diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/event_log_adapter/event_log_adapter.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/event_log_adapter/event_log_adapter.ts index 1cef186e70837..34678d9a99cd5 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/event_log_adapter/event_log_adapter.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/event_log_adapter/event_log_adapter.ts @@ -37,7 +37,7 @@ export class EventLogAdapter implements IRuleExecutionLogClient { constructor( eventLogService: IEventLogService, - eventLogClient: IEventLogClient, + eventLogClient: IEventLogClient | undefined, savedObjectsClient: SavedObjectsClientContract ) { this.eventLogClient = new EventLogClient(eventLogService, eventLogClient); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/event_log_adapter/event_log_client.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/event_log_adapter/event_log_client.ts index 42c7915b25a80..4fa8c98c9de9f 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/event_log_adapter/event_log_client.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/event_log_adapter/event_log_client.ts @@ -58,11 +58,11 @@ interface IExecLogEventLogClient { } export class EventLogClient implements IExecLogEventLogClient { - private readonly eventLogClient: IEventLogClient; + private readonly eventLogClient: IEventLogClient | undefined; private readonly eventLogger: IEventLogger; private sequence = 0; - constructor(eventLogService: IEventLogService, eventLogClient: IEventLogClient) { + constructor(eventLogService: IEventLogService, eventLogClient: IEventLogClient | undefined) { this.eventLogClient = eventLogClient; this.eventLogger = eventLogService.getLogger({ event: { provider: RULE_EXECUTION_LOG_PROVIDER }, @@ -72,6 +72,10 @@ export class EventLogClient implements IExecLogEventLogClient { public async getLastStatusChanges( args: GetLastStatusChangesArgs ): Promise { + if (!this.eventLogClient) { + throw new Error('Querying Event Log from a rule executor is not supported at this moment'); + } + const soType = ALERT_SAVED_OBJECT_TYPE; const soIds = [args.ruleId]; const count = args.count; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/rule_execution_log_client.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/rule_execution_log_client.ts index aafacdd975e7f..5ed7041b6a64a 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/rule_execution_log_client.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/rule_execution_log_client.ts @@ -26,9 +26,9 @@ import { truncateMessage } from './utils/normalization'; interface ConstructorParams { underlyingClient: UnderlyingLogClient; - eventLogService: IEventLogService; - eventLogClient: IEventLogClient; savedObjectsClient: SavedObjectsClientContract; + eventLogService: IEventLogService; + eventLogClient?: IEventLogClient; } export class RuleExecutionLogClient implements IRuleExecutionLogClient { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/create_security_rule_type_wrapper.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/create_security_rule_type_wrapper.ts index c472494138b7f..bc13a12e01ca4 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/create_security_rule_type_wrapper.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/create_security_rule_type_wrapper.ts @@ -67,9 +67,9 @@ export const createSecurityRuleTypeWrapper: CreateSecurityRuleTypeWrapper = const esClient = scopedClusterClient.asCurrentUser; const ruleStatusClient = new RuleExecutionLogClient({ + underlyingClient: config.ruleExecutionLog.underlyingClient, savedObjectsClient, eventLogService, - underlyingClient: config.ruleExecutionLog.underlyingClient, }); const completeRule = { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/preview/preview_rule_execution_log_client.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/preview/preview_rule_execution_log_client.ts index d3ccafddab6e4..c2c1b5d7615c2 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/preview/preview_rule_execution_log_client.