From 34700766202f8c99b806ed33b9166413530eb8d6 Mon Sep 17 00:00:00 2001 From: Ryland Herrick Date: Mon, 20 Apr 2020 17:36:57 -0500 Subject: [PATCH 1/3] WIP: Register saved objects types in NP This works, but responsibilities are spread around. Refactor incoming. --- x-pack/legacy/plugins/siem/index.ts | 4 - .../rule_actions/saved_object_mappings.ts | 51 +- .../rules/saved_object_mappings.ts | 68 ++- .../signals/__mocks__/es_results.ts | 2 +- .../siem/server/lib/note/saved_object.ts | 2 +- .../server/lib/note/saved_object_mappings.ts | 51 +- .../server/lib/pinned_event/saved_object.ts | 3 +- .../lib/pinned_event/saved_object_mappings.ts | 45 +- .../timeline/routes/utils/export_timelines.ts | 9 +- .../lib/timeline/saved_object_mappings.ts | 469 +++++++++--------- x-pack/plugins/siem/server/plugin.ts | 3 + x-pack/plugins/siem/server/saved_objects.ts | 46 +- 12 files changed, 379 insertions(+), 374 deletions(-) diff --git a/x-pack/legacy/plugins/siem/index.ts b/x-pack/legacy/plugins/siem/index.ts index 6e03583dda69f..bf3626a786682 100644 --- a/x-pack/legacy/plugins/siem/index.ts +++ b/x-pack/legacy/plugins/siem/index.ts @@ -8,9 +8,6 @@ import { i18n } from '@kbn/i18n'; import { resolve } from 'path'; import { Root } from 'joi'; -// eslint-disable-next-line @kbn/eslint/no-restricted-paths -import { savedObjectMappings } from '../../../plugins/siem/server/saved_objects'; - import { APP_ID, APP_NAME, @@ -157,7 +154,6 @@ export const siem = (kibana: any) => { requiresPageReload: true, }, }, - mappings: savedObjectMappings, }, config(Joi: Root) { return Joi.object() diff --git a/x-pack/plugins/siem/server/lib/detection_engine/rule_actions/saved_object_mappings.ts b/x-pack/plugins/siem/server/lib/detection_engine/rule_actions/saved_object_mappings.ts index f54f43c41ef6e..6d33ffc652ee7 100644 --- a/x-pack/plugins/siem/server/lib/detection_engine/rule_actions/saved_object_mappings.ts +++ b/x-pack/plugins/siem/server/lib/detection_engine/rule_actions/saved_object_mappings.ts @@ -7,32 +7,31 @@ export const ruleActionsSavedObjectType = 'siem-detection-engine-rule-actions'; export const ruleActionsSavedObjectMappings = { - [ruleActionsSavedObjectType]: { - properties: { - alertThrottle: { - type: 'keyword', - }, - ruleAlertId: { - type: 'keyword', - }, - ruleThrottle: { - type: 'keyword', - }, - actions: { - properties: { - group: { - type: 'keyword', - }, - id: { - type: 'keyword', - }, - action_type_id: { - type: 'keyword', - }, - params: { - dynamic: true, - properties: {}, - }, + properties: { + alertThrottle: { + type: 'keyword', + }, + ruleAlertId: { + type: 'keyword', + }, + ruleThrottle: { + type: 'keyword', + }, + actions: { + properties: { + group: { + type: 'keyword', + }, + id: { + type: 'keyword', + }, + action_type_id: { + type: 'keyword', + }, + params: { + // eslint-disable-next-line @typescript-eslint/no-explicit-any + dynamic: true as any, + properties: {}, }, }, }, diff --git a/x-pack/plugins/siem/server/lib/detection_engine/rules/saved_object_mappings.ts b/x-pack/plugins/siem/server/lib/detection_engine/rules/saved_object_mappings.ts index 1d91def5fa6cc..5ebe0024d5d47 100644 --- a/x-pack/plugins/siem/server/lib/detection_engine/rules/saved_object_mappings.ts +++ b/x-pack/plugins/siem/server/lib/detection_engine/rules/saved_object_mappings.ts @@ -7,41 +7,39 @@ export const ruleStatusSavedObjectType = 'siem-detection-engine-rule-status'; export const ruleStatusSavedObjectMappings = { - [ruleStatusSavedObjectType]: { - properties: { - alertId: { - type: 'keyword', - }, - status: { - type: 'keyword', - }, - statusDate: { - type: 'date', - }, - lastFailureAt: { - type: 'date', - }, - lastSuccessAt: { - type: 'date', - }, - lastFailureMessage: { - type: 'text', - }, - lastSuccessMessage: { - type: 'text', - }, - lastLookBackDate: { - type: 'date', - }, - gap: { - type: 'text', - }, - bulkCreateTimeDurations: { - type: 'float', - }, - searchAfterTimeDurations: { - type: 'float', - }, + properties: { + alertId: { + type: 'keyword', + }, + status: { + type: 'keyword', + }, + statusDate: { + type: 'date', + }, + lastFailureAt: { + type: 'date', + }, + lastSuccessAt: { + type: 'date', + }, + lastFailureMessage: { + type: 'text', + }, + lastSuccessMessage: { + type: 'text', + }, + lastLookBackDate: { + type: 'date', + }, + gap: { + type: 'text', + }, + bulkCreateTimeDurations: { + type: 'float', + }, + searchAfterTimeDurations: { + type: 'float', }, }, }; diff --git a/x-pack/plugins/siem/server/lib/detection_engine/signals/__mocks__/es_results.ts b/x-pack/plugins/siem/server/lib/detection_engine/signals/__mocks__/es_results.ts index 8a5da8e859721..40bfa3a1e6ca7 100644 --- a/x-pack/plugins/siem/server/lib/detection_engine/signals/__mocks__/es_results.ts +++ b/x-pack/plugins/siem/server/lib/detection_engine/signals/__mocks__/es_results.ts @@ -13,7 +13,7 @@ import { import { loggingServiceMock } from '../../../../../../../../src/core/server/mocks'; import { RuleTypeParams, OutputRuleAlertRest } from '../../types'; import { IRuleStatusAttributes } from '../../rules/types'; -import { ruleStatusSavedObjectType } from '../../../../saved_objects'; +import { ruleStatusSavedObjectType } from '../../rules/saved_object_mappings'; export const sampleRuleAlertParams = ( maxSignals?: number | undefined, diff --git a/x-pack/plugins/siem/server/lib/note/saved_object.ts b/x-pack/plugins/siem/server/lib/note/saved_object.ts index 2b94fd4516786..3eae30625e422 100644 --- a/x-pack/plugins/siem/server/lib/note/saved_object.ts +++ b/x-pack/plugins/siem/server/lib/note/saved_object.ts @@ -25,9 +25,9 @@ import { import { FrameworkRequest } from '../framework'; import { SavedNote, NoteSavedObjectRuntimeType, NoteSavedObject } from './types'; import { noteSavedObjectType } from './saved_object_mappings'; -import { timelineSavedObjectType } from '../../saved_objects'; import { pickSavedTimeline } from '../timeline/pick_saved_timeline'; import { convertSavedObjectToSavedTimeline } from '../timeline/convert_saved_object_to_savedtimeline'; +import { timelineSavedObjectType } from '../timeline/saved_object_mappings'; export class Note { public async deleteNote(request: FrameworkRequest, noteIds: string[]) { diff --git a/x-pack/plugins/siem/server/lib/note/saved_object_mappings.ts b/x-pack/plugins/siem/server/lib/note/saved_object_mappings.ts index b001e30e52336..47f0fbbb3bb83 100644 --- a/x-pack/plugins/siem/server/lib/note/saved_object_mappings.ts +++ b/x-pack/plugins/siem/server/lib/note/saved_object_mappings.ts @@ -4,37 +4,30 @@ * you may not use this file except in compliance with the Elastic License. */ -import { ElasticsearchMappingOf } from '../../utils/typed_elasticsearch_mappings'; -import { SavedNote } from './types'; - export const noteSavedObjectType = 'siem-ui-timeline-note'; -export const noteSavedObjectMappings: { - [noteSavedObjectType]: ElasticsearchMappingOf; -} = { - [noteSavedObjectType]: { - properties: { - timelineId: { - type: 'keyword', - }, - eventId: { - type: 'keyword', - }, - note: { - type: 'text', - }, - created: { - type: 'date', - }, - createdBy: { - type: 'text', - }, - updated: { - type: 'date', - }, - updatedBy: { - type: 'text', - }, +export const noteSavedObjectMappings = { + properties: { + timelineId: { + type: 'keyword', + }, + eventId: { + type: 'keyword', + }, + note: { + type: 'text', + }, + created: { + type: 'date', + }, + createdBy: { + type: 'text', + }, + updated: { + type: 'date', + }, + updatedBy: { + type: 'text', }, }, }; diff --git a/x-pack/plugins/siem/server/lib/pinned_event/saved_object.ts b/x-pack/plugins/siem/server/lib/pinned_event/saved_object.ts index 7fc23d86d8218..1e3a481e17106 100644 --- a/x-pack/plugins/siem/server/lib/pinned_event/saved_object.ts +++ b/x-pack/plugins/siem/server/lib/pinned_event/saved_object.ts @@ -20,9 +20,10 @@ import { SavedPinnedEvent, } from './types'; import { PageInfoNote, SortNote, PinnedEvent as PinnedEventResponse } from '../../graphql/types'; -import { pinnedEventSavedObjectType, timelineSavedObjectType } from '../../saved_objects'; import { pickSavedTimeline } from '../timeline/pick_saved_timeline'; import { convertSavedObjectToSavedTimeline } from '../timeline/convert_saved_object_to_savedtimeline'; +import { pinnedEventSavedObjectType } from './saved_object_mappings'; +import { timelineSavedObjectType } from '../timeline/saved_object_mappings'; export class PinnedEvent { public async deletePinnedEventOnTimeline(request: FrameworkRequest, pinnedEventIds: string[]) { diff --git a/x-pack/plugins/siem/server/lib/pinned_event/saved_object_mappings.ts b/x-pack/plugins/siem/server/lib/pinned_event/saved_object_mappings.ts index 322f585ae8ff2..e865152026ed6 100644 --- a/x-pack/plugins/siem/server/lib/pinned_event/saved_object_mappings.ts +++ b/x-pack/plugins/siem/server/lib/pinned_event/saved_object_mappings.ts @@ -4,34 +4,27 @@ * you may not use this file except in compliance with the Elastic License. */ -import { ElasticsearchMappingOf } from '../../utils/typed_elasticsearch_mappings'; -import { SavedPinnedEvent } from './types'; - export const pinnedEventSavedObjectType = 'siem-ui-timeline-pinned-event'; -export const pinnedEventSavedObjectMappings: { - [pinnedEventSavedObjectType]: ElasticsearchMappingOf; -} = { - [pinnedEventSavedObjectType]: { - properties: { - timelineId: { - type: 'keyword', - }, - eventId: { - type: 'keyword', - }, - created: { - type: 'date', - }, - createdBy: { - type: 'text', - }, - updated: { - type: 'date', - }, - updatedBy: { - type: 'text', - }, +export const pinnedEventSavedObjectMappings = { + properties: { + timelineId: { + type: 'keyword', + }, + eventId: { + type: 'keyword', + }, + created: { + type: 'date', + }, + createdBy: { + type: 'text', + }, + updated: { + type: 'date', + }, + updatedBy: { + type: 'text', }, }, }; diff --git a/x-pack/plugins/siem/server/lib/timeline/routes/utils/export_timelines.ts b/x-pack/plugins/siem/server/lib/timeline/routes/utils/export_timelines.ts index edd4abe0d76b5..677891fa16c02 100644 --- a/x-pack/plugins/siem/server/lib/timeline/routes/utils/export_timelines.ts +++ b/x-pack/plugins/siem/server/lib/timeline/routes/utils/export_timelines.ts @@ -4,12 +4,6 @@ * you may not use this file except in compliance with the Elastic License. */ -import { set as _set } from 'lodash/fp'; -import { - noteSavedObjectType, - pinnedEventSavedObjectType, - timelineSavedObjectType, -} from '../../../../saved_objects'; import { NoteSavedObject } from '../../../note/types'; import { PinnedEventSavedObject } from '../../../pinned_event/types'; import { convertSavedObjectToSavedTimeline } from '../../convert_saved_object_to_savedtimeline'; @@ -30,6 +24,9 @@ import { TimelineSavedObject, } from '../../types'; import { transformDataToNdjson } from '../../../../utils/read_stream/create_stream_from_ndjson'; +import { pinnedEventSavedObjectType } from '../../../pinned_event/saved_object_mappings'; +import { noteSavedObjectType } from '../../../note/saved_object_mappings'; +import { timelineSavedObjectType } from '../../saved_object_mappings'; export type TimelineSavedObjectsClient = Pick< SavedObjectsClient, diff --git a/x-pack/plugins/siem/server/lib/timeline/saved_object_mappings.ts b/x-pack/plugins/siem/server/lib/timeline/saved_object_mappings.ts index 8fc12fd56a8f6..f7e7a4a43e863 100644 --- a/x-pack/plugins/siem/server/lib/timeline/saved_object_mappings.ts +++ b/x-pack/plugins/siem/server/lib/timeline/saved_object_mappings.ts @@ -4,272 +4,265 @@ * you may not use this file except in compliance with the Elastic License. */ -import { ElasticsearchMappingOf } from '../../utils/typed_elasticsearch_mappings'; -import { SavedTimeline } from './types'; - export const timelineSavedObjectType = 'siem-ui-timeline'; -export const timelineSavedObjectMappings: { - [timelineSavedObjectType]: ElasticsearchMappingOf; -} = { - [timelineSavedObjectType]: { - properties: { - columns: { - properties: { - aggregatable: { - type: 'boolean', - }, - category: { - type: 'keyword', - }, - columnHeaderType: { - type: 'keyword', - }, - description: { - type: 'text', - }, - example: { - type: 'text', - }, - indexes: { - type: 'keyword', - }, - id: { - type: 'keyword', - }, - name: { - type: 'text', - }, - placeholder: { - type: 'text', - }, - searchable: { - type: 'boolean', - }, - type: { - type: 'keyword', - }, +export const timelineSavedObjectMappings = { + properties: { + columns: { + properties: { + aggregatable: { + type: 'boolean', + }, + category: { + type: 'keyword', + }, + columnHeaderType: { + type: 'keyword', + }, + description: { + type: 'text', + }, + example: { + type: 'text', + }, + indexes: { + type: 'keyword', + }, + id: { + type: 'keyword', + }, + name: { + type: 'text', + }, + placeholder: { + type: 'text', + }, + searchable: { + type: 'boolean', + }, + type: { + type: 'keyword', }, }, - dataProviders: { - properties: { - id: { - type: 'keyword', - }, - name: { - type: 'text', - }, - enabled: { - type: 'boolean', - }, - excluded: { - type: 'boolean', - }, - kqlQuery: { - type: 'text', - }, - queryMatch: { - properties: { - field: { - type: 'text', - }, - displayField: { - type: 'text', - }, - value: { - type: 'text', - }, - displayValue: { - type: 'text', - }, - operator: { - type: 'text', - }, + }, + dataProviders: { + properties: { + id: { + type: 'keyword', + }, + name: { + type: 'text', + }, + enabled: { + type: 'boolean', + }, + excluded: { + type: 'boolean', + }, + kqlQuery: { + type: 'text', + }, + queryMatch: { + properties: { + field: { + type: 'text', + }, + displayField: { + type: 'text', + }, + value: { + type: 'text', + }, + displayValue: { + type: 'text', + }, + operator: { + type: 'text', }, }, - and: { - properties: { - id: { - type: 'keyword', - }, - name: { - type: 'text', - }, - enabled: { - type: 'boolean', - }, - excluded: { - type: 'boolean', - }, - kqlQuery: { - type: 'text', - }, - queryMatch: { - properties: { - field: { - type: 'text', - }, - displayField: { - type: 'text', - }, - value: { - type: 'text', - }, - displayValue: { - type: 'text', - }, - operator: { - type: 'text', - }, + }, + and: { + properties: { + id: { + type: 'keyword', + }, + name: { + type: 'text', + }, + enabled: { + type: 'boolean', + }, + excluded: { + type: 'boolean', + }, + kqlQuery: { + type: 'text', + }, + queryMatch: { + properties: { + field: { + type: 'text', + }, + displayField: { + type: 'text', + }, + value: { + type: 'text', + }, + displayValue: { + type: 'text', + }, + operator: { + type: 'text', }, }, }, }, }, }, - description: { - type: 'text', - }, - eventType: { - type: 'keyword', - }, - favorite: { - properties: { - keySearch: { - type: 'text', - }, - fullName: { - type: 'text', - }, - userName: { - type: 'text', - }, - favoriteDate: { - type: 'date', - }, + }, + description: { + type: 'text', + }, + eventType: { + type: 'keyword', + }, + favorite: { + properties: { + keySearch: { + type: 'text', + }, + fullName: { + type: 'text', + }, + userName: { + type: 'text', + }, + favoriteDate: { + type: 'date', }, }, - filters: { - properties: { - meta: { - properties: { - alias: { - type: 'text', - }, - controlledBy: { - type: 'text', - }, - disabled: { - type: 'boolean', - }, - field: { - type: 'text', - }, - formattedValue: { - type: 'text', - }, - index: { - type: 'keyword', - }, - key: { - type: 'keyword', - }, - negate: { - type: 'boolean', - }, - params: { - type: 'text', - }, - type: { - type: 'keyword', - }, - value: { - type: 'text', - }, + }, + filters: { + properties: { + meta: { + properties: { + alias: { + type: 'text', + }, + controlledBy: { + type: 'text', + }, + disabled: { + type: 'boolean', + }, + field: { + type: 'text', + }, + formattedValue: { + type: 'text', + }, + index: { + type: 'keyword', + }, + key: { + type: 'keyword', + }, + negate: { + type: 'boolean', + }, + params: { + type: 'text', + }, + type: { + type: 'keyword', + }, + value: { + type: 'text', }, - }, - exists: { - type: 'text', - }, - match_all: { - type: 'text', - }, - missing: { - type: 'text', - }, - query: { - type: 'text', - }, - range: { - type: 'text', - }, - script: { - type: 'text', }, }, + exists: { + type: 'text', + }, + match_all: { + type: 'text', + }, + missing: { + type: 'text', + }, + query: { + type: 'text', + }, + range: { + type: 'text', + }, + script: { + type: 'text', + }, }, - kqlMode: { - type: 'keyword', - }, - kqlQuery: { - properties: { - filterQuery: { - properties: { - kuery: { - properties: { - kind: { - type: 'keyword', - }, - expression: { - type: 'text', - }, + }, + kqlMode: { + type: 'keyword', + }, + kqlQuery: { + properties: { + filterQuery: { + properties: { + kuery: { + properties: { + kind: { + type: 'keyword', + }, + expression: { + type: 'text', }, }, - serializedQuery: { - type: 'text', - }, + }, + serializedQuery: { + type: 'text', }, }, }, }, - title: { - type: 'text', - }, - dateRange: { - properties: { - start: { - type: 'date', - }, - end: { - type: 'date', - }, + }, + title: { + type: 'text', + }, + dateRange: { + properties: { + start: { + type: 'date', }, - }, - savedQueryId: { - type: 'keyword', - }, - sort: { - properties: { - columnId: { - type: 'keyword', - }, - sortDirection: { - type: 'keyword', - }, + end: { + type: 'date', }, }, - created: { - type: 'date', - }, - createdBy: { - type: 'text', - }, - updated: { - type: 'date', - }, - updatedBy: { - type: 'text', + }, + savedQueryId: { + type: 'keyword', + }, + sort: { + properties: { + columnId: { + type: 'keyword', + }, + sortDirection: { + type: 'keyword', + }, }, }, + created: { + type: 'date', + }, + createdBy: { + type: 'text', + }, + updated: { + type: 'date', + }, + updatedBy: { + type: 'text', + }, }, }; diff --git a/x-pack/plugins/siem/server/plugin.ts b/x-pack/plugins/siem/server/plugin.ts index b9ec1c2e92438..69638fe2b2e55 100644 --- a/x-pack/plugins/siem/server/plugin.ts +++ b/x-pack/plugins/siem/server/plugin.ts @@ -39,6 +39,7 @@ import { timelineSavedObjectType, ruleStatusSavedObjectType, ruleActionsSavedObjectType, + initSavedObjects, } from './saved_objects'; import { SiemClientFactory } from './client'; import { createConfig$, ConfigType } from './config'; @@ -86,6 +87,8 @@ export class Plugin { ); } + initSavedObjects(core.savedObjects); + const router = core.http.createRouter(); core.http.registerRouteHandlerContext(this.name, (context, request, response) => ({ getSiemClient: () => this.siemClientFactory.create(request), diff --git a/x-pack/plugins/siem/server/saved_objects.ts b/x-pack/plugins/siem/server/saved_objects.ts index 7b097eefedb46..4301d757beedc 100644 --- a/x-pack/plugins/siem/server/saved_objects.ts +++ b/x-pack/plugins/siem/server/saved_objects.ts @@ -4,6 +4,8 @@ * you may not use this file except in compliance with the Elastic License. */ +import { CoreSetup } from '../../../../src/core/server'; + import { noteSavedObjectType, noteSavedObjectMappings } from './lib/note/saved_object_mappings'; import { pinnedEventSavedObjectType, @@ -14,8 +16,8 @@ import { timelineSavedObjectMappings, } from './lib/timeline/saved_object_mappings'; import { - ruleStatusSavedObjectMappings, ruleStatusSavedObjectType, + ruleStatusSavedObjectMappings, } from './lib/detection_engine/rules/saved_object_mappings'; import { ruleActionsSavedObjectMappings, @@ -29,10 +31,40 @@ export { ruleActionsSavedObjectType, timelineSavedObjectType, }; -export const savedObjectMappings = { - ...timelineSavedObjectMappings, - ...noteSavedObjectMappings, - ...pinnedEventSavedObjectMappings, - ...ruleStatusSavedObjectMappings, - ...ruleActionsSavedObjectMappings, + +export const initSavedObjects = (savedObjects: CoreSetup['savedObjects']) => { + savedObjects.registerType({ + name: pinnedEventSavedObjectType, + hidden: false, + namespaceType: 'single', + mappings: pinnedEventSavedObjectMappings, + }); + + savedObjects.registerType({ + name: noteSavedObjectType, + hidden: false, + namespaceType: 'single', + mappings: noteSavedObjectMappings, + }); + + savedObjects.registerType({ + name: ruleStatusSavedObjectType, + hidden: false, + namespaceType: 'single', + mappings: ruleStatusSavedObjectMappings, + }); + + savedObjects.registerType({ + name: ruleActionsSavedObjectType, + hidden: false, + namespaceType: 'single', + mappings: ruleActionsSavedObjectMappings, + }); + + savedObjects.registerType({ + name: timelineSavedObjectType, + hidden: false, + namespaceType: 'single', + mappings: timelineSavedObjectMappings, + }); }; From 080814417c6875de6a29199264e6273a36ba0b4c Mon Sep 17 00:00:00 2001 From: Ryland Herrick Date: Mon, 20 Apr 2020 18:50:57 -0500 Subject: [PATCH 2/3] Moves new SO definitions into corresponding folders This way our top-level file still acts as the index, but these are more/less unconnected if/when we