPatterns(refreshToggle); const config = useContext(KibanaConfigContext); const capabilities = useContext(MlCapabilitiesContext); const headers = { 'kbn-version': config.kbnVersion }; @@ -136,7 +136,7 @@ export const MlPopover = React.memo(() => { const configTemplatesToInstall = getConfigTemplatesToInstall( configTemplates, installedJobIds, - configuredIndexPattern || '' + configuredIndexPatterns || [] ); // Filter installed job to show all 'siem' group jobs or just embedded @@ -152,7 +152,7 @@ export const MlPopover = React.memo(() => { useEffect(() => { if ( jobSummaryData != null && - configuredIndexPattern !== '' && + configuredIndexPatterns.length > 0 && configTemplatesToInstall.length > 0 ) { const setupJobs = async () => { @@ -178,7 +178,7 @@ export const MlPopover = React.memo(() => { }; setupJobs(); } - }, [jobSummaryData, configuredIndexPattern]); + }, [jobSummaryData, configuredIndexPatterns]); if (!capabilities.isPlatinumOrTrialLicense) { // If the user does not have platinum show upgrade UI