Skip to content

Commit

Permalink
[Osquery] [Fix] Response action pack's queries update (#146782)
Browse files Browse the repository at this point in the history
  • Loading branch information
tomsonpl authored Dec 1, 2022
1 parent d3b4d39 commit ec7ba49
Show file tree
Hide file tree
Showing 2 changed files with 57 additions and 8 deletions.
37 changes: 37 additions & 0 deletions x-pack/plugins/osquery/cypress/e2e/all/alerts.cy.ts
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ describe('Alert Event Details', () => {

before(() => {
runKbnArchiverScript(ArchiverMethod.LOAD, 'pack');
runKbnArchiverScript(ArchiverMethod.LOAD, 'example_pack');
runKbnArchiverScript(ArchiverMethod.LOAD, 'rule');
});
beforeEach(() => {
Expand All @@ -39,6 +40,7 @@ describe('Alert Event Details', () => {

after(() => {
runKbnArchiverScript(ArchiverMethod.UNLOAD, 'pack');
runKbnArchiverScript(ArchiverMethod.UNLOAD, 'example_pack');
runKbnArchiverScript(ArchiverMethod.UNLOAD, 'rule');
});

Expand Down Expand Up @@ -144,19 +146,54 @@ describe('Alert Event Details', () => {
cy.contains('Log message optimized for viewing in a log viewer');
cy.contains('Days of uptime');
});
cy.intercept('PUT', '/api/detection_engine/rules').as('saveRule');
cy.contains('Save changes').click();
cy.wait('@saveRule').should(({ request }) => {
const oneQuery = [
{
interval: 10,
query: 'select * from uptime;',
id: 'fds',
},
];
expect(request.body.response_actions[0].params.queries).to.deep.equal(oneQuery);
});

cy.contains(`${RULE_NAME} was saved`).should('exist');
cy.getBySel('toastCloseButton').click();
cy.contains('Edit rule settings').click();
cy.getBySel('edit-rule-actions-tab').wait(500).click();
cy.getBySel(RESPONSE_ACTIONS_ITEM_0).within(() => {
cy.contains('testpack');
cy.getBySel('comboBoxInput').type('Example{downArrow}{enter}');
});
cy.getBySel(RESPONSE_ACTIONS_ITEM_1).within(() => {
cy.contains('select * from uptime');
cy.contains('Log message optimized for viewing in a log viewer');
cy.contains('Days of uptime');
});
cy.contains('Save changes').click();
cy.wait('@saveRule').should(({ request }) => {
const threeQueries = [
{
interval: 3600,
query: 'SELECT * FROM memory_info;',
platform: 'linux',
id: 'system_memory_linux_elastic',
},
{
interval: 3600,
query: 'SELECT * FROM system_info;',
id: 'system_info_elastic',
},
{
interval: 10,
query: 'select opera_extensions.* from users join opera_extensions using (uid);',
id: 'failingQuery',
},
];
expect(request.body.response_actions[0].params.queries).to.deep.equal(threeQueries);
});
});

it('should be able to run live query and add to timeline (-depending on the previous test)', () => {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,15 +9,16 @@ import React, { useEffect, useMemo } from 'react';
import { EuiSpacer } from '@elastic/eui';
import uuid from 'uuid';
import type { FieldErrors } from 'react-hook-form';
import { useFieldArray } from 'react-hook-form';
import { useForm as useHookForm, FormProvider } from 'react-hook-form';
import { map, omit } from 'lodash';

import type { ECSMapping } from '@kbn/osquery-io-ts-types';
import { usePack } from '../../packs/use_pack';
import { QueryPackSelectable } from '../../live_queries/form/query_pack_selectable';
import { useKibana } from '../../common/lib/kibana';
import { LiveQueryQueryField } from '../../live_queries/form/live_query_query_field';
import { PackFieldWrapper } from './pack_field_wrapper';
import { usePack } from '../../packs/use_pack';

interface OsqueryResponseActionsValues {
savedQueryId?: string | null;
Expand Down Expand Up @@ -74,14 +75,30 @@ const OsqueryResponseActionParamsFormComponent = ({
},
});

const { watch, register, formState } = hooksForm;
const { watch, register, formState, control } = hooksForm;

const [packId, queryType, queries, id] = watch(['packId', 'queryType', 'queries', 'id']);
const { data: packData } = usePack({
packId: packId?.[0],
skip: !packId?.[0],
});

const { replace } = useFieldArray({
name: 'queries',
control,
});

useEffect(() => {
if (packData?.queries) {
const queriesArray = map(packData?.queries, (query, queryId: string) => ({
...query,
id: queryId,
}));

replace(queriesArray);
}
}, [packData, replace]);

useEffect(() => {
onError(formState.errors);
}, [onError, formState]);
Expand All @@ -99,12 +116,7 @@ const OsqueryResponseActionParamsFormComponent = ({
? {
id: formData.id,
packId: formData?.packId?.length ? formData?.packId[0] : undefined,
queries: packData
? map(packData.queries, (query, queryId: string) => ({
...query,
id: queryId,
}))
: formData.queries,
queries: formData.queries,
}
: {
id: formData.id,
Expand Down

0 comments on commit ec7ba49

Please sign in to comment.