[Security][Network] Exclude glob-only (*) Index Pattern from map laye…

…rs (elastic#69736) (elastic#69824) * Exclude glob-only (*) index pattern from map layers This pattern is a special case that our map should ignore, as including it causes all indexes to be queried. * Ignore CCS glob pattern in our embedded map Users may have this pattern for cross-cluster search, and it should similarly be excluded when matching Security indexes.
sorenlouv · Jun 24, 2020 · 8935d79 · 8935d79
1 parent 5bed09c
commit 8935d79
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 5 deletions.
diff --git a/x-pack/plugins/security_solution/public/network/components/embeddables/__mocks__/mock.ts b/x-pack/plugins/security_solution/public/network/components/embeddables/__mocks__/mock.ts
@@ -475,3 +475,12 @@ export const mockGlobIndexPattern: IndexPatternSavedObject = {
     title: '*',
   },
 };
+
+export const mockCCSGlobIndexPattern: IndexPatternSavedObject = {
+  id: '*:*',
+  type: 'index-pattern',
+  _version: 'abc',
+  attributes: {
+    title: '*:*',
+  },
+};
diff --git a/...ins/security_solution/public/network/components/embeddables/embedded_map_helpers.test.tsx b/...ins/security_solution/public/network/components/embeddables/embedded_map_helpers.test.tsx
@@ -14,6 +14,7 @@ import {
   mockAuditbeatIndexPattern,
   mockFilebeatIndexPattern,
   mockGlobIndexPattern,
+  mockCCSGlobIndexPattern,
 } from './__mocks__/mock';
 
 const mockEmbeddable = embeddablePluginMock.createStartContract();
@@ -106,12 +107,20 @@ describe('embedded_map_helpers', () => {
       ]);
     });
 
-    test('finds glob-only index patterns ', () => {
+    test('excludes glob-only index patterns', () => {
       const matchingIndexPatterns = findMatchingIndexPatterns({
         kibanaIndexPatterns: [mockGlobIndexPattern, mockFilebeatIndexPattern],
         siemDefaultIndices,
       });
-      expect(matchingIndexPatterns).toEqual([mockGlobIndexPattern, mockFilebeatIndexPattern]);
+      expect(matchingIndexPatterns).toEqual([mockFilebeatIndexPattern]);
+    });
+
+    test('excludes glob-only CCS index patterns', () => {
+      const matchingIndexPatterns = findMatchingIndexPatterns({
+        kibanaIndexPatterns: [mockCCSGlobIndexPattern, mockFilebeatIndexPattern],
+        siemDefaultIndices,
+      });
+      expect(matchingIndexPatterns).toEqual([mockFilebeatIndexPattern]);
     });
   });
 });
diff --git a/.../plugins/security_solution/public/network/components/embeddables/embedded_map_helpers.tsx b/.../plugins/security_solution/public/network/components/embeddables/embedded_map_helpers.tsx
@@ -128,6 +128,9 @@ export const createEmbeddable = async (
   return embeddableObject;
 };
 
+// These patterns are overly greedy and must be excluded when matching against Security indexes.
+const ignoredIndexPatterns = ['*', '*:*'];
+
 /**
  * Returns kibanaIndexPatterns that wildcard match at least one of siemDefaultIndices
  *
@@ -142,9 +145,13 @@ export const findMatchingIndexPatterns = ({
   siemDefaultIndices: string[];
 }): IndexPatternSavedObject[] => {
   try {
-    return kibanaIndexPatterns.filter((kip) =>
-      siemDefaultIndices.some((sdi) => minimatch(sdi, kip.attributes.title))
-    );
+    return kibanaIndexPatterns.filter((kip) => {
+      const pattern = kip.attributes.title;
+      return (
+        !ignoredIndexPatterns.includes(pattern) &&
+        siemDefaultIndices.some((sdi) => minimatch(sdi, pattern))
+      );
+    });
   } catch {
     return [];
   }