[Serverless] Add schema validation to Search Strategies in security solution & timelines

x-pack/plugins/security_solution/common/api/search_strategy/cti/cti.ts

@@ -0,0 +1,10 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export * from './event_enrichment';
+
+export * from './threat_intel_source';

x-pack/plugins/security_solution/common/api/search_strategy/cti/event_enrichment.ts

@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { CtiQueries } from '../model/factory_query_type';
+import { requestBasicOptionsSchema } from '../model/request_basic_options';
+import { timerange } from '../model/timerange';
+
+export const eventEnrichmentRequestOptionsSchema = requestBasicOptionsSchema.extend({
+  eventFields: z.record(z.unknown()),
+  timerange,
+  factoryQueryType: z.literal(CtiQueries.eventEnrichment),
+});
+
+export type EventEnrichmentRequestOptionsInput = z.input<
+  typeof eventEnrichmentRequestOptionsSchema
+>;
+
+export type EventEnrichmentRequestOptions = z.infer<typeof eventEnrichmentRequestOptionsSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/cti/threat_intel_source.ts

@@ -0,0 +1,20 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { CtiQueries } from '../model/factory_query_type';
+import { requestBasicOptionsSchema } from '../model/request_basic_options';
+
+export const threatIntelSourceRequestOptionsSchema = requestBasicOptionsSchema.extend({
+  factoryQueryType: z.literal(CtiQueries.dataSource),
+});
+
+export type ThreatIntelSourceRequestOptionsInput = z.input<
+  typeof threatIntelSourceRequestOptionsSchema
+>;
+
+export type ThreatIntelSourceRequestOptions = z.infer<typeof threatIntelSourceRequestOptionsSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/endpoint_fields/endpoint_fields.ts

@@ -12,4 +12,6 @@ export const endpointFieldsRequestSchema = z.object({
   onlyCheckIfIndicesExist: z.boolean(),
 });
 
+export type EndpointFieldsRequestSchemaInput = z.input<typeof endpointFieldsRequestSchema>;
+
 export type EndpointFieldsRequestSchema = z.infer<typeof endpointFieldsRequestSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/first_seen_last_seen/first_seen_last_seen.ts

@@ -11,28 +11,27 @@ import type { IKibanaSearchResponse } from '@kbn/data-plugin/common';
 
 import { order } from '../model/order';
 import { requestBasicOptionsSchema } from '../model/request_basic_options';
+import { inspect } from '../model/inspect';
+import { FirstLastSeenQuery } from '../model/factory_query_type';
+
+export const firstLastSeenRequestOptionsSchema = requestBasicOptionsSchema.extend({
+  order,
+  field: z.string(),
+  value: z.string(),
+  factoryQueryType: z.literal(FirstLastSeenQuery),
+});
 
-export const firstLastSeenRequestOptionsSchema = z
-  .object({
-    order,
-    field: z.string(),
-    value: z.string(),
-  })
-  .extend(requestBasicOptionsSchema.partial().shape);
+export type FirstLastSeenRequestOptionsInput = z.input<typeof firstLastSeenRequestOptionsSchema>;
 
 export type FirstLastSeenRequestOptions = z.infer<typeof firstLastSeenRequestOptionsSchema>;
 
-const inspectSchema = z.object({
-  dsl: z.array(z.string()),
-});
-
 export const firstLastSeenResponseSchema = z
   .object({
     firstSeen: z.string().nullable(),
     lastSeen: z.string().nullable(),
-    inspect: inspectSchema,
+    inspect,
   })
   .partial();
 
-export type FirstLastSeenStrategyResponse = z.infer<typeof firstLastSeenResponseSchema> &
+export type FirstLastSeenStrategyResponse = z.input<typeof firstLastSeenResponseSchema> &
   IKibanaSearchResponse;

x-pack/plugins/security_solution/common/api/search_strategy/hosts/all.ts

@@ -0,0 +1,25 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { HostsQueries } from '../model/factory_query_type';
+import { pagination } from '../model/pagination';
+import { requestBasicOptionsSchema } from '../model/request_basic_options';
+import { timerange } from '../model/timerange';
+import { sort } from './model/sort';
+
+export const allHostsSchema = requestBasicOptionsSchema.extend({
+  sort,
+  pagination,
+  timerange,
+  isNewRiskScoreModuleAvailable: z.boolean().default(false),
+  factoryQueryType: z.literal(HostsQueries.hosts),
+});
+
+export type HostsRequestOptionsInput = z.input<typeof allHostsSchema>;
+
+export type HostsRequestOptions = z.infer<typeof allHostsSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/hosts/details.ts

