-
Notifications
You must be signed in to change notification settings - Fork 8.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Security Solution] Entities details tab in expandable flyout (#155809)
## Summary This PR adds content to the 'Entities' tab under ' Insights', in the left section of the expandable flyout. - User info contains an user overview and related hosts. Related hosts are hosts this user has successfully authenticated after alert time - Host info contains a host overview and related users. Related users are users who are successfully authenticated to this host after alert time - User and host risk scores are displayed if kibana user has platinum license  ### How to test - Enable feature flag `securityFlyoutEnabled` - Navigation: - Generate some alerts data and go to Alerts page - Select the expand icon for an alert - Click `Expand alert details` - Go to Insights tab, Entities tab - To see risk score, apply platinum or enterprise license, then go to dashboard -> entity analytics, and click Enable (both user and host). - See comments below on generating test data (if needed) ### Run tests and storybook - `node scripts/storybook security_solution` to run Storybook - `npm run test:jest --config ./x-pack/plugins/security_solution/public/flyout` to run the unit tests - `yarn cypress:open-as-ci` but note that the integration/e2e tests have been written but are now skipped because the feature is protected behind a feature flag, disabled by default. To check them, add `'securityFlyoutEnabled'` [here](https://github.com/elastic/kibana/blob/main/x-pack/test/security_solution_cypress/config.ts#L50) ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Kibana Machine <[email protected]>
- Loading branch information
1 parent
c247899
commit 123e535
Showing
46 changed files
with
2,882 additions
and
118 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
14 changes: 14 additions & 0 deletions
14
...gins/security_solution/common/search_strategy/security_solution/related_entities/index.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
|
|
||
| export * from './related_hosts'; | ||
| export * from './related_users'; | ||
|
|
||
| export enum RelatedEntitiesQueries { | ||
| relatedHosts = 'relatedHosts', | ||
| relatedUsers = 'relatedUsers', | ||
| } |
42 changes: 42 additions & 0 deletions
42
...olution/common/search_strategy/security_solution/related_entities/related_hosts/index.tsx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
|
|
||
| import type { IEsSearchResponse } from '@kbn/data-plugin/common'; | ||
| import type { RiskSeverity, Inspect, Maybe } from '../../..'; | ||
| import type { RequestBasicOptions } from '../..'; | ||
| import type { BucketItem } from '../../cti'; | ||
|
|
||
| export interface RelatedHost { | ||
| host: string; | ||
| ip: string[]; | ||
| risk?: RiskSeverity; | ||
| } | ||
|
|
||
| export interface RelatedHostBucket { | ||
| key: string; | ||
| doc_count: number; | ||
| ip?: IPItems; | ||
| } | ||
|
|
||
| interface IPItems { | ||
| doc_count_error_upper_bound: number; | ||
| sum_other_doc_count: number; | ||
| buckets: BucketItem[]; | ||
| } | ||
|
|
||
| export interface UsersRelatedHostsStrategyResponse extends IEsSearchResponse { | ||
| totalCount: number; | ||
| relatedHosts: RelatedHost[]; | ||
| inspect?: Maybe<Inspect>; | ||
| } | ||
|
|
||
| export interface UsersRelatedHostsRequestOptions extends Partial<RequestBasicOptions> { | ||
| userName: string; | ||
| skip?: boolean; | ||
| from: string; | ||
| inspect?: Maybe<Inspect>; | ||
| } |
42 changes: 42 additions & 0 deletions
42
...olution/common/search_strategy/security_solution/related_entities/related_users/index.tsx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
|
|
||
| import type { IEsSearchResponse } from '@kbn/data-plugin/common'; | ||
| import type { RiskSeverity, Inspect, Maybe } from '../../..'; | ||
| import type { RequestBasicOptions } from '../..'; | ||
| import type { BucketItem } from '../../cti'; | ||
|
|
||
| export interface RelatedUser { | ||
| user: string; | ||
| ip: string[]; | ||
| risk?: RiskSeverity; | ||
| } | ||
|
|
||
| export interface RelatedUserBucket { | ||
| key: string; | ||
| doc_count: number; | ||
| ip?: IPItems; | ||
| } | ||
|
|
||
| interface IPItems { | ||
| doc_count_error_upper_bound: number; | ||
| sum_other_doc_count: number; | ||
| buckets: BucketItem[]; | ||
| } | ||
|
|
||
| export interface HostsRelatedUsersStrategyResponse extends IEsSearchResponse { | ||
| totalCount: number; | ||
| relatedUsers: RelatedUser[]; | ||
| inspect?: Maybe<Inspect>; | ||
| } | ||
|
|
||
| export interface HostsRelatedUsersRequestOptions extends Partial<RequestBasicOptions> { | ||
| hostName: string; | ||
| skip?: boolean; | ||
| from: string; | ||
