Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[SIEM] Add support for actions and throttle in Rules #59641

Merged
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
f8892c7
WIP
patrykkopycinski Mar 9, 2020
e9a87aa
cleanup
patrykkopycinski Mar 9, 2020
a628ade
fix tests
patrykkopycinski Mar 9, 2020
027ea3a
PR comments
patrykkopycinski Mar 9, 2020
47a0a73
Merge branch 'master' of github.com:elastic/kibana into feat/siem-rul…
patrykkopycinski Mar 10, 2020
65ec6df
PR comments
patrykkopycinski Mar 10, 2020
5bf1bb0
fix types
patrykkopycinski Mar 10, 2020
24a9f1f
Merge branch 'master' of github.com:elastic/kibana into feat/siem-rul…
patrykkopycinski Mar 11, 2020
782d109
PR comments
patrykkopycinski Mar 11, 2020
7da07f5
Merge branch 'master' of github.com:elastic/kibana into feat/siem-rul…
patrykkopycinski Mar 12, 2020
1b1cbb7
types
patrykkopycinski Mar 12, 2020
03f47e3
Merge branch 'master' of github.com:elastic/kibana into feat/siem-rul…
patrykkopycinski Mar 12, 2020
782d500
try to fix types
patrykkopycinski Mar 12, 2020
d1ec59c
Merge branch 'master' of github.com:elastic/kibana into feat/siem-rul…
patrykkopycinski Mar 15, 2020
2b0afb4
PR comments
patrykkopycinski Mar 15, 2020
369ebb9
Merge branch 'master' of github.com:elastic/kibana into feat/siem-rul…
patrykkopycinski Mar 16, 2020
23accc5
Merge branch 'master' of github.com:elastic/kibana into feat/siem-rul…
patrykkopycinski Mar 17, 2020
4da10a4
fix merge conflicts
patrykkopycinski Mar 17, 2020
aabbc32
cleanup
patrykkopycinski Mar 17, 2020
3ebc5e4
Merge branch 'master' of github.com:elastic/kibana into feat/siem-rul…
patrykkopycinski Mar 17, 2020
9c2db42
Merge branch 'master' into feat/siem-rule-actions-throttle
elasticmachine Mar 17, 2020
d0afc31
Merge branch 'feat/siem-rule-actions-throttle' of github.com:patrykko…
patrykkopycinski Mar 17, 2020
50abbc2
cleanup
patrykkopycinski Mar 17, 2020
1e969a9
add unit tests
patrykkopycinski Mar 17, 2020
2df113e
Merge branch 'master' of github.com:elastic/kibana into feat/siem-rul…
patrykkopycinski Mar 17, 2020
fff7c85
Merge branch 'master' into feat/siem-rule-actions-throttle
elasticmachine Mar 18, 2020
231d96d
Merge branch 'master' of github.com:elastic/kibana into feat/siem-rul…
patrykkopycinski Mar 19, 2020
abd6471
fix types
patrykkopycinski Mar 19, 2020
fedc474
Merge branch 'master' of github.com:elastic/kibana into feat/siem-rul…
patrykkopycinski Mar 19, 2020
aaf4df5
PR comments
patrykkopycinski Mar 19, 2020
1b03386
update response schema
patrykkopycinski Mar 19, 2020
07aa54f
actionTypeId => action_type_id
patrykkopycinski Mar 19, 2020
585884e
Add extra check
patrykkopycinski Mar 19, 2020
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ export const mockPrepackagedRule = (): PrepackagedRules => ({
technique: [{ id: 'techniqueId', name: 'techniqueName', reference: 'techniqueRef' }],
},
],
throttle: null,
enabled: true,
filters: [],
immutable: false,
Expand Down Expand Up @@ -348,6 +349,7 @@ export const getResult = (): RuleAlertType => ({
alertTypeId: 'siem.signals',
consumer: 'siem',
params: {
actions: [],
description: 'Detecting root and admin users',
ruleId: 'rule-1',
index: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'],
Expand Down Expand Up @@ -391,6 +393,7 @@ export const getResult = (): RuleAlertType => ({
],
},
],
throttle: 'no_actions',
references: ['http://www.example.com', 'https://ww.example.com'],
version: 1,
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ export const createRulesBulkRoute = (router: IRouter) => {
.filter(rule => rule.rule_id == null || !dupes.includes(rule.rule_id))
.map(async payloadRule => {
const {
actions,
description,
enabled,
false_positives: falsePositives,
Expand All @@ -75,6 +76,7 @@ export const createRulesBulkRoute = (router: IRouter) => {
severity,
tags,
threat,
throttle,
to,
type,
references,
Expand Down Expand Up @@ -106,6 +108,7 @@ export const createRulesBulkRoute = (router: IRouter) => {
const createdRule = await createRules({
alertsClient,
actionsClient,
actions,
description,
enabled,
falsePositives,
Expand All @@ -127,6 +130,7 @@ export const createRulesBulkRoute = (router: IRouter) => {
name,
severity,
tags,
throttle,
to,
type,
threat,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ export const createRulesRoute = (router: IRouter): void => {
},
async (context, request, response) => {
const {
actions,
description,
enabled,
false_positives: falsePositives,
Expand All @@ -52,6 +53,7 @@ export const createRulesRoute = (router: IRouter): void => {
