Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[SIEM][Detection Engine] - Update UI to read rule exceptions_list #69939

Closed
wants to merge 56 commits into from
Closed

[SIEM][Detection Engine] - Update UI to read rule exceptions_list #69939

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
56 commits
Select commit Hold shift + click to select a range
3b19da1
Updates list entry schema, exposes exception list client, updates tests
yctercero Jun 22, 2020
3388918
create new de list schema and unit tests
yctercero Jun 22, 2020
e977f00
updated route unit tests and types to match new list schema
yctercero Jun 23, 2020
55e29c9
updated existing DE exceptions code so it should now work as is with …
yctercero Jun 23, 2020
65e47ca
test and types cleanup
yctercero Jun 23, 2020
a2f6286
cleanup
yctercero Jun 23, 2020
6b728fe
Merge branch 'master' of github.com:yctercero/kibana into de_lists
yctercero Jun 23, 2020
53536f8
update unit test
yctercero Jun 23, 2020
1713e7f
Merge branch 'master' of github.com:yctercero/kibana into de_lists
yctercero Jun 24, 2020
373fe8c
updates per feedback
yctercero Jun 25, 2020
60c3e88
updated ui to accept exceptions list
yctercero Jun 25, 2020
4a9a23f
Merge branch 'master' of github.com:yctercero/kibana into exceptions_ui
yctercero Jun 25, 2020
223869e
update unit test
yctercero Jun 25, 2020
1f1761f
Merge branch 'master' of github.com:yctercero/kibana into exceptions_ui
yctercero Jun 25, 2020
042228a
Merge branch 'master' of github.com:yctercero/kibana into exceptions_ui
yctercero Jul 2, 2020
ff28bac
reverted type changes
yctercero Jul 2, 2020
001be67
updated rule exception list param to also include list type
yctercero Jul 2, 2020
e50e831
Merge branch 'master' of github.com:yctercero/kibana into exceptions_ui
yctercero Jul 2, 2020
81d26fc
[Security Solution] Renames the `Investigate in Resolver` Timeline ac…
andrew-goldstein Jul 2, 2020
4f65a02
types cleanup
yctercero Jul 2, 2020
113962e
Update component templates list to render empty prompt inside of cont…
cjcenizal Jul 2, 2020
5fcf803
Fix saved query modal overlay (#68826)
patrykkopycinski Jul 2, 2020
f5b2800
[kbn/optimizer] only build specified themes (#70389)
Jul 2, 2020
23ea7ac
[Maps] Fix cannot select Solid fill-color when removing fields (#70621)
nreese Jul 2, 2020
20237b8
[EPM] Use higher priority than default templates (#70640)
jonathan-buttner Jul 2, 2020
67c70e7
Add Snapshot Restore README with quick-testing steps. (#70494)
cjcenizal Jul 2, 2020
6c62c68
chore(NA): upgrade to lodash@4 (#69868)
mistic Jul 3, 2020
ebcec3a
[Maps] show vector tile labels on top (#69444)
nreese Jul 3, 2020
21efd23
Fixed adding an extra space character on selecting alert variable in …
YulNaumenko Jul 3, 2020
5226ea2
[Alerting] document requirements for developing new action types (#69…
pmuellr Jul 3, 2020
54348a7
[Ingest Manager] Add ability to sort to agent configs and package con…
jen-huang Jul 3, 2020
97ad58c
[ML] Changing shared module setup function parameters (#70589)
jgowdyelastic Jul 3, 2020
169147b
[Uptime] Prevent duplicate requests on load for index status (#70585)
shahzad31 Jul 3, 2020
f1888cd
[Rum Dashbaord] Rum selected service view (#70579)
shahzad31 Jul 3, 2020
5159635
[Ingest Pipelines] Load from json (#70297)
jloleysens Jul 3, 2020
8bc27ec
[APM] Optimize services overview (#69648)
dgieselaar Jul 3, 2020
bc1599e
[Composable template] Create / Edit wizard (#70220)
sebelga Jul 3, 2020
d1e6aa7
[Ingest Manager] Update registry URL to point to snapshot registry (#…
ruflin Jul 3, 2020
fa2f60e
[Uptime] Use elastic charts donut (#70364)
shahzad31 Jul 3, 2020
a916e0a
[Lens] Add ability to set colors for y-axis series (#70311)
mbondyra Jul 3, 2020
571a610
Handle timeouts on creating templates (#70635)
Jul 3, 2020
72b3004
[Ingest Manager] Improve agent unenrollment with unenroll action (#70…
nchaulet Jul 3, 2020
e70fcc7
