Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Show fields for aliases when selected in correlation rule and threat intel monitor scan #1064

Merged
merged 2 commits into from
Jul 2, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
198 changes: 121 additions & 77 deletions public/pages/Correlations/containers/CreateCorrelationRule.tsx

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,7 @@ exports[`<EditFieldMappings /> spec renders the component 1`] = `
filedMappingService={
FieldMappingService {
"createMappings": [Function],
"getIndexAliasFields": [Function],
"getMappings": [Function],
"getMappingsView": [Function],
"httpClient": [MockFunction],
Expand Down Expand Up @@ -489,6 +490,7 @@ exports[`<EditFieldMappings /> spec renders the component 1`] = `
filedMappingService={
FieldMappingService {
"createMappings": [Function],
"getIndexAliasFields": [Function],
"getMappings": [Function],
"getMappingsView": [Function],
"httpClient": [MockFunction],
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ export const SelectThreatIntelLogSources: React.FC<SelectThreatIntelLogSourcesPr
const getLogFields = useCallback(
async (indexName: string) => {
if (saContext && !logSourceMappingByName[indexName]) {
getFieldsForIndex(saContext.services.indexService, indexName).then((fields) => {
getFieldsForIndex(saContext.services.fieldMappingService, indexName).then((fields) => {
setLogSourceMappingByName({
...logSourceMappingByName,
[indexName]: fields,
Expand Down
9 changes: 9 additions & 0 deletions public/services/FieldMappingService.ts
Original file line number Diff line number Diff line change
Expand Up @@ -79,4 +79,13 @@ export default class FieldMappingService {
},
})) as ServerResponse<GetMappingsResponse>;
};

getIndexAliasFields = async (indexName: string): Promise<ServerResponse<string[]>> => {
const url = `..${API.MAPPINGS_BASE}/fields/${indexName}`;
return (await this.httpClient.get(url, {
query: {
dataSourceId: dataSourceInfo.activeDataSource.id,
},
})) as ServerResponse<string[]>;
};
}
9 changes: 6 additions & 3 deletions public/utils/helpers.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ import {
} from '../pages/CreateDetector/components/DefineDetector/components/DetectionRules/types/interfaces';
import { RuleInfo } from '../../server/models/interfaces';
import { NotificationsStart } from 'opensearch-dashboards/public';
import { IndexService, OpenSearchService } from '../services';
import { FieldMappingService, IndexService, OpenSearchService } from '../services';
import { ruleSeverity, ruleTypes } from '../pages/Rules/utils/constants';
import _ from 'lodash';
import { AlertCondition, DateTimeFilter, Duration, LogType } from '../../types';
Expand Down Expand Up @@ -576,14 +576,17 @@ export function getIsNotificationPluginInstalled(): boolean {
return isNotificationPluginInstalled;
}

export async function getFieldsForIndex(indexService: IndexService, indexName: string) {
export async function getFieldsForIndex(
fieldMappingService: FieldMappingService,
indexName: string
) {
let fields: {
label: string;
value: string;
}[] = [];

if (indexName) {
const result = await indexService.getIndexFields(indexName);
const result = await fieldMappingService.getIndexAliasFields(indexName);
if (result?.ok) {
fields = result.response?.map((field) => ({
label: field,
Expand Down
14 changes: 14 additions & 0 deletions server/clusters/addFieldMappingMethods.ts
Original file line number Diff line number Diff line change
Expand Up @@ -44,4 +44,18 @@ export function addFieldMappingMethods(securityAnalytics: any, createAction: any
needBody: false,
method: 'GET',
});

securityAnalytics[METHOD_NAMES.GET_INDEX_ALIAS_MAPPINGS] = createAction({
url: {
fmt: `/<%=indexName%>/_mapping/field/*`,
req: {
indexName: {
type: 'string',
required: true,
},
},
},
needBody: false,
method: 'GET',
});
}
12 changes: 12 additions & 0 deletions server/routes/FieldMappingRoutes.ts
Original file line number Diff line number Diff line change
Expand Up @@ -47,4 +47,16 @@ export function setupFieldMappingRoutes(services: NodeServices, router: IRouter)
},
fieldMappingService.createMappings
);

router.get(
{
path: `${API.MAPPINGS_BASE}/fields/{indexName}`,
validate: {
params: schema.object({
indexName: schema.string(),
}),
},
},
fieldMappingService.getIndexAliasFields
);
}
39 changes: 39 additions & 0 deletions server/services/FieldMappingService.ts
Original file line number Diff line number Diff line change
Expand Up @@ -141,4 +141,43 @@ export default class FieldMappingService extends MDSEnabledClientService {
});
}
};

getIndexAliasFields = async (
context: RequestHandlerContext,
request: OpenSearchDashboardsRequest<{ indexName: string }, {}>,
response: OpenSearchDashboardsResponseFactory
) => {
try {
const { indexName } = request.params;
const client = this.getClient(request, context);
const mappingsResponse: { [key: string]: { mappings: any } } = await client(
CLIENT_FIELD_MAPPINGS_METHODS.GET_INDEX_ALIAS_MAPPINGS,
{
indexName,
}
);

const fieldMappings = Object.values(mappingsResponse)[0]?.mappings;
const fields = Object.keys(fieldMappings || {}).filter(
(field) => Object.keys(fieldMappings[field].mapping).length > 0
);

return response.custom({
statusCode: 200,
body: {
ok: true,
response: fields,
},
});
} catch (error: any) {
console.error('Security Analytics - FieldMappingService - getIndexAliasFields:', error);
return response.custom({
statusCode: 200,
body: {
ok: false,
error: error.message,
},
});
}
};
}
4 changes: 3 additions & 1 deletion server/utils/constants.ts
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,7 @@ export const METHOD_NAMES = {
GET_MAPPINGS_VIEW: 'getFieldMappingsView',
CREATE_MAPPINGS: 'createMappings',
GET_MAPPINGS: 'getMappings',
GET_INDEX_ALIAS_MAPPINGS: 'getIndexAliasMappings',

// Alerts methods
GET_ALERTS: 'getAlerts',
Expand Down Expand Up @@ -140,13 +141,14 @@ export const CLIENT_CORRELATION_METHODS = {
GET_CORRELATED_FINDINGS: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.GET_CORRELATED_FINDINGS}`,
GET_ALL_CORRELATIONS: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.GET_ALL_CORRELATIONS}`,
GET_CORRELATION_ALERTS: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.GET_CORRELATION_ALERTS}`,
ACK_CORRELATION_ALERTS: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.ACK_CORRELATION_ALERTS}`
ACK_CORRELATION_ALERTS: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.ACK_CORRELATION_ALERTS}`,
};

export const CLIENT_FIELD_MAPPINGS_METHODS = {
GET_MAPPINGS_VIEW: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.GET_MAPPINGS_VIEW}`,
CREATE_MAPPINGS: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.CREATE_MAPPINGS}`,
GET_MAPPINGS: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.GET_MAPPINGS}`,
GET_INDEX_ALIAS_MAPPINGS: `${PLUGIN_PROPERTY_NAME}.${METHOD_NAMES.GET_INDEX_ALIAS_MAPPINGS}`,
};

export const CLIENT_ALERTS_METHODS = {
Expand Down
Loading