Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[RAC][Security Solution] Adds migration to new SecuritySolution rule types #112113

Merged
merged 152 commits into from
Oct 26, 2021
Merged
Show file tree
Hide file tree
Changes from 131 commits
Commits
Show all changes
152 commits
Select commit Hold shift + click to select a range
82e35be
Initial commit
madirey Sep 7, 2021
3ae81a7
Properly handle signal history
madirey Sep 7, 2021
bb739d4
Merge branch 'master' of github.com:elastic/kibana into security-rule…
madirey Sep 8, 2021
ee7ce2a
Fix #95258 - cardinality sort bug
madirey Sep 8, 2021
5ede622
Merge branch 'master' of github.com:elastic/kibana into security-rule…
madirey Sep 8, 2021
e28c671
Init threshold rule
madirey Sep 8, 2021
5d1f81d
Merge branch 'master' of github.com:elastic/kibana into security-rule…
madirey Sep 8, 2021
958640f
Create working threshold rule
madirey Sep 9, 2021
b29aee9
Fix threshold signal generation
madirey Sep 9, 2021
851301b
Fix tests
madirey Sep 9, 2021
123d6f3
Merge branch 'master' of github.com:elastic/kibana into security-rule…
madirey Sep 9, 2021
847876f
Update mappings
madirey Sep 9, 2021
0859f5a
Merge branch 'master' of github.com:elastic/kibana into security-rule…
madirey Sep 10, 2021
0e7676d
ALERT_TYPE_ID => RULE_TYPE_ID
madirey Sep 10, 2021
6057c94
Merge branch 'master' of github.com:elastic/kibana into security-rule…
madirey Sep 12, 2021
d3d14fa
Merge branch 'master' of github.com:elastic/kibana into security-rule…
madirey Sep 13, 2021
2082b3b
Add tests
madirey Sep 13, 2021
a352cbb
Fix types
madirey Sep 13, 2021
04a024d
Merge branch 'master' of github.com:elastic/kibana into security-rule…
madirey Sep 13, 2021
8b81415
Adds RAC rule type migration
madirey Sep 13, 2021
62c3dcb
Merge branch 'master' of github.com:elastic/kibana into security-rule…
madirey Sep 14, 2021
f250676
Fix threshold tests (remove outputIndex)
madirey Sep 14, 2021
bc969c2
Add threshold rule type to ruleTypeMappings
madirey Sep 14, 2021
e257b30
Merge branch 'security-rule-type-threshold' into security-rac-rules-m…
madirey Sep 14, 2021
b2853c5
Add kbn-securitysolution-rules package for sharing with alerting fram…
madirey Sep 14, 2021
338ec3b
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Sep 14, 2021
2095d28
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Sep 14, 2021
cd9dd1e
Fix type errors
madirey Sep 14, 2021
e90926c
Fix find_rules tests
madirey Sep 15, 2021
d5a450a
First round of test fixes
madirey Sep 20, 2021
95c1c1e
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Sep 20, 2021
46762d3
Fix issues from merge conflicts
madirey Sep 20, 2021
9b9d96f
Use ruleDataClient getReader() for reading
madirey Sep 20, 2021
a7a4bd1
Fixes to 'generating_signals' tests
madirey Sep 20, 2021
0d998b3
Remove more refs to legacy schema
madirey Sep 20, 2021
98f8d3f
Linting
madirey Sep 20, 2021
bfa7138
Quick type fix
madirey Sep 20, 2021
fd81459
Bug fixes
madirey Sep 23, 2021
fc9d19d
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Sep 23, 2021
5fcfba5
Add saved query rule type
madirey Sep 23, 2021
be85ca6
Linting
madirey Sep 23, 2021
2fbcf13
Fix types
madirey Sep 23, 2021
4babb43
Signal generation tests
madirey Sep 25, 2021
4569ae0
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Sep 26, 2021
f8c2ca0
Test updates
madirey Sep 26, 2021
12f375b
Update some more refs
madirey Sep 26, 2021
6633d6e
build_alert tests
madirey Sep 26, 2021
32faf13
Cleanup
madirey Sep 26, 2021