| inspect?: Maybe<Inspect>; | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
52 changes: 52 additions & 0 deletions
52
...ypress/e2e/detection_alerts/expandable_flyout/alert_details_left_panel_entities_tab.cy.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
|
|
||
| import { | ||
| DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS, | ||
| DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_HOST_DETAILS, | ||
| } from '../../../screens/document_expandable_flyout'; | ||
| import { | ||
| expandFirstAlertExpandableFlyout, | ||
| openInsightsTab, | ||
| openEntities, | ||
| expandDocumentDetailsExpandableFlyoutLeftSection, | ||
| } from '../../../tasks/document_expandable_flyout'; | ||
| import { cleanKibana } from '../../../tasks/common'; | ||
| import { login, visit } from '../../../tasks/login'; | ||
| import { createRule } from '../../../tasks/api_calls/rules'; | ||
| import { getNewRule } from '../../../objects/rule'; | ||
| import { ALERTS_URL } from '../../../urls/navigation'; | ||
| import { waitForAlertsToPopulate } from '../../../tasks/create_new_rule'; | ||
|
|
||
| // Skipping these for now as the feature is protected behind a feature flag set to false by default | ||
| // To run the tests locally, add 'securityFlyoutEnabled' in the Cypress config.ts here https://github.com/elastic/kibana/blob/main/x-pack/test/security_solution_cypress/config.ts#L50 | ||
| describe.skip( | ||
| 'Alert details expandable flyout left panel entities', | ||
| { testIsolation: false }, | ||
| () => { | ||
| before(() => { | ||
| cleanKibana(); | ||
| login(); | ||
| createRule(getNewRule()); | ||
| visit(ALERTS_URL); | ||
| waitForAlertsToPopulate(); | ||
| expandFirstAlertExpandableFlyout(); | ||
| expandDocumentDetailsExpandableFlyoutLeftSection(); | ||
| openInsightsTab(); | ||
| openEntities(); | ||
| }); | ||
|
|
||
| it('should display analyzer graph and node list', () => { | ||
| cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS) | ||
| .scrollIntoView() | ||
| .should('be.visible'); | ||
| cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_HOST_DETAILS) | ||
| .scrollIntoView() | ||
| .should('be.visible'); | ||
| }); | ||
| } | ||
| ); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
80 changes: 80 additions & 0 deletions
80
.../security_solution/public/common/containers/related_entities/related_hosts/index.test.tsx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,80 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
| import { act, renderHook } from '@testing-library/react-hooks'; | ||
| import { TestProviders } from '../../../mock'; | ||
| import { useUserRelatedHosts } from '.'; | ||
| import { useSearchStrategy } from '../../use_search_strategy'; | ||
|
|
||
| jest.mock('../../use_search_strategy', () => ({ | ||
| useSearchStrategy: jest.fn(), | ||
| })); | ||
| const mockUseSearchStrategy = useSearchStrategy as jest.Mock; | ||
| const mockSearch = jest.fn(); | ||
|
|
||
| const defaultProps = { | ||
| userName: 'user1', | ||
| indexNames: ['index-*'], | ||
| from: '2020-07-07T08:20:18.966Z', | ||
| skip: false, | ||
| }; | ||
|
|
||
| const mockResult = { | ||
| inspect: {}, | ||
| totalCount: 1, | ||
| relatedHosts: [{ host: 'test host', ip: '100.000.XX' }], | ||
| loading: false, | ||
| refetch: jest.fn(), | ||
| }; | ||
|
|
||
| describe('useUsersRelatedHosts', () => { | ||
| beforeEach(() => { | ||
| jest.clearAllMocks(); | ||
| mockUseSearchStrategy.mockReturnValue({ | ||
| loading: false, | ||
| result: { | ||
| totalCount: mockResult.totalCount, | ||
| relatedHosts: mockResult.relatedHosts, | ||
| }, | ||
| search: mockSearch, | ||
| refetch: jest.fn(), | ||
| inspect: {}, | ||
| }); | ||
| }); | ||
|
|
||
| it('runs search', () => { | ||
| const { result } = renderHook(() => useUserRelatedHosts(defaultProps), { | ||
| wrapper: TestProviders, | ||
| }); | ||
|
|
||
| expect(mockSearch).toHaveBeenCalled(); | ||
| expect(JSON.stringify(result.current)).toEqual(JSON.stringify(mockResult)); // serialize result for array comparison | ||
| }); | ||
|
|
||
| it('does not run search when skip = true', () => { | ||
| const props = { | ||
| ...defaultProps, | ||
| skip: true, | ||
| }; | ||
| renderHook(() => useUserRelatedHosts(props), { | ||
| wrapper: TestProviders, | ||
| }); | ||
|
|
||
| expect(mockSearch).not.toHaveBeenCalled(); | ||
| }); | ||
| it('skip = true will cancel any running request', () => { | ||
| const props = { | ||
| ...defaultProps, | ||
| }; | ||
| const { rerender } = renderHook(() => useUserRelatedHosts(props), { | ||
| wrapper: TestProviders, | ||
| }); | ||
| props.skip = true; | ||
| act(() => rerender()); | ||
| expect(mockUseSearchStrategy).toHaveBeenCalledTimes(2); | ||
| expect(mockUseSearchStrategy.mock.calls[1][0].abort).toEqual(true); | ||
| }); | ||
| }); |
Oops, something went wrong.