[Telemetry] Add documentation about Application Usage (#70624)
afharo Jul 3, 2020
bbda3f9
[Lens] Fitting functions (#69820)
flash1293 Jul 3, 2020
f3573f3
[Logs UI] Logs overview queries for the observability dashboard (#70413)
Jul 3, 2020
e1da6a1
Add googlecloud metricbeat module to Kibana Home (#70652)
kaiyan-sheng Jul 3, 2020
97ca7bf
Update dependency @elastic/charts to v19.7.0 (#69791)
renovate[bot] Jul 3, 2020
7ec48fd
[Logs UI] Reorganise log rate anomaly table (#69516)
Kerry350 Jul 3, 2020
78fc9fb
[SECURITY] Bug fix for topN on draggables (#70450)
XavierM Jul 3, 2020
c3cacba
logout from transform_poweruser user in after method of transform tes…
Jul 3, 2020
fd15268
[functional tests] test url field formatter on dashboard and discover…
dmlemeshko Jul 3, 2020
e429670
[Security Solution][Endpoint] Update to new manifest format (without …
madirey Jul 4, 2020
86672a7
skip flaky suite (#70762)
mistic Jul 5, 2020
c96d9b4
skip flaky suite (#70764)
mistic Jul 5, 2020
5418533
Merge branch 'exceptions_ui' of https://github.com/yctercero/kibana i…
yctercero Jul 6, 2020
372c32f
updated failing tests
yctercero Jul 6, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 7 additions & 7 deletions x-pack/plugins/lists/public/exceptions/hooks/use_exception_list.test.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ describe('useExceptionList', () => {
useExceptionList({
filterOptions: { filter: '', tags: [] },
http: mockKibanaHttpService,
lists: [{ id: 'myListId', namespaceType: 'single' }],
lists: [{ id: 'myListId', namespace_type: 'single' }],
onError: onErrorMock,
pagination: {
page: 1,
Expand Down Expand Up @@ -76,7 +76,7 @@ describe('useExceptionList', () => {
useExceptionList({
filterOptions: { filter: '', tags: [] },
http: mockKibanaHttpService,
lists: [{ id: 'myListId', namespaceType: 'single' }],
lists: [{ id: 'myListId', namespace_type: 'single' }],
onError: onErrorMock,
onSuccess: onSuccessMock,
pagination: {
Expand Down Expand Up @@ -131,7 +131,7 @@ describe('useExceptionList', () => {
initialProps: {
filterOptions: { filter: '', tags: [] },
http: mockKibanaHttpService,
lists: [{ id: 'myListId', namespaceType: 'single' }],
lists: [{ id: 'myListId', namespace_type: 'single' }],
onError: onErrorMock,
onSuccess: onSuccessMock,
pagination: {
Expand All @@ -146,7 +146,7 @@ describe('useExceptionList', () => {
rerender({
filterOptions: { filter: '', tags: [] },
http: mockKibanaHttpService,
lists: [{ id: 'newListId', namespaceType: 'single' }],
lists: [{ id: 'newListId', namespace_type: 'single' }],
onError: onErrorMock,
onSuccess: onSuccessMock,
pagination: {
Expand All @@ -173,7 +173,7 @@ describe('useExceptionList', () => {
useExceptionList({
filterOptions: { filter: '', tags: [] },
http: mockKibanaHttpService,
lists: [{ id: 'myListId', namespaceType: 'single' }],
lists: [{ id: 'myListId', namespace_type: 'single' }],
onError: onErrorMock,
pagination: {
page: 1,
Expand Down Expand Up @@ -210,7 +210,7 @@ describe('useExceptionList', () => {
useExceptionList({
filterOptions: { filter: '', tags: [] },
http: mockKibanaHttpService,
lists: [{ id: 'myListId', namespaceType: 'single' }],
lists: [{ id: 'myListId', namespace_type: 'single' }],
onError: onErrorMock,
pagination: {
page: 1,
Expand Down Expand Up @@ -238,7 +238,7 @@ describe('useExceptionList', () => {
useExceptionList({
filterOptions: { filter: '', tags: [] },
http: mockKibanaHttpService,
lists: [{ id: 'myListId', namespaceType: 'single' }],
lists: [{ id: 'myListId', namespace_type: 'single' }],
onError: onErrorMock,
pagination: {
page: 1,
Expand Down
12 changes: 6 additions & 6 deletions x-pack/plugins/lists/public/exceptions/hooks/use_exception_list.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,25 +73,25 @@ export const useExceptionList = ({
let exceptions: ExceptionListItemSchema[] = [];
let exceptionListsReturned: ExceptionList[] = [];