@@ -0,0 +1,28 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { HostsQueries } from '../model/factory_query_type';
+import { inspect } from '../model/inspect';
+import { pagination } from '../model/pagination';
+import { requestBasicOptionsSchema } from '../model/request_basic_options';
+import { timerange } from '../model/timerange';
+import { sort } from './model/sort';
+
+export const hostDetailsSchema = requestBasicOptionsSchema.extend({
+  hostName: z.string(),
+  skip: z.boolean().optional(),
+  inspect,
+  pagination: pagination.optional(),
+  timerange,
+  sort,
+  factoryQueryType: z.literal(HostsQueries.details),
+});
+
+export type HostDetailsRequestOptionsInput = z.input<typeof hostDetailsSchema>;
+
+export type HostDetailsRequestOptions = z.infer<typeof hostDetailsSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/hosts/hosts.ts

@@ -0,0 +1,18 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export * from './all';
+
+export * from './details';
+
+export * from './overview';
+
+export * from './uncommon_processes';
+
+export * from './kpi_hosts';
+
+export * from './kpi_unique_ips';

x-pack/plugins/security_solution/common/api/search_strategy/hosts/kpi_hosts.ts

@@ -0,0 +1,24 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { HostsKpiQueries } from '../model/factory_query_type';
+import { pagination } from '../model/pagination';
+import { requestBasicOptionsSchema } from '../model/request_basic_options';
+import { timerange } from '../model/timerange';
+import { sort } from './model/sort';
+
+export const kpiHostsSchema = requestBasicOptionsSchema.extend({
+  sort,
+  pagination,
+  timerange,
+  factoryQueryType: z.literal(HostsKpiQueries.kpiHosts),
+});
+
+export type KpiHostsRequestOptionsInput = z.input<typeof kpiHostsSchema>;
+
+export type KpiHostsRequestOptions = z.infer<typeof kpiHostsSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/hosts/kpi_unique_ips.ts

@@ -0,0 +1,24 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { HostsKpiQueries } from '../model/factory_query_type';
+import { pagination } from '../model/pagination';
+import { requestBasicOptionsSchema } from '../model/request_basic_options';
+import { timerange } from '../model/timerange';
+import { sort } from './model/sort';
+
+export const kpiUniqueIpsSchema = requestBasicOptionsSchema.extend({
+  sort,
+  pagination,
+  timerange,
+  factoryQueryType: z.literal(HostsKpiQueries.kpiUniqueIps),
+});
+
+export type KpiUniqueIpsRequestOptionsInput = z.input<typeof kpiUniqueIpsSchema>;
+
+export type KpiUniqueIpsRequestOptions = z.infer<typeof kpiUniqueIpsSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/hosts/model/sort.ts

@@ -0,0 +1,16 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export enum HostsFields {
+  lastSeen = 'lastSeen',
+  hostName = 'hostName',
+  success = 'success',
+}
+
+import { sort as baseSort } from '../../model/sort';
+
+export const sort = baseSort;

x-pack/plugins/security_solution/common/api/search_strategy/hosts/overview.ts

@@ -0,0 +1,20 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { HostsQueries } from '../model/factory_query_type';
+import { requestBasicOptionsSchema } from '../model/request_basic_options';
+import { timerange } from '../model/timerange';
+
+export const hostOverviewSchema = requestBasicOptionsSchema.extend({
+  factoryQueryType: z.literal(HostsQueries.overview),
+  timerange,
+});
+
+export type HostOverviewRequestOptionsInput = z.input<typeof hostOverviewSchema>;
+
+export type HostOverviewRequestOptions = z.infer<typeof hostOverviewSchema>;

x-pack/plugins/security_solution/common/api/search_strategy/hosts/uncommon_processes.ts

@@ -0,0 +1,24 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+import { HostsQueries } from '../model/factory_query_type';
+import { pagination } from '../model/pagination';
+import { requestBasicOptionsSchema } from '../model/request_basic_options';
+import { sort } from '../model/sort';
+import { timerange } from '../model/timerange';
+
+export const hostUncommonProcessesSchema = requestBasicOptionsSchema.extend({
+  sort,
+  pagination,
+  timerange,
+  factoryQueryType: z.literal(HostsQueries.uncommonProcesses),
+});
+
+export type HostUncommonProcessesRequestOptionsInput = z.input<typeof hostUncommonProcessesSchema>;
+
+export type HostUncommonProcessesRequestOptions = z.infer<typeof hostUncommonProcessesSchema>;