severity,
tags,
threat,
throttle,
to,
type,
references,
Expand Down Expand Up @@ -92,6 +94,7 @@ export const createRulesRoute = (router: IRouter): void => {
const createdRule = await createRules({
alertsClient,
actionsClient,
actions,
description,
enabled,
falsePositives,
Expand All @@ -113,6 +116,7 @@ export const createRulesRoute = (router: IRouter): void => {
name,
severity,
tags,
throttle,
to,
type,
threat,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,7 @@ export const importRulesRoute = (router: IRouter, config: LegacyServices['config
return null;
}
const {
actions,
description,
enabled,
false_positives: falsePositives,
Expand All @@ -131,6 +132,7 @@ export const importRulesRoute = (router: IRouter, config: LegacyServices['config
severity,
tags,
threat,
throttle,
to,
type,
references,
Expand Down Expand Up @@ -158,6 +160,7 @@ export const importRulesRoute = (router: IRouter, config: LegacyServices['config
await createRules({
alertsClient,
actionsClient,
actions,
description,
enabled,
falsePositives,
Expand All @@ -182,6 +185,7 @@ export const importRulesRoute = (router: IRouter, config: LegacyServices['config
to,
type,
threat,
throttle,
references,
version,
});
Expand All @@ -190,6 +194,7 @@ export const importRulesRoute = (router: IRouter, config: LegacyServices['config
await patchRules({
alertsClient,
actionsClient,
actions,
savedObjectsClient,
description,
enabled,
Expand All @@ -216,6 +221,7 @@ export const importRulesRoute = (router: IRouter, config: LegacyServices['config
to,
type,
threat,
throttle,
references,
version,
});
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ export const patchRulesBulkRoute = (router: IRouter) => {
const rules = await Promise.all(
request.body.map(async payloadRule => {
const {
actions,
description,
enabled,
false_positives: falsePositives,
Expand All @@ -70,6 +71,7 @@ export const patchRulesBulkRoute = (router: IRouter) => {
to,
type,
threat,
throttle,
references,
version,
} = payloadRule;
Expand All @@ -78,6 +80,7 @@ export const patchRulesBulkRoute = (router: IRouter) => {
const rule = await patchRules({
alertsClient,
actionsClient,
actions,
description,
enabled,
falsePositives,
Expand All @@ -103,6 +106,7 @@ export const patchRulesBulkRoute = (router: IRouter) => {
to,
type,
threat,
throttle,
references,
version,
});
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ export const patchRulesRoute = (router: IRouter) => {
},
async (context, request, response) => {
const {
actions,
description,
enabled,
false_positives: falsePositives,
Expand All @@ -54,6 +55,7 @@ export const patchRulesRoute = (router: IRouter) => {
to,
type,
threat,
throttle,
references,
version,
} = request.body;
Expand All @@ -75,6 +77,7 @@ export const patchRulesRoute = (router: IRouter) => {
const rule = await patchRules({
actionsClient,
alertsClient,
actions,
description,
enabled,
falsePositives,
Expand All @@ -100,6 +103,7 @@ export const patchRulesRoute = (router: IRouter) => {
to,
type,
threat,
throttle,
references,
version,
});
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ export const updateRulesBulkRoute = (router: IRouter) => {
const rules = await Promise.all(
request.body.map(async payloadRule => {
const {
actions,
description,
enabled,
false_positives: falsePositives,
Expand All @@ -71,6 +72,7 @@ export const updateRulesBulkRoute = (router: IRouter) => {
to,
type,
threat,
throttle,
references,
version,
} = payloadRule;
Expand All @@ -80,6 +82,7 @@ export const updateRulesBulkRoute = (router: IRouter) => {
const rule = await updateRules({
alertsClient,
actionsClient,
actions,
description,
enabled,
immutable: false,
Expand All @@ -106,6 +109,7 @@ export const updateRulesBulkRoute = (router: IRouter) => {
to,
type,
threat,
throttle,
references,
version,
});
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ export const updateRulesRoute = (router: IRouter) => {
},
async (context, request, response) => {
const {
actions,
description,
enabled,
false_positives: falsePositives,
Expand All @@ -54,6 +55,7 @@ export const updateRulesRoute = (router: IRouter) => {
to,
type,
threat,
throttle,
references,
version,
} = request.body;
Expand All @@ -76,6 +78,7 @@ export const updateRulesRoute = (router: IRouter) => {
const rule = await updateRules({
alertsClient,
actionsClient,
actions,
description,
enabled,
falsePositives,
Expand All @@ -102,6 +105,7 @@ export const updateRulesRoute = (router: IRouter) => {
to,
type,
threat,
throttle,
references,
version,
});
Expand Down
Loading