const fetchData = async ({ id, namespaceType }: ExceptionIdentifiers): Promise<void> => {
const fetchData = async ({ id, namespace_type }: ExceptionIdentifiers): Promise<void> => {
try {
setLoading(true);

const {
list_id,
namespace_type,
namespace_type: namespaceType,
...restOfExceptionList
} = await fetchExceptionListById({
http,
id,
namespaceType,
namespaceType: namespace_type,
signal: abortCtrl.signal,
});
const fetchListItemsResult = await fetchExceptionListItemsByListId({
filterOptions,
http,
listId: list_id,
namespaceType: namespace_type,
namespaceType,
pagination,
signal: abortCtrl.signal,
});
Expand Down Expand Up @@ -147,8 +147,8 @@ export const useExceptionList = ({
// TODO: Workaround for now. Once api updated, we can pass in array of lists to fetch
await Promise.all(
lists.map(
({ id, namespaceType }: ExceptionIdentifiers): Promise<void> =>
fetchData({ id, namespaceType })
({ id, namespace_type }: ExceptionIdentifiers): Promise<void> =>
fetchData({ id, namespace_type })
)
);

Expand Down
2 changes: 1 addition & 1 deletion x-pack/plugins/lists/public/exceptions/types.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ export interface UseExceptionListProps {

export interface ExceptionIdentifiers {
id: string;
namespaceType: NamespaceType;
namespace_type: NamespaceType;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Was this changed to snake case to match the request body? I would expect it to be namespaceType everywhere except the API call, which sends namespace_type: namespaceType

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yea it was. Would I specify that change from namespace_type to namespaceType in the graphql types?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Working to update this and a found bug.

type?: string;
}

Expand Down
6 changes: 6 additions & 0 deletions x-pack/plugins/security_solution/public/alerts/containers/detection_engine/rules/types.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@
import * as t from 'io-ts';

import { RuleTypeSchema } from '../../../../../common/detection_engine/types';
import {
listArray,
listArrayOrUndefined,
} from '../../../../../common/detection_engine/schemas/types';

/**
* Params is an "record", since it is a type of AlertActionParams which is action templates.
Expand Down Expand Up @@ -53,6 +57,7 @@ export const NewRuleSchema = t.intersection([
to: t.string,
updated_by: t.string,
note: t.string,
exceptions_list: listArrayOrUndefined,
}),
]);

Expand Down Expand Up @@ -118,6 +123,7 @@ export const RuleSchema = t.intersection([
timeline_title: t.string,
note: t.string,
version: t.number,
exceptions_list: listArray,
}),
]);

Expand Down
2 changes: 1 addition & 1 deletion ...ck/plugins/security_solution/public/alerts/pages/detection_engine/rules/details/index.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -422,7 +422,7 @@ export const RuleDetailsPageComponent: FC<PropsFromRedux> = ({
ExceptionListType.ENDPOINT,
]}
commentsAccordionId={'ruleDetailsTabExceptions'}
exceptionListsMeta={[]}
exceptionListsMeta={rule?.exceptions_list ?? []}
/>
)}
{ruleDetailTab === RuleDetailTabs.failures && <FailureHistory id={rule?.id} />}
Expand Down
16 changes: 10 additions & 6 deletions ..._solution/public/common/components/exceptions/viewer/exception_item/exception_entries.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,10 @@ const MyAndOrBadgeContainer = styled(EuiFlexItem)`
padding-bottom: ${({ theme }) => theme.eui.euiSizeS};
`;

const MyActionButton = styled(EuiFlexItem)`
align-self: flex-end;
`;

