Skip to content

Commit

Permalink
[SIEM][Detection Engine] - Update list values in REST interfaces (#62320
Browse files Browse the repository at this point in the history 
)

Summary
- #60022
- Follow up on #60171
- Modifies boolean filters to enum of "included" and "excluded"
- Adds operator types of enum "match", "match_all", "list", and "exists"
- Adds values properties to include those for "list"
- DOES NOT FILTER ON THE VALUES JUST YET (That will be a follow on PR)
  • Loading branch information
@yctercero
yctercero authored Apr 8, 2020
1 parent 1af82c7 commit 5d34697
Show file tree
Hide file tree
Showing 21 changed files with 578 additions and 296 deletions.
28 changes: 17 additions & 11 deletions x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/__mocks__/request_responses.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -450,25 +450,31 @@ export const getResult = (): RuleAlertType => ({
lists: [
{
field: 'source.ip',
boolean_operator: 'and',
values: [
{
name: '127.0.0.1',
type: 'value',
},
],
values_operator: 'included',
values_type: 'exists',
},
{
field: 'host.name',
boolean_operator: 'and not',
values_operator: 'excluded',
values_type: 'match',
values: [
{
name: 'rock01',
type: 'value',
},
],
and: [
{
name: 'mothra',
type: 'value',
field: 'host.id',
values_operator: 'included',
values_type: 'match_all',
values: [
{
name: '123',
},
{
name: '678',
},
],
},
],
},
Expand Down
28 changes: 17 additions & 11 deletions x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/__mocks__/utils.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,25 +141,31 @@ export const getOutputRuleAlertForRest = (): Omit<
lists: [
{
field: 'source.ip',
boolean_operator: 'and',
values: [
{
name: '127.0.0.1',
type: 'value',
},
],
values_operator: 'included',
values_type: 'exists',
},
{
field: 'host.name',
boolean_operator: 'and not',
values_operator: 'excluded',
values_type: 'match',
values: [
{
name: 'rock01',
type: 'value',
},
],
and: [
{
name: 'mothra',
type: 'value',
field: 'host.id',
values_operator: 'included',
values_type: 'match_all',
values: [
{
name: '123',
},
{
name: '678',
},
],
},
],
},
Expand Down
28 changes: 17 additions & 11 deletions x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/validate.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,25 +74,31 @@ export const ruleOutput: RulesSchema = {
lists: [
{
field: 'source.ip',
boolean_operator: 'and',
values: [
{
name: '127.0.0.1',
type: 'value',
},
],
values_operator: 'included',
values_type: 'exists',
},
{
field: 'host.name',
boolean_operator: 'and not',
values_operator: 'excluded',
values_type: 'match',
values: [
{
name: 'rock01',
type: 'value',
},
],
and: [
{
name: 'mothra',
type: 'value',
field: 'host.id',
values_operator: 'included',
values_type: 'match_all',
values: [
{
name: '123',
},
{
name: '678',
},
],
},
],
},
Expand Down
28 changes: 17 additions & 11 deletions ...gins/siem/server/lib/detection_engine/routes/schemas/add_prepackaged_rules_schema.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1561,25 +1561,31 @@ describe('add prepackaged rules schema', () => {
lists: [
{
field: 'source.ip',
boolean_operator: 'and',
values: [
{
name: '127.0.0.1',
type: 'value',
},
],
values_operator: 'included',
values_type: 'exists',
},
{
field: 'host.name',
boolean_operator: 'and not',
values_operator: 'excluded',
values_type: 'match',
values: [
{
name: 'rock01',
type: 'value',
},
],
and: [
{
name: 'mothra',
type: 'value',
field: 'host.id',
values_operator: 'included',
values_type: 'match_all',
values: [
{
name: '123',
},
{
name: '678',
},
],
},
],
},
Expand Down
