elastic · patrykkopycinski · Jan 28, 2021 · Dec 16, 2020 · Dec 22, 2020 · Dec 22, 2020
diff --git a/.eslintrc.js b/.eslintrc.js
@@ -1192,6 +1192,32 @@ module.exports = {
       },
     },
 
+    /**
+     * Osquery overrides
+     */
+    {
+      extends: ['eslint:recommended', 'plugin:react/recommended'],
+      plugins: ['react'],
+      files: ['x-pack/plugins/osquery/**/*.{js,mjs,ts,tsx}'],
+      rules: {
+        'arrow-body-style': ['error', 'as-needed'],
+        'prefer-arrow-callback': 'error',
+        'no-unused-vars': 'off',
+        'react/prop-types': 'off',
+      },
+    },
+    {
+      // typescript and javascript for front end react performance
+      files: ['x-pack/plugins/osquery/public/**/!(*.test).{js,mjs,ts,tsx}'],
+      plugins: ['react', 'react-perf'],
+      rules: {
+        'react-perf/jsx-no-new-object-as-prop': 'error',
+        'react-perf/jsx-no-new-array-as-prop': 'error',
+        'react-perf/jsx-no-new-function-as-prop': 'error',
+        'react/jsx-no-bind': 'error',
+      },
+    },
+
     /**
      * Prettier disables all conflicting rules, listing as last override so it takes precedence
      */

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -330,6 +330,9 @@ x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json @elastic/kib
 # Security Intelligence And Analytics
 /x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules @elastic/security-intelligence-analytics
 
+# Security Asset Management
+/x-pack/plugins/osquery @elastic/security-asset-management
+
 # Design (at the bottom for specificity of SASS files)
 **/*.scss  @elastic/kibana-design
 #CC# /packages/kbn-ui-framework/ @elastic/kibana-design

diff --git a/docs/developer/plugin-list.asciidoc b/docs/developer/plugin-list.asciidoc
@@ -460,6 +460,10 @@ Elastic.
 |This plugin provides shared components and services for use across observability solutions, as well as the observability landing page UI.
 
 
+|{kib-repo}blob/{branch}/x-pack/plugins/osquery/README.md[osquery]
+|This plugin adds extended support to Security Solution Fleet Osquery integration
+
+
 |{kib-repo}blob/{branch}/x-pack/plugins/painless_lab/README.md[painlessLab]
 |This plugin helps users learn how to use the Painless scripting language.
 

diff --git a/packages/kbn-optimizer/limits.yml b/packages/kbn-optimizer/limits.yml
@@ -103,4 +103,5 @@ pageLoadAssetSize:
   stackAlerts: 29684
   presentationUtil: 28545
   spacesOss: 18817
+  osquery: 107090
   mapsFileUpload: 23775
diff --git a/x-pack/.i18nrc.json b/x-pack/.i18nrc.json
@@ -38,6 +38,7 @@
     "xpack.maps": ["plugins/maps"],
     "xpack.ml": ["plugins/ml"],
     "xpack.monitoring": ["plugins/monitoring"],
+    "xpack.osquery": ["plugins/osquery"],
     "xpack.painlessLab": "plugins/painless_lab",
     "xpack.remoteClusters": "plugins/remote_clusters",
     "xpack.reporting": ["plugins/reporting"],

