-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[RAC][Security Solution] Adds migration to new SecuritySolution rule types #112113
Merged
madirey
merged 152 commits into
elastic:master
from
madirey:security-rac-rules-migration
Oct 26, 2021
Merged
Changes from all commits
Commits
Show all changes
152 commits
Select commit
Hold shift + click to select a range
82e35be
Initial commit
madirey 3ae81a7
Properly handle signal history
madirey bb739d4
Merge branch 'master' of github.com:elastic/kibana into security-rule…
madirey ee7ce2a
Fix #95258 - cardinality sort bug
madirey 5ede622
Merge branch 'master' of github.com:elastic/kibana into security-rule…
madirey e28c671
Init threshold rule
madirey 5d1f81d
Merge branch 'master' of github.com:elastic/kibana into security-rule…
madirey 958640f
Create working threshold rule
madirey b29aee9
Fix threshold signal generation
madirey 851301b
Fix tests
madirey 123d6f3
Merge branch 'master' of github.com:elastic/kibana into security-rule…
madirey 847876f
Update mappings
madirey 0859f5a
Merge branch 'master' of github.com:elastic/kibana into security-rule…
madirey 0e7676d
ALERT_TYPE_ID => RULE_TYPE_ID
madirey 6057c94
Merge branch 'master' of github.com:elastic/kibana into security-rule…
madirey d3d14fa
Merge branch 'master' of github.com:elastic/kibana into security-rule…
madirey 2082b3b
Add tests
madirey a352cbb
Fix types
madirey 04a024d
Merge branch 'master' of github.com:elastic/kibana into security-rule…
madirey 8b81415
Adds RAC rule type migration
madirey 62c3dcb
Merge branch 'master' of github.com:elastic/kibana into security-rule…
madirey f250676
Fix threshold tests (remove outputIndex)
madirey bc969c2
Add threshold rule type to ruleTypeMappings
madirey e257b30
Merge branch 'security-rule-type-threshold' into security-rac-rules-m…
madirey b2853c5
Add kbn-securitysolution-rules package for sharing with alerting fram…
madirey 338ec3b
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey 2095d28
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey cd9dd1e
Fix type errors
madirey e90926c
Fix find_rules tests
madirey d5a450a
First round of test fixes
madirey 95c1c1e
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey 46762d3
Fix issues from merge conflicts
madirey 9b9d96f
Use ruleDataClient getReader() for reading
madirey a7a4bd1
Fixes to 'generating_signals' tests
madirey 0d998b3
Remove more refs to legacy schema
madirey 98f8d3f
Linting
madirey bfa7138
Quick type fix
madirey fd81459
Bug fixes
madirey fc9d19d
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey 5fcfba5
Add saved query rule type
madirey be85ca6
Linting
madirey 2fbcf13
Fix types
madirey 4babb43
Signal generation tests
madirey 4569ae0
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey f8c2ca0
Test updates
madirey 12f375b
Update some more refs
madirey 6633d6e
build_alert tests
madirey 32faf13
Cleanup
madirey 98c6bcb
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey 4d1473d
Ref updates
madirey fa0bee6
Revert "Ref updates"
madirey 9beb557
Update status field
madirey 856b13f
Test fixes
madirey 09ab608
Another test
madirey 00eb940
Got a little too aggressive with search/replace
madirey eb60bb4
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey 999b3eb
let's see where we're at
madirey 2f6e50d
Fix
madirey f632eb1
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey 76fd481
Test fixes
madirey 0f4041c
cleanup
madirey cbfbff1
Fix cases API integration test config, flaky DE tests
marshallmain fb84dbd
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey 32f7961
Move flattenWithPrefix to package / skip signal migration tests
madirey 9303c13
Fix unit tests
madirey 87fa4b4
Use new schema for bulk rule creation
madirey 1040ee1
event: { kind } => event.kind
madirey 1221ca5
Fix signal migration API tests
marshallmain 4f517e0
Fix ml integration test
madirey 2be43c0
Fix threat match integration tests
madirey 701aaf6
Fix ML rule type tests and add correct producer to all rule types
marshallmain 88fa106
