Skip to content

Commit

Permalink
Address pr comments
Browse files Browse the repository at this point in the history
  • Loading branch information
kqualters-elastic committed Apr 27, 2020
1 parent a607144 commit b47f270
Show file tree
Hide file tree
Showing 5 changed files with 17 additions and 26 deletions.
26 changes: 10 additions & 16 deletions x-pack/plugins/endpoint/common/models/event.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,51 +4,45 @@
* you may not use this file except in compliance with the Elastic License.
*/

import { EndpointEvent, LegacyEndpointEvent, ResolverEvent } from '../types';
import { LegacyEndpointEvent, ResolverEvent } from '../types';

export function isLegacyEvent(
event: EndpointEvent | LegacyEndpointEvent
): event is LegacyEndpointEvent {
export function isLegacyEvent(event: ResolverEvent): event is LegacyEndpointEvent {
return (event as LegacyEndpointEvent).endgame !== undefined;
}

export function eventTimestamp(
event: EndpointEvent | LegacyEndpointEvent
): string | undefined | number {
export function eventTimestamp(event: ResolverEvent): string | undefined | number {
if (isLegacyEvent(event)) {
return event.endgame.timestamp_utc;
} else {
return event['@timestamp'];
}
}

/** TODO, seems wrong */
export function eventName(event: EndpointEvent | LegacyEndpointEvent): string {
export function eventName(event: ResolverEvent): string {
if (isLegacyEvent(event)) {
return event.endgame.process_name ? event.endgame.process_name : '';
} else {
return event.process.name;
}
}

export function eventId(event: ResolverEvent) {
export function eventId(event: ResolverEvent): string {
if (isLegacyEvent(event)) {
return String(event.endgame.serial_event_id);
return event.endgame.serial_event_id ? String(event.endgame.serial_event_id) : '';
}
return event.event.id;
}

export function entityId(event: ResolverEvent) {
export function entityId(event: ResolverEvent): string {
if (isLegacyEvent(event)) {
return String(event.endgame.unique_pid);
return event.endgame.unique_pid ? String(event.endgame.unique_pid) : '';
}
return event.process.entity_id;
}

export function parentEntityId(event: ResolverEvent) {
export function parentEntityId(event: ResolverEvent): string | undefined {
if (isLegacyEvent(event)) {
const ppid = event.endgame.unique_ppid;
return String(ppid); // if unique_ppid is undefined return undefined
return event.endgame.unique_ppid ? String(event.endgame.unique_ppid) : undefined;
}
return event.process.parent?.entity_id;
}
1 change: 0 additions & 1 deletion x-pack/plugins/endpoint/common/types.ts
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,6 @@ export interface ResolverNode {
events: ResolverEvent[];
lifecycle: ResolverEvent[];
ancestors?: ResolverNode[];
parent?: ResolverNode | null;
pagination: ResolverNodePagination;
stats?: ResolverNodeStats;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -48,13 +48,18 @@ export const resolverMiddlewareFactory: MiddlewareFactory = context => {
const legacyEndpointID = action.payload.selectedEvent?.agent?.id;
[{ lifecycle, children, ancestors }] = await Promise.all([
context.services.http.get(`/api/endpoint/resolver/${entityId}`, {
query: { legacyEndpointID },
query: { legacyEndpointID, children: 5, ancestors: 5 },
}),
]);
} else {
const entityId = action.payload.selectedEvent.process.entity_id;
[{ lifecycle, children, ancestors }] = await Promise.all([
context.services.http.get(`/api/endpoint/resolver/${entityId}`),
context.services.http.get(`/api/endpoint/resolver/${entityId}`, {
query: {
children: 5,
ancestors: 5,
},
}),
]);
}
const response: ResolverEvent[] = [
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -66,10 +66,6 @@ export class ChildrenQuery extends ResolverQuery {
term: { 'event.kind': 'event' },
},
{
// Corner case, we could only have a process_running or process_terminated
// so to solve this we'll probably want to either search for all of them and only return one if that's
// possible in elastic search or in memory pull out a single event to return
// https://github.com/elastic/endpoint-app-team/issues/168
term: { 'event.type': 'start' },
},
],
Expand Down
3 changes: 0 additions & 3 deletions x-pack/plugins/endpoint/server/routes/resolver/utils/tree.ts
Original file line number Diff line number Diff line change
Expand Up @@ -93,16 +93,13 @@ export class Tree {
throw new Error('cannot merge trees with different roots');
}

// our caches should be exclusive for everything but the root node so we can
// just merge them
Object.entries(ancestors.cache).forEach(([id, node]) => {
if (rootID !== id) {
children.cache.set(id, node);
}
});

children.root.lifecycle = ancestors.root.lifecycle;
children.root.parent = ancestors.root.parent;
children.root.ancestors = ancestors.root.ancestors;
children.root.events = events.root.events;

Expand Down

0 comments on commit b47f270

Please sign in to comment.