diff --git a/x-pack/plugins/osquery/README.md b/x-pack/plugins/osquery/README.md
@@ -0,0 +1,9 @@
+# osquery
+
+This plugin adds extended support to Security Solution Fleet Osquery integration
+
+---
+
+## Development
+
+See the [kibana contributing guide](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md) for instructions setting up your development environment.
diff --git a/x-pack/plugins/osquery/common/constants.ts b/x-pack/plugins/osquery/common/constants.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+export const DEFAULT_MAX_TABLE_QUERY_SIZE = 10000;
+export const DEFAULT_DARK_MODE = 'theme:darkMode';
diff --git a/x-pack/plugins/osquery/common/ecs/agent/index.ts b/x-pack/plugins/osquery/common/ecs/agent/index.ts
@@ -0,0 +1,9 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+export interface AgentEcs {
+  type?: string[];
+}
diff --git a/x-pack/plugins/osquery/common/ecs/auditd/index.ts b/x-pack/plugins/osquery/common/ecs/auditd/index.ts
@@ -0,0 +1,33 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+export interface AuditdEcs {
+  result?: string[];
+  session?: string[];
+  data?: AuditdDataEcs;
+  summary?: SummaryEcs;
+  sequence?: string[];
+}
+
+export interface AuditdDataEcs {
+  acct?: string[];
+  terminal?: string[];
+  op?: string[];
+}
+
+export interface SummaryEcs {
+  actor?: PrimarySecondaryEcs;
+  object?: PrimarySecondaryEcs;
+  how?: string[];
+  message_type?: string[];
+  sequence?: string[];
+}
+
+export interface PrimarySecondaryEcs {
+  primary?: string[];
+  secondary?: string[];
+  type?: string[];
+}
diff --git a/x-pack/plugins/osquery/common/ecs/cloud/index.ts b/x-pack/plugins/osquery/common/ecs/cloud/index.ts
@@ -0,0 +1,20 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+export interface CloudEcs {
+  instance?: CloudInstanceEcs;
+  machine?: CloudMachineEcs;
+  provider?: string[];
+  region?: string[];
+}
+
+export interface CloudMachineEcs {
+  type?: string[];
+}
+
+export interface CloudInstanceEcs {
+  id?: string[];
+}
diff --git a/x-pack/plugins/osquery/common/ecs/destination/index.ts b/x-pack/plugins/osquery/common/ecs/destination/index.ts
@@ -0,0 +1,16 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { GeoEcs } from '../geo';
+
+export interface DestinationEcs {
+  bytes?: number[];
+  ip?: string[];
+  port?: number[];
+  domain?: string[];
+  geo?: GeoEcs;
+  packets?: number[];
+}
diff --git a/x-pack/plugins/osquery/common/ecs/dns/index.ts b/x-pack/plugins/osquery/common/ecs/dns/index.ts
@@ -0,0 +1,16 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+export interface DnsEcs {
+  question?: DnsQuestionEcs;
+  resolved_ip?: string[];
+  response_code?: string[];
+}
+
+export interface DnsQuestionEcs {
+  name?: string[];
+  type?: string[];
+}
diff --git a/x-pack/plugins/osquery/common/ecs/ecs_fields/extend_map.test.ts b/x-pack/plugins/osquery/common/ecs/ecs_fields/extend_map.test.ts
@@ -0,0 +1,56 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { extendMap } from './extend_map';
+
+describe('ecs_fields test', () => {
+  describe('extendMap', () => {
+    test('it should extend a record', () => {
+      const osFieldsMap: Readonly<Record<string, string>> = {
+        'os.platform': 'os.platform',
+        'os.full': 'os.full',
+        'os.family': 'os.family',
+        'os.version': 'os.version',
+        'os.kernel': 'os.kernel',
+      };
+      const expected: Record<string, string> = {
+        'host.os.family': 'host.os.family',
+        'host.os.full': 'host.os.full',
+        'host.os.kernel': 'host.os.kernel',
+        'host.os.platform': 'host.os.platform',
+        'host.os.version': 'host.os.version',
+      };
+      expect(extendMap('host', osFieldsMap)).toEqual(expected);
+    });
+
+    test('it should extend a sample hosts record', () => {
+      const hostMap: Record<string, string> = {
+        'host.id': 'host.id',
+        'host.ip': 'host.ip',
+        'host.name': 'host.name',
+      };
+      const osFieldsMap: Readonly<Record<string, string>> = {
+        'os.platform': 'os.platform',
+        'os.full': 'os.full',
+        'os.family': 'os.family',
+        'os.version': 'os.version',
+        'os.kernel': 'os.kernel',
+      };
+      const expected: Record<string, string> = {
+        'host.id': 'host.id',
+        'host.ip': 'host.ip',
+        'host.name': 'host.name',
+        'host.os.family': 'host.os.family',
+        'host.os.full': 'host.os.full',
+        'host.os.kernel': 'host.os.kernel',
+        'host.os.platform': 'host.os.platform',
+        'host.os.version': 'host.os.version',
+      };
+      const output = { ...hostMap, ...extendMap('host', osFieldsMap) };
+      expect(output).toEqual(expected);
+    });
+  });
+});
diff --git a/x-pack/plugins/osquery/common/ecs/ecs_fields/extend_map.ts b/x-pack/plugins/osquery/common/ecs/ecs_fields/extend_map.ts
@@ -0,0 +1,14 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+export const extendMap = (
+  path: string,
+  map: Readonly<Record<string, string>>
+): Readonly<Record<string, string>> =>
+  Object.entries(map).reduce<Record<string, string>>((accum, [key, value]) => {
+    accum[`${path}.${key}`] = `${path}.${value}`;
+    return accum;
+  }, {});