Update threat match API integration test
marshallmain dabc707
Merge branch 'security-rac-rules-migration' of github.com:marshallmai…
madirey c1756dc
Remove dupe properties
madirey 2dbb5d6
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey 8ede22c
Type fix
madirey 9975551
Fix ML producer in functional test
madirey 7ae72c9
Fix generating_signals tests
madirey f75561e
Remove usage of RuleDataClient-based execution log client
marshallmain 814e1ec
Merge branch 'security-rac-rules-migration' of github.com:marshallmai…
madirey e939727
Don't check output index version if rule registry enabled
marshallmain 15154be
Fix bulk duplicate rule
marshallmain 77cad67
Merge branch 'security-rac-rules-migration' of github.com:madirey/kib…
marshallmain 99c4ab7
Fix duplicate rule test
marshallmain 9628fcc
Fix readPrivileges and timestamp check logic
marshallmain 5d74191
Fixes for eql and exceptions tests... disable open_close_signals
madirey 63da337
Merge branch 'security-rac-rules-migration' of github.com:marshallmai…
madirey 774df35
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey c92ce9a
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey 2d0820b
Type fixes / keyword test fixes
madirey cc4ab55
Additional test fixes
madirey ec24aa6
Unit test fixes + signal -> kibana.alert
madirey c50788d
Test fixes for exceptions
madirey 865a085
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey 9c80d32
Fix read_resolve_rules test
madirey 5c1621e
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey 4d56e01
Various test fixes with marshallmain
madirey dee09b4
Sort search results
madirey b0b423d
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey 11d81a4
Fix create_rules tests
madirey 326b6f7
Disable writer cache for integration tests
madirey 3ea134b
Disable writer cache for cases integration tests
madirey 7a33db9
Fix types in rule_data_plugin_service
madirey 84770a4
Fix ordering in exceptions tests
madirey d52431e
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey 5bcb1df
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey f36b69b
Remove rule_registry.enabled flag
madirey eaa240b
Fix signals migration tests
madirey cb95db5
Don't check signals index before creation
madirey 5769535
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey 3f9e8d2
Fix cypress config
madirey bc9d523
Fix type error
madirey 3a1564a
create_migrations tests
madirey 7915be4
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey 452de28
Skip flaky test
madirey 430a223
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey e1ad444
Helpful comment
madirey b2c6f59
Fixes from merge conflicts
madirey cb099da
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey 5f72ebe
Pretend that signals index exists
madirey dd39941
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey 1f33909
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey 27e951d
Fix type errors
madirey c56c804
Skip flaky tests
madirey faeecf1
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey c3af87b
Fix threat matching test
madirey 10a2a6e
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey 35d4619
Clean up
madirey f206aa9
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey ec377c8
Reverting default ruleRegistry experimental flag (breaks unit tests)
madirey bea0900
Reenable rule registry experimental feature by default
madirey b2e66af
Execute DE rule migration in 8.0
madirey a68d386
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey 0881f6c
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey 1892b54
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey d4bc86c
Cypress test fixes
madirey ba67a5f
Fixes to alerts table and timeline functionality
madirey 9f2a6ca
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey c82039c
Some additional cypress fixes (and skips)
madirey efb8319
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey 3531a2d
Updating some more UI refs to AAD fields
madirey b62e83e
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey bb6816a
ECS fixes?