interface ExceptionEntriesComponentProps {
entries: FormattedEntry[];
disableDelete: boolean;
Expand Down Expand Up @@ -126,7 +130,7 @@ const ExceptionEntriesComponent = ({
return (
<MyEntriesDetails grow={5}>
<EuiFlexGroup direction="column" gutterSize="m">
<EuiFlexItem>
<EuiFlexItem grow={false}>
<EuiFlexGroup direction="row" gutterSize="none">
{entries.length > 1 && (
<EuiHideFor sizes={['xs', 's']}>
Expand All @@ -150,9 +154,9 @@ const ExceptionEntriesComponent = ({
</EuiFlexItem>
</EuiFlexGroup>
</EuiFlexItem>
<EuiFlexItem grow={false}>
<EuiFlexItem grow={1}>
<EuiFlexGroup gutterSize="s" justifyContent="flexEnd">
<EuiFlexItem grow={false}>
<MyActionButton grow={false}>
<MyEditButton
size="s"
color="primary"
Expand All @@ -162,8 +166,8 @@ const ExceptionEntriesComponent = ({
>
{i18n.EDIT}
</MyEditButton>
</EuiFlexItem>
<EuiFlexItem grow={false}>
</MyActionButton>
<MyActionButton grow={false}>
<MyRemoveButton
size="s"
color="danger"
Expand All @@ -173,7 +177,7 @@ const ExceptionEntriesComponent = ({
>
{i18n.REMOVE}
</MyRemoveButton>
</EuiFlexItem>
</MyActionButton>
</EuiFlexGroup>
</EuiFlexItem>
</EuiFlexGroup>
Expand Down
2 changes: 1 addition & 1 deletion ...rity_solution/public/common/components/exceptions/viewer/exception_item/index.stories.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@ storiesOf('Components|ExceptionItem', module)

return (
<ExceptionItem
loadingItemIds={[{ id, namespaceType: namespace_type }]}
loadingItemIds={[{ id, namespace_type }]}
commentsAccordionId={'accordion--comments'}
exceptionItem={{ id, namespace_type, ...rest }}
onDeleteException={action('onClick')}
Expand Down
2 changes: 1 addition & 1 deletion ...ecurity_solution/public/common/components/exceptions/viewer/exception_item/index.test.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ describe('ExceptionItem', () => {

expect(mockOnDeleteException).toHaveBeenCalledWith({
id: '1',
namespaceType: 'single',
namespace_type: 'single',
});
});

Expand Down
8 changes: 4 additions & 4 deletions ...ins/security_solution/public/common/components/exceptions/viewer/exception_item/index.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,8 +55,8 @@ const ExceptionItemComponent = ({
}, [exceptionItem.entries]);

const handleDelete = useCallback((): void => {
onDeleteException({ id: exceptionItem.id, namespaceType: exceptionItem.namespace_type });
}, [onDeleteException, exceptionItem]);
onDeleteException({ id: exceptionItem.id, namespace_type: exceptionItem.namespace_type });
}, [onDeleteException, exceptionItem.id, exceptionItem.namespace_type]);

const handleEdit = useCallback((): void => {
onEditException(exceptionItem);
Expand All @@ -68,10 +68,10 @@ const ExceptionItemComponent = ({

const formattedComments = useMemo((): EuiCommentProps[] => {
return getFormattedComments(exceptionItem.comments);
}, [exceptionItem]);
}, [exceptionItem.comments]);

const disableDelete = useMemo((): boolean => {
const foundItems = loadingItemIds.filter((t) => t.id === exceptionItem.id);
const foundItems = loadingItemIds.filter(({ id }) => id === exceptionItem.id);
return foundItems.length > 0;
}, [loadingItemIds, exceptionItem.id]);