split these out into separate applications. --- .../rule_actions/saved_object_mappings.ts | 9 +++ .../rules/saved_object_mappings.ts | 9 +++ .../server/lib/note/saved_object_mappings.ts | 9 +++ .../lib/pinned_event/saved_object_mappings.ts | 9 +++ .../lib/timeline/saved_object_mappings.ts | 9 +++ x-pack/plugins/siem/server/plugin.ts | 21 +----- x-pack/plugins/siem/server/saved_objects.ts | 67 +++---------------- 7 files changed, 57 insertions(+), 76 deletions(-) diff --git a/x-pack/plugins/siem/server/lib/detection_engine/rule_actions/saved_object_mappings.ts b/x-pack/plugins/siem/server/lib/detection_engine/rule_actions/saved_object_mappings.ts index 6d33ffc652ee7..d50c339c95266 100644 --- a/x-pack/plugins/siem/server/lib/detection_engine/rule_actions/saved_object_mappings.ts +++ b/x-pack/plugins/siem/server/lib/detection_engine/rule_actions/saved_object_mappings.ts @@ -4,6 +4,8 @@ * you may not use this file except in compliance with the Elastic License. */ +import { SavedObjectsType } from '../../../../../../../src/core/server'; + export const ruleActionsSavedObjectType = 'siem-detection-engine-rule-actions'; export const ruleActionsSavedObjectMappings = { @@ -37,3 +39,10 @@ export const ruleActionsSavedObjectMappings = { }, }, }; + +export const type: SavedObjectsType = { + name: ruleActionsSavedObjectType, + hidden: false, + namespaceType: 'single', + mappings: ruleActionsSavedObjectMappings, +}; diff --git a/x-pack/plugins/siem/server/lib/detection_engine/rules/saved_object_mappings.ts b/x-pack/plugins/siem/server/lib/detection_engine/rules/saved_object_mappings.ts index 5ebe0024d5d47..2dcc90240ad40 100644 --- a/x-pack/plugins/siem/server/lib/detection_engine/rules/saved_object_mappings.ts +++ b/x-pack/plugins/siem/server/lib/detection_engine/rules/saved_object_mappings.ts @@ -4,6 +4,8 @@ * you may not use this file except in compliance with the Elastic License. */ +import { SavedObjectsType } from '../../../../../../../src/core/server'; + export const ruleStatusSavedObjectType = 'siem-detection-engine-rule-status'; export const ruleStatusSavedObjectMappings = { @@ -43,3 +45,10 @@ export const ruleStatusSavedObjectMappings = { }, }, }; + +export const type: SavedObjectsType = { + name: ruleStatusSavedObjectType, + hidden: false, + namespaceType: 'single', + mappings: ruleStatusSavedObjectMappings, +}; diff --git a/x-pack/plugins/siem/server/lib/note/saved_object_mappings.ts b/x-pack/plugins/siem/server/lib/note/saved_object_mappings.ts index 47f0fbbb3bb83..0f079571b868b 100644 --- a/x-pack/plugins/siem/server/lib/note/saved_object_mappings.ts +++ b/x-pack/plugins/siem/server/lib/note/saved_object_mappings.ts @@ -4,6 +4,8 @@ * you may not use this file except in compliance with the Elastic License. */ +import { SavedObjectsType } from '../../../../../../src/core/server'; + export const noteSavedObjectType = 'siem-ui-timeline-note'; export const noteSavedObjectMappings = { @@ -31,3 +33,10 @@ export const noteSavedObjectMappings = { }, }, }; + +export const type: SavedObjectsType = { + name: noteSavedObjectType, + hidden: false, + namespaceType: 'single', + mappings: noteSavedObjectMappings, +}; diff --git a/x-pack/plugins/siem/server/lib/pinned_event/saved_object_mappings.ts b/x-pack/plugins/siem/server/lib/pinned_event/saved_object_mappings.ts index e865152026ed6..1a4cd3fce575d 100644 --- a/x-pack/plugins/siem/server/lib/pinned_event/saved_object_mappings.ts +++ b/x-pack/plugins/siem/server/lib/pinned_event/saved_object_mappings.ts @@ -4,6 +4,8 @@ * you may not use this file except in compliance with the Elastic License. */ +import { SavedObjectsType } from '../../../../../../src/core/server'; + export const pinnedEventSavedObjectType = 'siem-ui-timeline-pinned-event'; export const pinnedEventSavedObjectMappings = { @@ -28,3 +30,10 @@ export const pinnedEventSavedObjectMappings = { }, }, }; + +export const type: SavedObjectsType = { + name: pinnedEventSavedObjectType, + hidden: false, + namespaceType: 'single', + mappings: pinnedEventSavedObjectMappings, +}; diff --git a/x-pack/plugins/siem/server/lib/timeline/saved_object_mappings.ts b/x-pack/plugins/siem/server/lib/timeline/saved_object_mappings.ts index f7e7a4a43e863..b956e0f98fcb6 100644 --- a/x-pack/plugins/siem/server/lib/timeline/saved_object_mappings.ts +++ b/x-pack/plugins/siem/server/lib/timeline/saved_object_mappings.ts @@ -4,6 +4,8 @@ * you may not use this file except in compliance with the Elastic License. */ +import { SavedObjectsType } from '../../../../../../src/core/server'; + export const timelineSavedObjectType = 'siem-ui-timeline'; export const timelineSavedObjectMappings = { @@ -266,3 +268,10 @@ export const timelineSavedObjectMappings = { }, }, }; + +export const type: SavedObjectsType = { + name: timelineSavedObjectType, + hidden: false, + namespaceType: 'single', + mappings: timelineSavedObjectMappings, +}; diff --git a/x-pack/plugins/siem/server/plugin.ts b/x-pack/plugins/siem/server/plugin.ts index 69638fe2b2e55..73c75de379f93 100644 --- a/x-pack/plugins/siem/server/plugin.ts +++ b/x-pack/plugins/siem/server/plugin.ts @@ -33,14 +33,7 @@ import { signalRulesAlertType } from './lib/detection_engine/signals/signal_rule import { rulesNotificationAlertType } from './lib/detection_engine/notifications/rules_notification_alert_type'; import { isNotificationAlertExecutor } from './lib/detection_engine/notifications/types'; import { hasListsFeature, listsEnvFeatureFlagName } from './lib/detection_engine/feature_flags'; -import { - noteSavedObjectType, - pinnedEventSavedObjectType, - timelineSavedObjectType, - ruleStatusSavedObjectType, - ruleActionsSavedObjectType, - initSavedObjects, -} from './saved_objects'; +import { initSavedObjects, savedObjectTypes } from './saved_objects'; import { SiemClientFactory } from './client'; import { createConfig$, ConfigType } from './config'; @@ -128,15 +121,11 @@ export class Plugin { 'alert', 'action', 'action_task_params', - noteSavedObjectType, - pinnedEventSavedObjectType, - timelineSavedObjectType, - ruleStatusSavedObjectType, - ruleActionsSavedObjectType, 'cases', 'cases-comments', 'cases-configure', 'cases-user-actions', + ...savedObjectTypes, ], read: ['config'], }, @@ -159,15 +148,11 @@ export class Plugin { all: ['alert', 'action', 'action_task_params'], read: [ 'config', - noteSavedObjectType, - pinnedEventSavedObjectType, - timelineSavedObjectType, - ruleStatusSavedObjectType, - ruleActionsSavedObjectType, 'cases', 'cases-comments', 'cases-configure', 'cases-user-actions', + ...savedObjectTypes, ], }, ui: [ diff --git a/x-pack/plugins/siem/server/saved_objects.ts b/x-pack/plugins/siem/server/saved_objects.ts index 4301d757beedc..66a470099d649 100644 --- a/x-pack/plugins/siem/server/saved_objects.ts +++ b/x-pack/plugins/siem/server/saved_objects.ts @@ -6,65 +6,16 @@ import { CoreSetup } from '../../../../src/core/server'; -import { noteSavedObjectType, noteSavedObjectMappings } from './lib/note/saved_object_mappings'; -import { - pinnedEventSavedObjectType, - pinnedEventSavedObjectMappings, -} from './lib/pinned_event/saved_object_mappings'; -import { - timelineSavedObjectType, - timelineSavedObjectMappings, -} from './lib/timeline/saved_object_mappings'; -import { - ruleStatusSavedObjectType, - ruleStatusSavedObjectMappings, -} from './lib/detection_engine/rules/saved_object_mappings'; -import { - ruleActionsSavedObjectMappings, - ruleActionsSavedObjectType, -} from './lib/detection_engine/rule_actions/saved_object_mappings'; +import { type as noteType } from './lib/note/saved_object_mappings'; +import { type as pinnedEventType } from './lib/pinned_event/saved_object_mappings'; +import { type as timelineType } from './lib/timeline/saved_object_mappings'; +import { type as ruleStatusType } from './lib/detection_engine/rules/saved_object_mappings'; +import { type as ruleActionsType } from './lib/detection_engine/rule_actions/saved_object_mappings'; -export { - noteSavedObjectType, - pinnedEventSavedObjectType, - ruleStatusSavedObjectType, - ruleActionsSavedObjectType, - timelineSavedObjectType, -}; - -export const initSavedObjects = (savedObjects: CoreSetup['savedObjects']) => { - savedObjects.registerType({ - name: pinnedEventSavedObjectType, - hidden: false, - namespaceType: 'single', - mappings: pinnedEventSavedObjectMappings, - }); +const types = [noteType, pinnedEventType, ruleActionsType, ruleStatusType, timelineType]; - savedObjects.registerType({ - name: noteSavedObjectType, - hidden: false, - namespaceType: 'single', - mappings: noteSavedObjectMappings, - }); +export const savedObjectTypes = types.map(type => type.name); - savedObjects.registerType({ - name: ruleStatusSavedObjectType, - hidden: false, - namespaceType: 'single', - mappings: ruleStatusSavedObjectMappings, - }); - - savedObjects.registerType({ - name: ruleActionsSavedObjectType, - hidden: false, - namespaceType: 'single', - mappings: ruleActionsSavedObjectMappings, - }); - - savedObjects.registerType({ - name: timelineSavedObjectType, - hidden: false, - namespaceType: 'single', - mappings: timelineSavedObjectMappings, - }); +export const initSavedObjects = (savedObjects: CoreSetup['savedObjects']) => { + types.forEach(type => savedObjects.registerType(type)); }; From 6d600cbc443df9222efc88bc71767e3f403e859f Mon Sep 17 00:00:00 2001 From: Ryland Herrick Date: Mon, 20 Apr 2020 19:20:49 -0500 Subject: [PATCH 3/3] Replace raw SO updates with our ruleStatusSavedObjectsClient This mainly consolidates the SO type name and the attributes type to a single file so that we don't have to import both any time we want to work with RuleStatus SavedObjects. --- .../routes/rules/create_rules_route.ts | 8 ++---- .../routes/rules/delete_rules_bulk_route.ts | 18 ++++-------- .../routes/rules/delete_rules_route.ts | 17 ++++------- .../routes/rules/find_rules_route.ts | 13 +++------ .../routes/rules/find_rules_status_route.ts | 9 ++---- .../routes/rules/patch_rules_bulk_route.ts | 13 +++------ .../routes/rules/patch_rules_route.ts | 13 +++------ .../routes/rules/read_rules_route.ts | 13 +++------ .../routes/rules/update_rules_bulk_route.ts | 13 +++------ .../routes/rules/update_rules_route.ts | 13 +++------ .../lib/detection_engine/rules/patch_rules.ts | 28 +++++++++---------- .../detection_engine/rules/update_rules.ts | 28 +++++++++---------- 12 files changed, 68 insertions(+), 118 deletions(-) diff --git a/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/create_rules_route.ts b/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/create_rules_route.ts index 1f0896686aca0..01d63ed285646 100644 --- a/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/create_rules_route.ts +++ b/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/create_rules_route.ts @@ -9,10 +9,8 @@ import uuid from 'uuid'; import { IRouter } from '../../../../../../../../src/core/server'; import { DETECTION_ENGINE_RULES_URL } from '../../../../../common/constants'; import { createRules } from '../../rules/create_rules'; -import { IRuleSavedAttributesSavedObjectAttributes } from '../../rules/types'; import { readRules } from '../../rules/read_rules'; import { RuleAlertParamsRest } from '../../types'; -import { ruleStatusSavedObjectType } from '../../rules/saved_object_mappings'; import { transformValidate } from './validate'; import { getIndexExists } from '../../index/get_index_exists'; import { createRulesSchema } from '../schemas/create_rules_schema'; @@ -23,6 +21,7 @@ import { validateLicenseForRuleType, } from '../utils'; import { updateRulesNotifications } from '../../rules/update_rules_notifications'; +import { ruleStatusSavedObjectsClientFactory } from '../../signals/rule_status_saved_objects_client'; export const createRulesRoute = (router: IRouter): void => { router.post( @@ -145,10 +144,7 @@ export const createRulesRoute = (router: IRouter): void => { name, }); - const ruleStatuses = await savedObjectsClient.find< - IRuleSavedAttributesSavedObjectAttributes - >({ - type: ruleStatusSavedObjectType, + const ruleStatuses = await ruleStatusSavedObjectsClientFactory(savedObjectsClient).find({ perPage: 1, sortField: 'statusDate', sortOrder: 'desc', diff --git a/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/delete_rules_bulk_route.ts b/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/delete_rules_bulk_route.ts index 38748e287ab45..b35ba27ef3561 100644 --- a/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/delete_rules_bulk_route.ts +++ b/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/delete_rules_bulk_route.ts @@ -11,14 +11,11 @@ import { rulesBulkSchema } from '../schemas/response/rules_bulk_schema'; import { getIdBulkError } from './utils'; import { transformValidateBulkError, validate } from './validate'; import { transformBulkError, buildRouteValidation, buildSiemResponse } from '../utils'; -import { - IRuleSavedAttributesSavedObjectAttributes, - DeleteRulesRequestParams, -} from '../../rules/types'; +import { DeleteRulesRequestParams } from '../../rules/types'; import { deleteRules } from '../../rules/delete_rules'; import { deleteNotifications } from '../../notifications/delete_notifications'; -import { ruleStatusSavedObjectType } from '../../rules/saved_object_mappings'; import { deleteRuleActionsSavedObject } from '../../rule_actions/delete_rule_actions_saved_object'; +import { ruleStatusSavedObjectsClientFactory } from '../../signals/rule_status_saved_objects_client'; type Config = RouteConfig; type Handler = RequestHandler; @@ -44,6 +41,8 @@ export const deleteRulesBulkRoute = (router: IRouter) => { return siemResponse.error({ statusCode: 404 }); } + const ruleStatusClient = ruleStatusSavedObjectsClientFactory(savedObjectsClient); + const rules = await Promise.all( request.body.map(async payloadRule => { const { id, rule_id: ruleId } = payloadRule; @@ -61,17 +60,12 @@ export const deleteRulesBulkRoute = (router: IRouter) => { ruleAlertId: rule.id, savedObjectsClient, }); - const ruleStatuses = await savedObjectsClient.find< - IRuleSavedAttributesSavedObjectAttributes - >({ - type: ruleStatusSavedObjectType, + const ruleStatuses = await ruleStatusClient.find({ perPage: 6, search: rule.id, searchFields: ['alertId'], }); - ruleStatuses.saved_objects.forEach(async obj => - savedObjectsClient.delete(ruleStatusSavedObjectType, obj.id) - ); + ruleStatuses.saved_objects.forEach(async obj => ruleStatusClient.delete(obj.id)); return transformValidateBulkError(idOrRuleIdOrUnknown, rule, undefined, ruleStatuses); } else { return getIdBulkError({ id, ruleId }); diff --git a/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/delete_rules_route.ts b/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/delete_rules_route.ts index 098d556741fed..2288633ee8d2e 100644 --- a/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/delete_rules_route.ts +++ b/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/delete_rules_route.ts @@ -11,13 +11,10 @@ import { queryRulesSchema } from '../schemas/query_rules_schema'; import { getIdError } from './utils'; import { transformValidate } from './validate'; import { buildRouteValidation, transformError, buildSiemResponse } from '../utils'; -import { - DeleteRuleRequestParams, - IRuleSavedAttributesSavedObjectAttributes, -} from '../../rules/types'; -import { ruleStatusSavedObjectType } from '../../rules/saved_object_mappings'; +import { DeleteRuleRequestParams } from '../../rules/types'; import { deleteNotifications } from '../../notifications/delete_notifications'; import { deleteRuleActionsSavedObject } from '../../rule_actions/delete_rule_actions_saved_object'; +import { ruleStatusSavedObjectsClientFactory } from '../../signals/rule_status_saved_objects_client'; export const deleteRulesRoute = (router: IRouter) => { router.delete( @@ -44,6 +41,7 @@ export const deleteRulesRoute = (router: IRouter) => { return siemResponse.error({ statusCode: 404 }); } + const ruleStatusClient = ruleStatusSavedObjectsClientFactory(savedObjectsClient); const rule = await deleteRules({ actionsClient, alertsClient, @@ -56,17 +54,12 @@ export const deleteRulesRoute = (router: IRouter) => { ruleAlertId: rule.id, savedObjectsClient, }); - const ruleStatuses = await savedObjectsClient.find< - IRuleSavedAttributesSavedObjectAttributes - >({ - type: ruleStatusSavedObjectType, + const ruleStatuses = await ruleStatusClient.find({ perPage: 6, search: rule.id, searchFields: ['alertId'], }); - ruleStatuses.saved_objects.forEach(async obj => - savedObjectsClient.delete(ruleStatusSavedObjectType, obj.id) - ); + ruleStatuses.saved_objects.forEach(async obj => ruleStatusClient.delete(obj.id)); const [validated, errors] = transformValidate( rule, undefined, diff --git a/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/find_rules_route.ts b/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/find_rules_route.ts index 9661fac81497c..f293b9e64a316 100644 --- a/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/find_rules_route.ts +++ b/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/find_rules_route.ts @@ -7,15 +7,12 @@ import { IRouter } from '../../../../../../../../src/core/server'; import { DETECTION_ENGINE_RULES_URL } from '../../../../../common/constants'; import { findRules } from '../../rules/find_rules'; -import { - FindRulesRequestParams, - IRuleSavedAttributesSavedObjectAttributes, -} from '../../rules/types'; +import { FindRulesRequestParams } from '../../rules/types'; import { findRulesSchema } from '../schemas/find_rules_schema'; import { transformValidateFindAlerts } from './validate'; import { buildRouteValidation, transformError, buildSiemResponse } from '../utils'; -import { ruleStatusSavedObjectType } from '../../rules/saved_object_mappings'; import { getRuleActionsSavedObject } from '../../rule_actions/get_rule_actions_saved_object'; +import { ruleStatusSavedObjectsClientFactory } from '../../signals/rule_status_saved_objects_client'; export const findRulesRoute = (router: IRouter) => { router.get( @@ -40,6 +37,7 @@ export const findRulesRoute = (router: IRouter) => { return siemResponse.error({ statusCode: 404 }); } + const ruleStatusClient = ruleStatusSavedObjectsClientFactory(savedObjectsClient); const rules = await findRules({ alertsClient, perPage: query.per_page, @@ -50,10 +48,7 @@ export const findRulesRoute = (router: IRouter) => { }); const ruleStatuses = await Promise.all( rules.data.map(async rule => { - const results = await savedObjectsClient.find< - IRuleSavedAttributesSavedObjectAttributes - >({ - type: ruleStatusSavedObjectType, + const results = await ruleStatusClient.find({ perPage: 1, sortField: 'statusDate', sortOrder: 'desc', diff --git a/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/find_rules_status_route.ts b/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/find_rules_status_route.ts index 6b54a25a1b1c4..8e35fecf6a652 100644 --- a/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/find_rules_status_route.ts +++ b/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/find_rules_status_route.ts @@ -9,17 +9,16 @@ import { DETECTION_ENGINE_RULES_URL } from '../../../../../common/constants'; import { findRulesStatusesSchema } from '../schemas/find_rules_statuses_schema'; import { FindRulesStatusesRequestParams, - IRuleSavedAttributesSavedObjectAttributes, RuleStatusResponse, IRuleStatusAttributes, } from '../../rules/types'; -import { ruleStatusSavedObjectType } from '../../rules/saved_object_mappings'; import { buildRouteValidation, transformError, convertToSnakeCase, buildSiemResponse, } from '../utils'; +import { ruleStatusSavedObjectsClientFactory } from '../../signals/rule_status_saved_objects_client'; export const findRulesStatusesRoute = (router: IRouter) => { router.post( @@ -50,12 +49,10 @@ export const findRulesStatusesRoute = (router: IRouter) => { } */ try { + const ruleStatusClient = ruleStatusSavedObjectsClientFactory(savedObjectsClient); const statuses = await body.ids.reduce>( async (acc, id) => { - const lastFiveErrorsForId = await savedObjectsClient.find< - IRuleSavedAttributesSavedObjectAttributes - >({ - type: ruleStatusSavedObjectType, + const lastFiveErrorsForId = await ruleStatusClient.find({ perPage: 6, sortField: 'statusDate', sortOrder: 'desc', diff --git a/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_bulk_route.ts b/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_bulk_route.ts index e4236f4632dcd..534253db65d78 100644 --- a/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_bulk_route.ts +++ b/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_bulk_route.ts @@ -6,10 +6,7 @@ import { IRouter } from '../../../../../../../../src/core/server'; import { DETECTION_ENGINE_RULES_URL } from '../../../../../common/constants'; -import { - IRuleSavedAttributesSavedObjectAttributes, - PatchRuleAlertParamsRest, -} from '../../rules/types'; +import { PatchRuleAlertParamsRest } from '../../rules/types'; import { transformBulkError, buildRouteValidation, @@ -21,8 +18,8 @@ import { transformValidateBulkError, validate } from './validate'; import { patchRulesBulkSchema } from '../schemas/patch_rules_bulk_schema'; import { rulesBulkSchema } from '../schemas/response/rules_bulk_schema'; import { patchRules } from '../../rules/patch_rules'; -import { ruleStatusSavedObjectType } from '../../rules/saved_object_mappings'; import { updateRulesNotifications } from '../../rules/update_rules_notifications'; +import { ruleStatusSavedObjectsClientFactory } from '../../signals/rule_status_saved_objects_client'; export const patchRulesBulkRoute = (router: IRouter) => { router.patch( @@ -46,6 +43,7 @@ export const patchRulesBulkRoute = (router: IRouter) => { return siemResponse.error({ statusCode: 404 }); } + const ruleStatusClient = ruleStatusSavedObjectsClientFactory(savedObjectsClient); const rules = await Promise.all( request.body.map(async payloadRule => { const { @@ -131,10 +129,7 @@ export const patchRulesBulkRoute = (router: IRouter) => { throttle, name: rule.name, }); - const ruleStatuses = await savedObjectsClient.find< - IRuleSavedAttributesSavedObjectAttributes - >({ - type: ruleStatusSavedObjectType, + const ruleStatuses = await ruleStatusClient.find({ perPage: 1, sortField: 'statusDate', sortOrder: 'desc', diff --git a/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_route.ts b/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_route.ts index 23469144e11f8..f7932cb016ba7 100644 --- a/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_route.ts +++ b/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_route.ts @@ -7,10 +7,7 @@ import { IRouter } from '../../../../../../../../src/core/server'; import { DETECTION_ENGINE_RULES_URL } from '../../../../../common/constants'; import { patchRules } from '../../rules/patch_rules'; -import { - PatchRuleAlertParamsRest, - IRuleSavedAttributesSavedObjectAttributes, -} from '../../rules/types'; +import { PatchRuleAlertParamsRest } from '../../rules/types'; import { patchRulesSchema } from '../schemas/patch_rules_schema'; import { buildRouteValidation, @@ -20,8 +17,8 @@ import { } from '../utils'; import { getIdError } from './utils'; import { transformValidate } from './validate'; -import { ruleStatusSavedObjectType } from '../../rules/saved_object_mappings'; import { updateRulesNotifications } from '../../rules/update_rules_notifications'; +import { ruleStatusSavedObjectsClientFactory } from '../../signals/rule_status_saved_objects_client'; export const patchRulesRoute = (router: IRouter) => { router.patch( @@ -83,6 +80,7 @@ export const patchRulesRoute = (router: IRouter) => { return siemResponse.error({ statusCode: 404 }); } + const ruleStatusClient = ruleStatusSavedObjectsClientFactory(savedObjectsClient); const rule = await patchRules({ actionsClient, alertsClient, @@ -127,10 +125,7 @@ export const patchRulesRoute = (router: IRouter) => { throttle, name: rule.name, }); - const ruleStatuses = await savedObjectsClient.find< - IRuleSavedAttributesSavedObjectAttributes - >({ - type: ruleStatusSavedObjectType, + const ruleStatuses = await ruleStatusClient.find({ perPage: 1, sortField: 'statusDate', sortOrder: 'desc', diff --git a/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/read_rules_route.ts b/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/read_rules_route.ts index 4d23e0217f2e8..cedd7ccd1a411 100644 --- a/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/read_rules_route.ts +++ b/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/read_rules_route.ts @@ -11,12 +11,9 @@ import { transformValidate } from './validate'; import { buildRouteValidation, transformError, buildSiemResponse } from '../utils'; import { readRules } from '../../rules/read_rules'; import { queryRulesSchema } from '../schemas/query_rules_schema'; -import { - ReadRuleRequestParams, - IRuleSavedAttributesSavedObjectAttributes, -} from '../../rules/types'; -import { ruleStatusSavedObjectType } from '../../rules/saved_object_mappings'; +import { ReadRuleRequestParams } from '../../rules/types'; import { getRuleActionsSavedObject } from '../../rule_actions/get_rule_actions_saved_object'; +import { ruleStatusSavedObjectsClientFactory } from '../../signals/rule_status_saved_objects_client'; export const readRulesRoute = (router: IRouter) => { router.get( @@ -41,6 +38,7 @@ export const readRulesRoute = (router: IRouter) => { return siemResponse.error({ statusCode: 404 }); } + const ruleStatusClient = ruleStatusSavedObjectsClientFactory(savedObjectsClient); const rule = await readRules({ alertsClient, id, @@ -51,10 +49,7 @@ export const readRulesRoute = (router: IRouter) => { savedObjectsClient, ruleAlertId: rule.id, }); - const ruleStatuses = await savedObjectsClient.find< - IRuleSavedAttributesSavedObjectAttributes - >({ - type: ruleStatusSavedObjectType, + const ruleStatuses = await ruleStatusClient.find({ perPage: 1, sortField: 'statusDate', sortOrder: 'desc', diff --git a/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/update_rules_bulk_route.ts b/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/update_rules_bulk_route.ts index 6db91d74294fc..2bb27118690c4 100644 --- a/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/update_rules_bulk_route.ts +++ b/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/update_rules_bulk_route.ts @@ -6,10 +6,7 @@ import { IRouter } from '../../../../../../../../src/core/server'; import { DETECTION_ENGINE_RULES_URL } from '../../../../../common/constants'; -import { - IRuleSavedAttributesSavedObjectAttributes, - UpdateRuleAlertParamsRest, -} from '../../rules/types'; +import { UpdateRuleAlertParamsRest } from '../../rules/types'; import { getIdBulkError } from './utils'; import { transformValidateBulkError, validate } from './validate'; import { @@ -19,10 +16,10 @@ import { validateLicenseForRuleType, } from '../utils'; import { updateRulesBulkSchema } from '../schemas/update_rules_bulk_schema'; -import { ruleStatusSavedObjectType } from '../../rules/saved_object_mappings'; import { updateRules } from '../../rules/update_rules'; import { rulesBulkSchema } from '../schemas/response/rules_bulk_schema'; import { updateRulesNotifications } from '../../rules/update_rules_notifications'; +import { ruleStatusSavedObjectsClientFactory } from '../../signals/rule_status_saved_objects_client'; export const updateRulesBulkRoute = (router: IRouter) => { router.put( @@ -47,6 +44,7 @@ export const updateRulesBulkRoute = (router: IRouter) => { return siemResponse.error({ statusCode: 404 }); } + const ruleStatusClient = ruleStatusSavedObjectsClientFactory(savedObjectsClient); const rules = await Promise.all( request.body.map(async