madirey a840df1
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey 595e979
Fix t-grid test
madirey 47e46ab
building_block_type fixes
madirey 44edd2a
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey aa97b5d
Fix types
madirey e40d2de
Skip tests, remove commented code
madirey 27fc6e6
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey 8ef98a7
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey 5f70fc6
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,95 @@ | ||
load("@npm//@bazel/typescript:index.bzl", "ts_config", "ts_project") | ||
load("@build_bazel_rules_nodejs//:index.bzl", "js_library", "pkg_npm") | ||
load("//src/dev/bazel:index.bzl", "jsts_transpiler") | ||
|
||
PKG_BASE_NAME = "kbn-securitysolution-rules" | ||
|
||
PKG_REQUIRE_NAME = "@kbn/securitysolution-rules" | ||
|
||
SOURCE_FILES = glob( | ||
[ | ||
"src/**/*.ts", | ||
], | ||
exclude = [ | ||
"**/*.test.*", | ||
"**/*.mock.*", | ||
], | ||
) | ||
|
||
SRCS = SOURCE_FILES | ||
|
||
filegroup( | ||
name = "srcs", | ||
srcs = SRCS, | ||
) | ||
|
||
NPM_MODULE_EXTRA_FILES = [ | ||
"package.json", | ||
"README.md", | ||
] | ||
|
||
RUNTIME_DEPS = [ | ||
"@npm//lodash", | ||
"@npm//tslib", | ||
"@npm//uuid", | ||
] | ||
|
||
TYPES_DEPS = [ | ||
"@npm//tslib", | ||
"@npm//@types/jest", | ||
"@npm//@types/lodash", | ||
"@npm//@types/node", | ||
"@npm//@types/uuid" | ||
] | ||
|
||
jsts_transpiler( | ||
name = "target_node", | ||
srcs = SRCS, | ||
build_pkg_name = package_name(), | ||
) | ||
|
||
ts_config( | ||
name = "tsconfig", | ||
src = "tsconfig.json", | ||
deps = [ | ||
"//:tsconfig.base.json", | ||
"//:tsconfig.bazel.json", | ||
], | ||
) | ||
|
||
ts_project( | ||
name = "tsc_types", | ||
args = ["--pretty"], | ||
srcs = SRCS, | ||
deps = TYPES_DEPS, | ||
declaration = True, | ||
declaration_map = True, | ||
emit_declaration_only = True, | ||
out_dir = "target_types", | ||
root_dir = "src", | ||
source_map = True, | ||
tsconfig = ":tsconfig", | ||
) | ||
|
||
js_library( | ||
name = PKG_BASE_NAME, | ||
srcs = NPM_MODULE_EXTRA_FILES, | ||
deps = RUNTIME_DEPS + [":target_node", ":tsc_types"], | ||
package_name = PKG_REQUIRE_NAME, | ||
visibility = ["//visibility:public"], | ||
) | ||
|
||
pkg_npm( | ||
name = "npm_module", | ||
deps = [ | ||
":%s" % PKG_BASE_NAME, | ||
], | ||
) | ||
|
||
filegroup( | ||
name = "build", | ||
srcs = [ | ||
":npm_module", | ||
], | ||
visibility = ["//visibility:public"], | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
# kbn-securitysolution-rules | ||
|
||
This contains alerts-as-data rule-specific constants and mappings that can be used across plugins. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0 and the Server Side Public License, v 1; you may not use this file except | ||
* in compliance with, at your election, the Elastic License 2.0 or the Server | ||
* Side Public License, v 1. | ||
*/ | ||
|
||
module.exports = { | ||
preset: '@kbn/test', | ||
rootDir: '../..', | ||
roots: ['<rootDir>/packages/kbn-securitysolution-rules'], | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
{ | ||
"name": "@kbn/securitysolution-rules", | ||
"version": "1.0.0", | ||
"description": "security solution rule utilities to use across plugins", | ||
"license": "SSPL-1.0 OR Elastic License 2.0", | ||
"main": "./target_node/index.js", | ||
