[Security Solution][ML] Updates siem group name to security (elastic#…

…73218) ## Summary Resolves elastic#69319 Updates `siem` grouping to `security`, and enables cloudtrail module, fixing mis-match between the newly updated modules (elastic#71696). <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/88444121-b6b27480-cdd8-11ea-886a-9b4cadbaede8.png" /> </p> <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/88444181-16108480-cdd9-11ea-9fba-aff1e4c38da3.png" /> </p> Also updates all module icons to be consistent: Auditbeat (Before/After): <p align="center"> <img width="260" src="https://user-images.githubusercontent.com/2946766/88592057-9a9e1580-d01a-11ea-97bb-d1096a4ae85f.png" /><img width="300" src="https://user-images.githubusercontent.com/2946766/88592020-8b1ecc80-d01a-11ea-8f2d-aa5cba94924e.png" /> </p> Packetbeat (Before/After): <p align="center"> <img width="260" src="https://user-images.githubusercontent.com/2946766/88592205-e18c0b00-d01a-11ea-9553-9c87527c600b.png" /><img width="300" src="https://user-images.githubusercontent.com/2946766/88592270-f8caf880-d01a-11ea-94a8-5428d2c6ddea.png" /> </p> Winlogbeat (Before/After): <p align="center"> <img width="260" src="https://user-images.githubusercontent.com/2946766/88592286-fff20680-d01a-11ea-87dd-4150debc988c.png" /><img width="300" src="https://user-images.githubusercontent.com/2946766/88592351-2021c580-d01b-11ea-863f-efd26d0105ab.png" /> </p> - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md) - [X] [Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials - Working w/ @benskelker on updated ML Jobs & nomenclature
spong · Jul 28, 2020 · b74414e · b74414e
1 parent a3c79fb
commit b74414e
Show file tree

Hide file tree

Showing 12 changed files with 19 additions and 16 deletions.
diff --git a/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_auditbeat/logo.json b/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_auditbeat/logo.json
@@ -1,3 +1,3 @@
 {
-	"icon": "securityAnalyticsApp"
+	"icon": "logoSecurity"
 }
diff --git a/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_auditbeat_auth/logo.json b/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_auditbeat_auth/logo.json
@@ -1,3 +1,3 @@
 {
-	"icon": "securityAnalyticsApp"
-}
+	"icon": "logoSecurity"
+}
diff --git a/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_packetbeat/logo.json b/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_packetbeat/logo.json
@@ -1,3 +1,3 @@
 {
-	"icon": "securityAnalyticsApp"
-}
+	"icon": "logoSecurity"
+}
diff --git a/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_winlogbeat/logo.json b/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_winlogbeat/logo.json
@@ -1,3 +1,3 @@
 {
-	"icon": "securityAnalyticsApp"
+	"icon": "logoSecurity"
 }
diff --git a/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_winlogbeat_auth/logo.json b/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_winlogbeat_auth/logo.json
@@ -1,3 +1,3 @@
 {
-	"icon": "securityAnalyticsApp"
-}
+	"icon": "logoSecurity"
+}
diff --git a/x-pack/plugins/security_solution/public/common/components/ml_popover/api.tsx b/x-pack/plugins/security_solution/public/common/components/ml_popover/api.tsx
@@ -71,7 +71,7 @@ export const setupMlJob = async ({
   configTemplate,
   indexPatternName = 'auditbeat-*',
   jobIdErrorFilter = [],
-  groups = ['siem'],
+  groups = ['security'],
   prefix = '',
 }: MlSetupArgs): Promise<SetupMlResponse> => {
   const response = await KibanaServices.get().http.fetch<SetupMlResponse>(