Expand Down
4 changes: 2 additions & 2 deletions x-pack/plugins/security_solution/public/common/components/exceptions/viewer/index.test.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ describe('ExceptionsViewer', () => {
{
id: '5b543420',
type: 'endpoint',
namespaceType: 'single',
namespace_type: 'single',
},
]}
availableListTypes={[ExceptionListType.DETECTION_ENGINE]}
Expand Down Expand Up @@ -114,7 +114,7 @@ describe('ExceptionsViewer', () => {
{
id: '5b543420',
type: 'endpoint',
namespaceType: 'single',
namespace_type: 'single',
},
]}
availableListTypes={[ExceptionListType.DETECTION_ENGINE]}
Expand Down
6 changes: 3 additions & 3 deletions x-pack/plugins/security_solution/public/common/components/exceptions/viewer/index.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -205,12 +205,12 @@ const ExceptionsViewerComponent = ({
);

const handleDeleteException = useCallback(
({ id, namespaceType }: ExceptionIdentifiers) => {
setLoadingItemIds([{ id, namespaceType }]);
({ id, namespace_type }: ExceptionIdentifiers) => {
setLoadingItemIds([{ id, namespace_type }]);

deleteExceptionItem({
id,
namespaceType,
namespaceType: namespace_type,
onSuccess: () => {
setLoadingItemIds(loadingItemIds.filter((t) => t.id !== id));
handleFetchList();
Expand Down
8 changes: 8 additions & 0 deletions x-pack/plugins/security_solution/public/graphql/introspection.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4710,6 +4710,14 @@
"type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null },
"isDeprecated": false,
"deprecationReason": null
},
{
"name": "exceptions_list",
"description": "",
"args": [],
"type": { "kind": "SCALAR", "name": "ToAny", "ofType": null },
"isDeprecated": false,
"deprecationReason": null
}
],
"inputFields": null,
Expand Down
4 changes: 4 additions & 0 deletions x-pack/plugins/security_solution/public/graphql/types.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1032,6 +1032,8 @@ export interface RuleField {
version?: Maybe<string[]>;

note?: Maybe<string[]>;

exceptions_list?: Maybe<ToAny>;
}

export interface SuricataEcsFields {
Expand Down Expand Up @@ -4984,6 +4986,8 @@ export namespace GetTimelineQuery {
filters: Maybe<ToAny>;

note: Maybe<string[]>;

exceptions_list: Maybe<ToAny>;
};

export type Suricata = {
Expand Down
1 change: 1 addition & 0 deletions x-pack/plugins/security_solution/public/timelines/containers/index.gql_query.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -207,6 +207,7 @@ export const timelineQuery = gql`
to
filters
note
exceptions_list
}
}
suricata {
Expand Down
1 change: 1 addition & 0 deletions x-pack/plugins/security_solution/server/graphql/ecs/schema.gql.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -411,6 +411,7 @@ export const ecsSchema = gql`
updated_by: ToStringArray
version: ToStringArray
note: ToStringArray
exceptions_list: ToAny
}

type SignalField {
Expand Down
9 changes: 9 additions & 0 deletions x-pack/plugins/security_solution/server/graphql/types.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1034,6 +1034,8 @@ export interface RuleField {
version?: Maybe<string[] | string>;

note?: Maybe<string[] | string>;

exceptions_list?: Maybe<ToAny>;
}

export interface SuricataEcsFields {
Expand Down Expand Up @@ -4856,6 +4858,8 @@ export namespace RuleFieldResolvers {
version?: VersionResolver<Maybe<string[] | string>, TypeParent, TContext>;

note?: NoteResolver<Maybe<string[] | string>, TypeParent, TContext>;

exceptions_list?: ExceptionsListResolver<Maybe<ToAny>, TypeParent, TContext>;
}

export type IdResolver<
Expand Down Expand Up @@ -5013,6 +5017,11 @@ export namespace RuleFieldResolvers {
Parent = RuleField,
TContext = SiemContext
> = Resolver<R, Parent, TContext>;
export type ExceptionsListResolver<
R = Maybe<ToAny>,
Parent = RuleField,
TContext = SiemContext
> = Resolver<R, Parent, TContext>;
}

export namespace SuricataEcsFieldsResolvers {
Expand Down
2 changes: 1 addition & 1 deletion .../security_solution/server/lib/detection_engine/scripts/rules/queries/query_with_list.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,5 +6,5 @@
"type": "query",
"query": "host.name: *",
"interval": "30s",
"exceptions_list": [{ "id": "endpoint_list", "namespace_type": "single" }]
"exceptions_list": [{ "id": "8b9058e0-b685-11ea-83bd-99c6441a63ec", "namespace_type": "single" }]
}
Loading