-
Notifications
You must be signed in to change notification settings - Fork 8.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Security Solution] Refactor MatrixHistogram to use Search Strategy (#…
- Loading branch information
1 parent
7f323a1
commit f89bcfb
Showing
42 changed files
with
1,254 additions
and
499 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
15 changes: 15 additions & 0 deletions
15
...curity_solution/common/search_strategy/security_solution/matrix_histogram/alerts/index.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
import { HistogramBucket } from '../common'; | ||
|
||
export interface AlertsGroupData { | ||
key: string; | ||
doc_count: number; | ||
alerts: { | ||
buckets: HistogramBucket[]; | ||
}; | ||
} |
33 changes: 33 additions & 0 deletions
33
...ity_solution/common/search_strategy/security_solution/matrix_histogram/anomalies/index.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
import { SearchHit } from '../../../common'; | ||
|
||
interface AnomaliesOverTimeHistogramData { | ||
key_as_string: string; | ||
key: number; | ||
doc_count: number; | ||
} | ||
|
||
export interface AnomaliesActionGroupData { | ||
key: number; | ||
anomalies: { | ||
bucket: AnomaliesOverTimeHistogramData[]; | ||
}; | ||
doc_count: number; | ||
} | ||
|
||
export interface AnomalySource { | ||
[field: string]: any; // eslint-disable-line @typescript-eslint/no-explicit-any | ||
} | ||
|
||
export interface AnomalyHit extends SearchHit { | ||
sort: string[]; | ||
_source: AnomalySource; | ||
aggregations: { | ||
[agg: string]: any; // eslint-disable-line @typescript-eslint/no-explicit-any | ||
}; | ||
} |
19 changes: 19 additions & 0 deletions
19
...lution/common/search_strategy/security_solution/matrix_histogram/authentications/index.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
export interface AuthenticationsOverTimeHistogramData { | ||
key_as_string: string; | ||
key: number; | ||
doc_count: number; | ||
} | ||
|
||
export interface AuthenticationsActionGroupData { | ||
key: number; | ||
events: { | ||
bucket: AuthenticationsOverTimeHistogramData[]; | ||
}; | ||
doc_count: number; | ||
} |
10 changes: 10 additions & 0 deletions
10
...curity_solution/common/search_strategy/security_solution/matrix_histogram/common/index.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
export interface HistogramBucket { | ||
key: number; | ||
doc_count: number; | ||
} |
25 changes: 25 additions & 0 deletions
25
.../security_solution/common/search_strategy/security_solution/matrix_histogram/dns/index.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
export interface DnsHistogramSubBucket { | ||
key: string; | ||
doc_count: number; | ||
orderAgg: { | ||
value: number; | ||
}; | ||
} | ||
interface DnsHistogramBucket { | ||
doc_count_error_upper_bound: number; | ||
sum_other_doc_count: number; | ||
buckets: DnsHistogramSubBucket[]; | ||
} | ||
|
||
export interface DnsHistogramGroupData { | ||
key: number; | ||
doc_count: number; | ||
key_as_string: string; | ||
histogram: DnsHistogramBucket; | ||
} |
35 changes: 35 additions & 0 deletions
35
...curity_solution/common/search_strategy/security_solution/matrix_histogram/events/index.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
import { SearchHit } from '../../../common'; | ||
|
||
interface EventsMatrixHistogramData { | ||
key_as_string: string; | ||
key: number; | ||
doc_count: number; | ||
} | ||
|
||
export interface EventSource { | ||
// eslint-disable-next-line @typescript-eslint/no-explicit-any | ||
[field: string]: any; | ||
} | ||
|
||
export interface EventsActionGroupData { | ||
key: number; | ||
events: { | ||
bucket: EventsMatrixHistogramData[]; | ||
}; | ||
doc_count: number; | ||
} | ||
|
||
export interface EventHit extends SearchHit { | ||
sort: string[]; | ||
_source: EventSource; | ||
aggregations: { | ||
// eslint-disable-next-line @typescript-eslint/no-explicit-any | ||
[agg: string]: any; | ||
}; | ||
} |
92 changes: 92 additions & 0 deletions
92
...gins/security_solution/common/search_strategy/security_solution/matrix_histogram/index.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,92 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
import { IEsSearchResponse } from '../../../../../../../src/plugins/data/common'; | ||
import { AuthenticationHit } from '../hosts'; | ||
import { Inspect, Maybe, TimerangeInput } from '../../common'; | ||
import { RequestBasicOptions } from '../'; | ||
import { AlertsGroupData } from './alerts'; | ||
import { AnomaliesActionGroupData, AnomalyHit } from './anomalies'; | ||
import { DnsHistogramGroupData } from './dns'; | ||
import { AuthenticationsActionGroupData } from './authentications'; | ||
import { EventsActionGroupData, EventHit } from './events'; | ||
|
||
export * from './alerts'; | ||
export * from './anomalies'; | ||
export * from './authentications'; | ||
export * from './common'; | ||
export * from './dns'; | ||
export * from './events'; | ||
|
||
export const MatrixHistogramQuery = 'matrixHistogram'; | ||
|
||
export enum MatrixHistogramType { | ||
authentications = 'authentications', | ||
anomalies = 'anomalies', | ||
events = 'events', | ||
alerts = 'alerts', | ||
dns = 'dns', | ||
} | ||
|
||
export interface MatrixHistogramRequestOptions extends RequestBasicOptions { | ||
timerange: TimerangeInput; | ||
histogramType: MatrixHistogramType; | ||
stackByField: string; | ||
inspect?: Maybe<Inspect>; | ||
} | ||
|
||
export interface MatrixHistogramStrategyResponse extends IEsSearchResponse { | ||
inspect?: Maybe<Inspect>; | ||
matrixHistogramData: MatrixHistogramData[]; | ||
totalCount: number; | ||
} | ||
|
||
export interface MatrixHistogramData { | ||
x?: Maybe<number>; | ||
y?: Maybe<number>; | ||
g?: Maybe<string>; | ||
} | ||
|
||
export interface MatrixHistogramBucket { | ||
key: number; | ||
doc_count: number; | ||
} | ||
|
||
export interface MatrixHistogramSchema<T> { | ||
buildDsl: (options: MatrixHistogramRequestOptions) => {}; | ||
aggName: string; | ||
parseKey: string; | ||
parser?: <T>(data: MatrixHistogramParseData<T>, keyBucket: string) => MatrixHistogramData[]; | ||
} | ||
|
||
export type MatrixHistogramParseData<T> = T extends MatrixHistogramType.alerts | ||
? AlertsGroupData[] | ||
: T extends MatrixHistogramType.anomalies | ||
? AnomaliesActionGroupData[] | ||
: T extends MatrixHistogramType.dns | ||
? DnsHistogramGroupData[] | ||
: T extends MatrixHistogramType.authentications | ||
? AuthenticationsActionGroupData[] | ||
: T extends MatrixHistogramType.events | ||
? EventsActionGroupData[] | ||
: never; | ||
|
||
export type MatrixHistogramHit<T> = T extends MatrixHistogramType.alerts | ||
? EventHit | ||
: T extends MatrixHistogramType.anomalies | ||
? AnomalyHit | ||
: T extends MatrixHistogramType.dns | ||
? EventHit | ||
: T extends MatrixHistogramType.authentications | ||
? AuthenticationHit | ||
: T extends MatrixHistogramType.events | ||
? EventHit | ||
: never; | ||
|
||
export type MatrixHistogramDataConfig = Record< | ||
MatrixHistogramType, | ||
MatrixHistogramSchema<MatrixHistogramType> | ||
>; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.