diff --git a/x-pack/plugins/security_solution/public/common/components/ml_popover/hooks/translations.ts b/x-pack/plugins/security_solution/public/common/components/ml_popover/hooks/translations.ts
@@ -9,6 +9,6 @@ import { i18n } from '@kbn/i18n';
 export const SIEM_JOB_FETCH_FAILURE = i18n.translate(
   'xpack.securitySolution.components.mlPopup.hooks.errors.siemJobFetchFailureTitle',
   {
-    defaultMessage: 'SIEM job fetch failure',
+    defaultMessage: 'Security job fetch failure',
   }
 );
diff --git a/...ins/security_solution/public/common/components/ml_popover/hooks/use_siem_jobs_helpers.tsx b/...ins/security_solution/public/common/components/ml_popover/hooks/use_siem_jobs_helpers.tsx
@@ -104,7 +104,7 @@ export const getInstalledJobs = (
   compatibleModuleIds: string[]
 ): SiemJob[] =>
   jobSummaryData
-    .filter(({ groups }) => groups.includes('siem'))
+    .filter(({ groups }) => groups.includes('siem') || groups.includes('security'))
     .map<SiemJob>((jobSummary) => ({
       ...jobSummary,
       ...getAugmentedFields(jobSummary.id, moduleJobs, compatibleModuleIds),

diff --git a/...solution/public/common/components/ml_popover/jobs_table/filters/groups_filter_popover.tsx b/...solution/public/common/components/ml_popover/jobs_table/filters/groups_filter_popover.tsx
@@ -25,8 +25,8 @@ interface GroupsFilterPopoverProps {
 
 /**
  * Popover for selecting which SiemJob groups to filter on. Component extracts unique groups and
- * their counts from the provided SiemJobs. The 'siem' group is filtered out as all jobs will be
- * siem jobs
+ * their counts from the provided SiemJobs. The 'siem' & 'security' groups are filtered out as all jobs will be
+ * siem/security jobs
  *
  * @param siemJobs jobs to fetch groups from to display for filtering
  * @param onSelectedGroupsChanged change listener to be notified when group selection changes
@@ -41,7 +41,7 @@ export const GroupsFilterPopoverComponent = ({
   const groups = siemJobs
     .map((j) => j.groups)
     .flat()
-    .filter((g) => g !== 'siem');
+    .filter((g) => g !== 'siem' && g !== 'security');
   const uniqueGroups = Array.from(new Set(groups));
 
   useEffect(() => {

diff --git a/x-pack/plugins/security_solution/public/common/components/ml_popover/ml_modules.tsx b/x-pack/plugins/security_solution/public/common/components/ml_popover/ml_modules.tsx
@@ -12,6 +12,7 @@
 export const mlModules: string[] = [
   'siem_auditbeat',
   'siem_auditbeat_auth',
+  'siem_cloudtrail',
   'siem_packetbeat',
   'siem_winlogbeat',
   'siem_winlogbeat_auth',

diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/ml_job_select/index.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/ml_job_select/index.tsx
@@ -41,7 +41,7 @@ const HelpText: React.FC<{ href: string; showEnableWarning: boolean }> = ({
   <>
     <FormattedMessage
       id="xpack.securitySolution.detectionEngine.createRule.stepDefineRule.machineLearningJobIdHelpText"
-      defaultMessage="We've provided a few common jobs to get you started. To add your own custom jobs, assign a group of “siem” to those jobs in the {machineLearning} application to make them appear here."
+      defaultMessage="We've provided a few common jobs to get you started. To add your own custom jobs, assign a group of “security” to those jobs in the {machineLearning} application to make them appear here."
       values={{
         machineLearning: (
           <EuiLink href={href} target="_blank">

diff --git a/x-pack/plugins/security_solution/server/usage/detections/detections_helpers.ts b/x-pack/plugins/security_solution/server/usage/detections/detections_helpers.ts
@@ -176,7 +176,9 @@ export const getMlJobsUsage = async (ml: MlPluginSetup | undefined): Promise<MlJ
         .modulesProvider(internalMlClient, fakeRequest, fakeSOClient)
         .listModules();
       const moduleJobs = modules.flatMap((module) => module.jobs);
-      const jobs = await ml.jobServiceProvider(internalMlClient, fakeRequest).jobsSummary(['siem']);
+      const jobs = await ml
+        .jobServiceProvider(internalMlClient, fakeRequest)
+        .jobsSummary(['siem', 'security']);
 
       jobsUsage = jobs.reduce((usage, job) => {
         const isElastic = moduleJobs.some((moduleJob) => moduleJob.id === job.id);