From ed4b0f9c990cb1787652c642538ebe858c74effe Mon Sep 17 00:00:00 2001 From: Ryland Herrick Date: Tue, 23 Jun 2020 14:06:05 -0500 Subject: [PATCH 1/2] Exclude glob-only (*) index pattern from map layers This pattern is a special case that our map should ignore, as including it causes all indexes to be queried. --- .../components/embeddables/embedded_map_helpers.test.tsx | 4 ++-- .../components/embeddables/embedded_map_helpers.tsx | 7 ++++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/x-pack/plugins/security_solution/public/network/components/embeddables/embedded_map_helpers.test.tsx b/x-pack/plugins/security_solution/public/network/components/embeddables/embedded_map_helpers.test.tsx index d42ac919e9af0..07e50a049057a 100644 --- a/x-pack/plugins/security_solution/public/network/components/embeddables/embedded_map_helpers.test.tsx +++ b/x-pack/plugins/security_solution/public/network/components/embeddables/embedded_map_helpers.test.tsx @@ -106,12 +106,12 @@ describe('embedded_map_helpers', () => { ]); }); - test('finds glob-only index patterns ', () => { + test('excludes glob-only index patterns', () => { const matchingIndexPatterns = findMatchingIndexPatterns({ kibanaIndexPatterns: [mockGlobIndexPattern, mockFilebeatIndexPattern], siemDefaultIndices, }); - expect(matchingIndexPatterns).toEqual([mockGlobIndexPattern, mockFilebeatIndexPattern]); + expect(matchingIndexPatterns).toEqual([mockFilebeatIndexPattern]); }); }); }); diff --git a/x-pack/plugins/security_solution/public/network/components/embeddables/embedded_map_helpers.tsx b/x-pack/plugins/security_solution/public/network/components/embeddables/embedded_map_helpers.tsx index e50dcd7a8c8d8..321abe6c067c5 100644 --- a/x-pack/plugins/security_solution/public/network/components/embeddables/embedded_map_helpers.tsx +++ b/x-pack/plugins/security_solution/public/network/components/embeddables/embedded_map_helpers.tsx @@ -142,9 +142,10 @@ export const findMatchingIndexPatterns = ({ siemDefaultIndices: string[]; }): IndexPatternSavedObject[] => { try { - return kibanaIndexPatterns.filter((kip) => - siemDefaultIndices.some((sdi) => minimatch(sdi, kip.attributes.title)) - ); + return kibanaIndexPatterns.filter((kip) => { + const pattern = kip.attributes.title; + return pattern !== '*' && siemDefaultIndices.some((sdi) => minimatch(sdi, pattern)); + }); } catch { return []; } From 4b3fd53bcf72fdccf1cf4fc07de5231b5e3936ff Mon Sep 17 00:00:00 2001 From: Ryland Herrick Date: Tue, 23 Jun 2020 15:29:54 -0500 Subject: [PATCH 2/2] Ignore CCS glob pattern in our embedded map Users may have this pattern for cross-cluster search, and it should similarly be excluded when matching Security indexes. --- .../network/components/embeddables/__mocks__/mock.ts | 9 +++++++++ .../components/embeddables/embedded_map_helpers.test.tsx | 9 +++++++++ .../components/embeddables/embedded_map_helpers.tsx | 8 +++++++- 3 files changed, 25 insertions(+), 1 deletion(-) diff --git a/x-pack/plugins/security_solution/public/network/components/embeddables/__mocks__/mock.ts b/x-pack/plugins/security_solution/public/network/components/embeddables/__mocks__/mock.ts index bc1de567b60ae..6f8c3e1123854 100644 --- a/x-pack/plugins/security_solution/public/network/components/embeddables/__mocks__/mock.ts +++ b/x-pack/plugins/security_solution/public/network/components/embeddables/__mocks__/mock.ts @@ -475,3 +475,12 @@ export const mockGlobIndexPattern: IndexPatternSavedObject = { title: '*', }, }; + +export const mockCCSGlobIndexPattern: IndexPatternSavedObject = { + id: '*:*', + type: 'index-pattern', + _version: 'abc', + attributes: { + title: '*:*', + }, +}; diff --git a/x-pack/plugins/security_solution/public/network/components/embeddables/embedded_map_helpers.test.tsx b/x-pack/plugins/security_solution/public/network/components/embeddables/embedded_map_helpers.test.tsx index 07e50a049057a..50170f4f6ae9e 100644 --- a/x-pack/plugins/security_solution/public/network/components/embeddables/embedded_map_helpers.test.tsx +++ b/x-pack/plugins/security_solution/public/network/components/embeddables/embedded_map_helpers.test.tsx @@ -14,6 +14,7 @@ import { mockAuditbeatIndexPattern, mockFilebeatIndexPattern, mockGlobIndexPattern, + mockCCSGlobIndexPattern, } from './__mocks__/mock'; const mockEmbeddable = embeddablePluginMock.createStartContract(); @@ -113,5 +114,13 @@ describe('embedded_map_helpers', () => { }); expect(matchingIndexPatterns).toEqual([mockFilebeatIndexPattern]); }); + + test('excludes glob-only CCS index patterns', () => { + const matchingIndexPatterns = findMatchingIndexPatterns({ + kibanaIndexPatterns: [mockCCSGlobIndexPattern, mockFilebeatIndexPattern], + siemDefaultIndices, + }); + expect(matchingIndexPatterns).toEqual([mockFilebeatIndexPattern]); + }); }); }); diff --git a/x-pack/plugins/security_solution/public/network/components/embeddables/embedded_map_helpers.tsx b/x-pack/plugins/security_solution/public/network/components/embeddables/embedded_map_helpers.tsx index 321abe6c067c5..b0f8e2cc02403 100644 --- a/x-pack/plugins/security_solution/public/network/components/embeddables/embedded_map_helpers.tsx +++ b/x-pack/plugins/security_solution/public/network/components/embeddables/embedded_map_helpers.tsx @@ -128,6 +128,9 @@ export const createEmbeddable = async ( return embeddableObject; }; +// These patterns are overly greedy and must be excluded when matching against Security indexes. +const ignoredIndexPatterns = ['*', '*:*']; + /** * Returns kibanaIndexPatterns that wildcard match at least one of siemDefaultIndices * @@ -144,7 +147,10 @@ export const findMatchingIndexPatterns = ({ try { return kibanaIndexPatterns.filter((kip) => { const pattern = kip.attributes.title; - return pattern !== '*' && siemDefaultIndices.some((sdi) => minimatch(sdi, pattern)); + return ( + !ignoredIndexPatterns.includes(pattern) && + siemDefaultIndices.some((sdi) => minimatch(sdi, pattern)) + ); }); } catch { return [];