28 changes: 17 additions & 11 deletions ...egacy/plugins/siem/server/lib/detection_engine/routes/schemas/create_rules_schema.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1526,25 +1526,31 @@ describe('create rules schema', () => {
lists: [
{
field: 'source.ip',
boolean_operator: 'and',
values: [
{
name: '127.0.0.1',
type: 'value',
},
],
values_operator: 'included',
values_type: 'exists',
},
{
field: 'host.name',
boolean_operator: 'and not',
values_operator: 'excluded',
values_type: 'match',
values: [
{
name: 'rock01',
type: 'value',
},
],
and: [
{
name: 'mothra',
type: 'value',
field: 'host.id',
values_operator: 'included',
values_type: 'match_all',
values: [
{
name: '123',
},
{
name: '678',
},
],
},
],
},
Expand Down
28 changes: 17 additions & 11 deletions ...egacy/plugins/siem/server/lib/detection_engine/routes/schemas/import_rules_schema.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1747,25 +1747,31 @@ describe('import rules schema', () => {
lists: [
{
field: 'source.ip',
boolean_operator: 'and',
values: [
{
name: '127.0.0.1',
type: 'value',
},
],
values_operator: 'included',
values_type: 'exists',
},
{
field: 'host.name',
boolean_operator: 'and not',
values_operator: 'excluded',
values_type: 'match',
values: [
{
name: 'rock01',
type: 'value',
},
],
and: [
{
name: 'mothra',
type: 'value',
field: 'host.id',
values_operator: 'included',
values_type: 'match_all',
values: [
{
name: '123',
},
{
name: '678',
},
],
},
],
},
Expand Down
53 changes: 31 additions & 22 deletions ...legacy/plugins/siem/server/lib/detection_engine/routes/schemas/patch_rules_schema.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1229,25 +1229,31 @@ describe('patch rules schema', () => {
lists: [
{
field: 'source.ip',
boolean_operator: 'and',
values: [
{
name: '127.0.0.1',
type: 'value',
},
],
values_operator: 'included',
values_type: 'exists',
},
{
field: 'host.name',
boolean_operator: 'and not',
values_operator: 'excluded',
values_type: 'match',
values: [
{
name: 'rock01',
type: 'value',
},
],
and: [
{
name: 'mothra',
type: 'value',
field: 'host.id',
values_operator: 'included',
values_type: 'match_all',
values: [
{
name: '123',
},
{
name: '678',
},
],
},
],
},
Expand All @@ -1263,25 +1269,28 @@ describe('patch rules schema', () => {
lists: [
{
field: 'source.ip',
boolean_operator: 'and',
values: [
{
name: '127.0.0.1',
type: 'value',
},
],
values_operator: 'included',
values_type: 'exists',
},
{
field: 'host.name',
boolean_operator: 'and not',
values_operator: 'excluded',
values_type: 'match',
values: [
{
name: 'rock01',
type: 'value',
},
],
and: [
{
name: 'mothra',
type: 'value',
field: 'host.id',
values_operator: 'included',
values_type: 'match_all',
values: [
{
name: '123',
},
],
},
],
},
Expand Down
28 changes: 17 additions & 11 deletions ...egacy/plugins/siem/server/lib/detection_engine/routes/schemas/response/__mocks__/utils.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,25 +66,31 @@ export const getBaseResponsePayload = (anchorDate: string = ANCHOR_DATE): RulesS
lists: [
{
field: 'source.ip',
boolean_operator: 'and',
values: [
{
name: '127.0.0.1',
type: 'value',
},
],
values_operator: 'included',
values_type: 'exists',
},
{
field: 'host.name',
boolean_operator: 'and not',
values_operator: 'excluded',
values_type: 'match',
values: [
{
name: 'rock01',
type: 'value',
},
],
and: [
{
name: 'mothra',
type: 'value',
field: 'host.id',
values_operator: 'included',
values_type: 'match_all',
values: [
{
name: '123',
},
{
name: '678',
},
],
},
],
},
Expand Down
Loading

0 comments on commit 5d34697

Please sign in to comment.