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/preview/preview_rule_execution_log_client.ts @@ -7,13 +7,16 @@ import { SavedObjectsFindResult } from 'kibana/server'; import { - LogExecutionMetricsArgs, IRuleExecutionLogClient, + LogStatusChangeArgs, + LogExecutionMetricsArgs, FindBulkExecutionLogArgs, FindBulkExecutionLogResponse, FindExecutionLogArgs, - LogStatusChangeArgs, - UpdateExecutionLogArgs, + GetLastFailuresArgs, + GetCurrentStatusArgs, + GetCurrentStatusBulkArgs, + GetCurrentStatusBulkResult, } from '../../rule_execution_log'; import { IRuleStatusSOAttributes } from '../../rules/types'; @@ -21,26 +24,50 @@ export const createWarningsAndErrors = () => { const warningsAndErrorsStore: LogStatusChangeArgs[] = []; const previewRuleExecutionLogClient: IRuleExecutionLogClient = { - async delete(id: string): Promise { - return Promise.resolve(undefined); - }, - async find( + find( args: FindExecutionLogArgs ): Promise>> { return Promise.resolve([]); }, - async findBulk(args: FindBulkExecutionLogArgs): Promise { + + findBulk(args: FindBulkExecutionLogArgs): Promise { return Promise.resolve({}); }, - async logStatusChange(args: LogStatusChangeArgs): Promise { - warningsAndErrorsStore.push(args); - return Promise.resolve(undefined); + + getLastFailures(args: GetLastFailuresArgs): Promise { + return Promise.resolve([]); }, - async update(args: UpdateExecutionLogArgs): Promise { - return Promise.resolve(undefined); + + getCurrentStatus(args: GetCurrentStatusArgs): Promise { + return Promise.resolve({ + statusDate: new Date().toISOString(), + status: null, + lastFailureAt: null, + lastFailureMessage: null, + lastSuccessAt: null, + lastSuccessMessage: null, + lastLookBackDate: null, + gap: null, + bulkCreateTimeDurations: null, + searchAfterTimeDurations: null, + }); }, - async logExecutionMetrics(args: LogExecutionMetricsArgs): Promise { - return Promise.resolve(undefined); + + getCurrentStatusBulk(args: GetCurrentStatusBulkArgs): Promise { + return Promise.resolve({}); + }, + + deleteCurrentStatus(ruleId: string): Promise { + return Promise.resolve(); + }, + + logStatusChange(args: LogStatusChangeArgs): Promise { + warningsAndErrorsStore.push(args); + return Promise.resolve(); + }, + + logExecutionMetrics(args: LogExecutionMetricsArgs): Promise { + return Promise.resolve(); }, }; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts index 6de039f083ba3..85285eed2817a 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts @@ -142,12 +142,13 @@ export const signalRulesAlertType = ({ const searchAfterSize = Math.min(maxSignals, DEFAULT_SEARCH_AFTER_PAGE_SIZE); let hasError: boolean = false; let result = createSearchAfterReturnType(); + const ruleStatusClient = ruleExecutionLogClientOverride ? ruleExecutionLogClientOverride : new RuleExecutionLogClient({ - eventLogService, - savedObjectsClient: services.savedObjectsClient, underlyingClient: config.ruleExecutionLog.underlyingClient, + savedObjectsClient: services.savedObjectsClient, + eventLogService, }); const completeRule: CompleteRule = { diff --git a/x-pack/plugins/security_solution/server/request_context_factory.ts b/x-pack/plugins/security_solution/server/request_context_factory.ts index c2e622bc495c9..0028d624c2955 100644 --- a/x-pack/plugins/security_solution/server/request_context_factory.ts +++ b/x-pack/plugins/security_solution/server/request_context_factory.ts @@ -36,7 +36,13 @@ export class RequestContextFactory implements IRequestContextFactory { private readonly appClientFactory: AppClientFactory; constructor(private readonly options: ConstructorOptions) { + const { config, plugins } = options; + this.appClientFactory = new AppClientFactory(); + this.appClientFactory.setup({ + getSpaceId: plugins.spaces?.spacesService?.getSpaceId, + config, + }); } public async create( @@ -44,14 +50,10 @@ export class RequestContextFactory implements IRequestContextFactory { request: KibanaRequest ): Promise { const { options, appClientFactory } = this; - const { config, plugins } = options; + const { config, core, plugins } = options; const { lists, ruleRegistry, security, spaces } = plugins; - appClientFactory.setup({ - getSpaceId: plugins.spaces?.spacesService?.getSpaceId, - config, - }); - + const [, startPlugins] = await core.getStartServices(); const frameworkRequest = await buildFrameworkRequest(context, security, request); return { @@ -69,9 +71,10 @@ export class RequestContextFactory implements IRequestContextFactory { getExecutionLogClient: () => new RuleExecutionLogClient({ + underlyingClient: config.ruleExecutionLog.underlyingClient, savedObjectsClient: context.core.savedObjects.client, eventLogService: plugins.eventLog, - underlyingClient: config.ruleExecutionLog.underlyingClient, + eventLogClient: startPlugins.eventLog.getClient(request), }), getExceptionListClient: () => {