payloadRule => { const { @@ -134,10 +132,7 @@ export const updateRulesBulkRoute = (router: IRouter) => { throttle, name, }); - const ruleStatuses = await savedObjectsClient.find< - IRuleSavedAttributesSavedObjectAttributes - >({ - type: ruleStatusSavedObjectType, + const ruleStatuses = await ruleStatusClient.find({ perPage: 1, sortField: 'statusDate', sortOrder: 'desc', diff --git a/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/update_rules_route.ts b/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/update_rules_route.ts index 7dbbe5a22ab46..ce2cb708d4600 100644 --- a/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/update_rules_route.ts +++ b/x-pack/plugins/siem/server/lib/detection_engine/routes/rules/update_rules_route.ts @@ -6,10 +6,7 @@ import { IRouter } from '../../../../../../../../src/core/server'; import { DETECTION_ENGINE_RULES_URL } from '../../../../../common/constants'; -import { - UpdateRuleAlertParamsRest, - IRuleSavedAttributesSavedObjectAttributes, -} from '../../rules/types'; +import { UpdateRuleAlertParamsRest } from '../../rules/types'; import { updateRulesSchema } from '../schemas/update_rules_schema'; import { buildRouteValidation, @@ -19,9 +16,9 @@ import { } from '../utils'; import { getIdError } from './utils'; import { transformValidate } from './validate'; -import { ruleStatusSavedObjectType } from '../../rules/saved_object_mappings'; import { updateRules } from '../../rules/update_rules'; import { updateRulesNotifications } from '../../rules/update_rules_notifications'; +import { ruleStatusSavedObjectsClientFactory } from '../../signals/rule_status_saved_objects_client'; export const updateRulesRoute = (router: IRouter) => { router.put( @@ -78,6 +75,7 @@ export const updateRulesRoute = (router: IRouter) => { const actionsClient = context.actions?.getActionsClient(); const savedObjectsClient = context.core.savedObjects.client; const siemClient = context.siem?.getSiemClient(); + const ruleStatusClient = ruleStatusSavedObjectsClientFactory(savedObjectsClient); if (!siemClient || !actionsClient || !alertsClient) { return siemResponse.error({ statusCode: 404 }); @@ -131,10 +129,7 @@ export const updateRulesRoute = (router: IRouter) => { throttle, name, }); - const ruleStatuses = await savedObjectsClient.find< - IRuleSavedAttributesSavedObjectAttributes - >({ - type: ruleStatusSavedObjectType, + const ruleStatuses = await ruleStatusClient.find({ perPage: 1, sortField: 'statusDate', sortOrder: 'desc', diff --git a/x-pack/plugins/siem/server/lib/detection_engine/rules/patch_rules.ts b/x-pack/plugins/siem/server/lib/detection_engine/rules/patch_rules.ts index c23f539b58160..85b13ed9cf4ed 100644 --- a/x-pack/plugins/siem/server/lib/detection_engine/rules/patch_rules.ts +++ b/x-pack/plugins/siem/server/lib/detection_engine/rules/patch_rules.ts @@ -7,10 +7,10 @@ import { defaults } from 'lodash/fp'; import { PartialAlert } from '../../../../../alerting/server'; import { readRules } from './read_rules'; -import { PatchRuleParams, IRuleSavedAttributesSavedObjectAttributes } from './types'; +import { PatchRuleParams } from './types'; import { addTags } from './add_tags'; -import { ruleStatusSavedObjectType } from './saved_object_mappings'; import { calculateVersion, calculateName, calculateInterval } from './utils'; +import { ruleStatusSavedObjectsClientFactory } from '../signals/rule_status_saved_objects_client'; export const patchRules = async ({ alertsClient, @@ -134,22 +134,22 @@ export const patchRules = async ({ await alertsClient.disable({ id: rule.id }); } else if (!rule.enabled && enabled === true) { await alertsClient.enable({ id: rule.id }); - const ruleCurrentStatus = savedObjectsClient - ? await savedObjectsClient.find({ - type: ruleStatusSavedObjectType, - perPage: 1, - sortField: 'statusDate', - sortOrder: 'desc', - search: rule.id, - searchFields: ['alertId'], - }) - : null; + + const ruleStatusClient = ruleStatusSavedObjectsClientFactory(savedObjectsClient); + const ruleCurrentStatus = await ruleStatusClient.find({ + perPage: 1, + sortField: 'statusDate', + sortOrder: 'desc', + search: rule.id, + searchFields: ['alertId'], + }); + // set current status for this rule to be 'going to run' if (ruleCurrentStatus && ruleCurrentStatus.saved_objects.length > 0) { const currentStatusToDisable = ruleCurrentStatus.saved_objects[0]; - currentStatusToDisable.attributes.status = 'going to run'; - await savedObjectsClient?.update(ruleStatusSavedObjectType, currentStatusToDisable.id, { + await ruleStatusClient.update(currentStatusToDisable.id, { ...currentStatusToDisable.attributes, + status: 'going to run', }); } } else { diff --git a/x-pack/plugins/siem/server/lib/detection_engine/rules/update_rules.ts b/x-pack/plugins/siem/server/lib/detection_engine/rules/update_rules.ts index 7ddbbd76b0661..29c2cfdf91076 100644 --- a/x-pack/plugins/siem/server/lib/detection_engine/rules/update_rules.ts +++ b/x-pack/plugins/siem/server/lib/detection_engine/rules/update_rules.ts @@ -7,11 +7,11 @@ import { transformRuleToAlertAction } from '../../../../common/detection_engine/transform_actions'; import { PartialAlert } from '../../../../../alerting/server'; import { readRules } from './read_rules'; -import { IRuleSavedAttributesSavedObjectAttributes, UpdateRuleParams } from './types'; +import { UpdateRuleParams } from './types'; import { addTags } from './add_tags'; -import { ruleStatusSavedObjectType } from './saved_object_mappings'; import { calculateVersion } from './utils'; import { hasListsFeature } from '../feature_flags'; +import { ruleStatusSavedObjectsClientFactory } from '../signals/rule_status_saved_objects_client'; export const updateRules = async ({ alertsClient, @@ -129,22 +129,22 @@ export const updateRules = async ({ await alertsClient.disable({ id: rule.id }); } else if (!rule.enabled && enabled === true) { await alertsClient.enable({ id: rule.id }); - const ruleCurrentStatus = savedObjectsClient - ? await savedObjectsClient.find({ - type: ruleStatusSavedObjectType, - perPage: 1, - sortField: 'statusDate', - sortOrder: 'desc', - search: rule.id, - searchFields: ['alertId'], - }) - : null; + + const ruleStatusClient = ruleStatusSavedObjectsClientFactory(savedObjectsClient); + const ruleCurrentStatus = await ruleStatusClient.find({ + perPage: 1, + sortField: 'statusDate', + sortOrder: 'desc', + search: rule.id, + searchFields: ['alertId'], + }); + // set current status for this rule to be 'going to run' if (ruleCurrentStatus && ruleCurrentStatus.saved_objects.length > 0) { const currentStatusToDisable = ruleCurrentStatus.saved_objects[0]; - currentStatusToDisable.attributes.status = 'going to run'; - await savedObjectsClient?.update(ruleStatusSavedObjectType, currentStatusToDisable.id, { + await ruleStatusClient.update(currentStatusToDisable.id, { ...currentStatusToDisable.attributes, + status: 'going to run', }); } }