"types": "./target_types/index.d.ts", | ||
"private": true | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0 and the Server Side Public License, v 1; you may not use this file except | ||
* in compliance with, at your election, the Elastic License 2.0 or the Server | ||
* Side Public License, v 1. | ||
*/ | ||
|
||
export * from './rule_type_constants'; | ||
export * from './rule_type_mappings'; | ||
export * from './utils'; |
23 changes: 23 additions & 0 deletions
23
packages/kbn-securitysolution-rules/src/rule_type_constants.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0 and the Server Side Public License, v 1; you may not use this file except | ||
* in compliance with, at your election, the Elastic License 2.0 or the Server | ||
* Side Public License, v 1. | ||
*/ | ||
|
||
/** | ||
* Id for the legacy siem signals alerting type | ||
*/ | ||
export const SIGNALS_ID = `siem.signals` as const; | ||
|
||
/** | ||
* IDs for alerts-as-data rule types | ||
*/ | ||
const RULE_TYPE_PREFIX = `siem` as const; | ||
export const EQL_RULE_TYPE_ID = `${RULE_TYPE_PREFIX}.eqlRule` as const; | ||
export const INDICATOR_RULE_TYPE_ID = `${RULE_TYPE_PREFIX}.indicatorRule` as const; | ||
export const ML_RULE_TYPE_ID = `${RULE_TYPE_PREFIX}.mlRule` as const; | ||
export const QUERY_RULE_TYPE_ID = `${RULE_TYPE_PREFIX}.queryRule` as const; | ||
export const SAVED_QUERY_RULE_TYPE_ID = `${RULE_TYPE_PREFIX}.savedQueryRule` as const; | ||
export const THRESHOLD_RULE_TYPE_ID = `${RULE_TYPE_PREFIX}.thresholdRule` as const; |
32 changes: 32 additions & 0 deletions
32
packages/kbn-securitysolution-rules/src/rule_type_mappings.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0 and the Server Side Public License, v 1; you may not use this file except | ||
* in compliance with, at your election, the Elastic License 2.0 or the Server | ||
* Side Public License, v 1. | ||
*/ | ||
|
||
import { | ||
EQL_RULE_TYPE_ID, | ||
INDICATOR_RULE_TYPE_ID, | ||
ML_RULE_TYPE_ID, | ||
QUERY_RULE_TYPE_ID, | ||
SAVED_QUERY_RULE_TYPE_ID, | ||
THRESHOLD_RULE_TYPE_ID, | ||
} from './rule_type_constants'; | ||
|
||
/** | ||
* Maps legacy rule types to RAC rule type IDs. | ||
*/ | ||
export const ruleTypeMappings = { | ||
eql: EQL_RULE_TYPE_ID, | ||
machine_learning: ML_RULE_TYPE_ID, | ||
query: QUERY_RULE_TYPE_ID, | ||
saved_query: SAVED_QUERY_RULE_TYPE_ID, | ||
threat_match: INDICATOR_RULE_TYPE_ID, | ||
threshold: THRESHOLD_RULE_TYPE_ID, | ||
}; | ||
type RuleTypeMappings = typeof ruleTypeMappings; | ||
|
||
export type RuleType = keyof RuleTypeMappings; | ||
export type RuleTypeId = RuleTypeMappings[keyof RuleTypeMappings]; |
17 changes: 14 additions & 3 deletions
17
...es/factories/utils/flatten_with_prefix.ts → ...s/kbn-securitysolution-rules/src/utils.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
{ | ||
"extends": "../../tsconfig.bazel.json", | ||
"compilerOptions": { | ||
"declaration": true, | ||
"declarationMap": true, | ||
"emitDeclarationOnly": true, | ||
"outDir": "target_types", | ||
"rootDir": "src", | ||
"sourceMap": true, | ||
"sourceRoot": "../../../../packages/kbn-securitysolution-rules/src", | ||
"types": [ | ||
"jest", | ||
"node" | ||
] | ||
}, | ||
"include": [ | ||
"src/**/*" | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Test actions (probably have to unflatten the flattened fields for Mustache).