98c6bcb
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Sep 26, 2021
4d1473d
Ref updates
madirey Sep 27, 2021
fa0bee6
Revert "Ref updates"
madirey Sep 27, 2021
9beb557
Update status field
madirey Sep 27, 2021
856b13f
Test fixes
madirey Sep 27, 2021
09ab608
Another test
madirey Sep 27, 2021
00eb940
Got a little too aggressive with search/replace
madirey Sep 28, 2021
eb60bb4
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Sep 28, 2021
999b3eb
let's see where we're at
madirey Sep 29, 2021
2f6e50d
Fix
madirey Sep 29, 2021
f632eb1
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Oct 5, 2021
76fd481
Test fixes
madirey Oct 5, 2021
0f4041c
cleanup
madirey Oct 5, 2021
cbfbff1
Fix cases API integration test config, flaky DE tests
marshallmain Oct 6, 2021
fb84dbd
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Oct 6, 2021
32f7961
Move flattenWithPrefix to package / skip signal migration tests
madirey Oct 6, 2021
9303c13
Fix unit tests
madirey Oct 6, 2021
87fa4b4
Use new schema for bulk rule creation
madirey Oct 6, 2021
1040ee1
event: { kind } => event.kind
madirey Oct 6, 2021
1221ca5
Fix signal migration API tests
marshallmain Oct 6, 2021
4f517e0
Fix ml integration test
madirey Oct 7, 2021
2be43c0
Fix threat match integration tests
madirey Oct 7, 2021
701aaf6
Fix ML rule type tests and add correct producer to all rule types
marshallmain Oct 7, 2021
88fa106
Update threat match API integration test
marshallmain Oct 7, 2021
dabc707
Merge branch 'security-rac-rules-migration' of github.com:marshallmai…
madirey Oct 7, 2021
c1756dc
Remove dupe properties
madirey Oct 7, 2021
2dbb5d6
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Oct 7, 2021
8ede22c
Type fix
madirey Oct 7, 2021
9975551
Fix ML producer in functional test
madirey Oct 7, 2021
7ae72c9
Fix generating_signals tests
madirey Oct 7, 2021
f75561e
Remove usage of RuleDataClient-based execution log client
marshallmain Oct 7, 2021
814e1ec
Merge branch 'security-rac-rules-migration' of github.com:marshallmai…
madirey Oct 7, 2021
e939727
Don't check output index version if rule registry enabled
marshallmain Oct 7, 2021
15154be
Fix bulk duplicate rule
marshallmain Oct 7, 2021
77cad67
Merge branch 'security-rac-rules-migration' of github.com:madirey/kib…
marshallmain Oct 7, 2021
99c4ab7
Fix duplicate rule test
marshallmain Oct 11, 2021
9628fcc
Fix readPrivileges and timestamp check logic
marshallmain Oct 11, 2021
5d74191
Fixes for eql and exceptions tests... disable open_close_signals
madirey Oct 11, 2021
63da337
Merge branch 'security-rac-rules-migration' of github.com:marshallmai…
madirey Oct 11, 2021
774df35
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Oct 12, 2021
c92ce9a
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Oct 12, 2021
2d0820b
Type fixes / keyword test fixes
madirey Oct 12, 2021
cc4ab55
Additional test fixes
madirey Oct 12, 2021
ec24aa6
Unit test fixes + signal -> kibana.alert
madirey Oct 12, 2021
c50788d
Test fixes for exceptions
madirey Oct 13, 2021
865a085
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Oct 13, 2021
9c80d32
Fix read_resolve_rules test
madirey Oct 13, 2021
5c1621e
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Oct 13, 2021
4d56e01
Various test fixes with marshallmain
madirey Oct 13, 2021
dee09b4
Sort search results
madirey Oct 13, 2021
b0b423d
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Oct 13, 2021
11d81a4
Fix create_rules tests
madirey Oct 13, 2021
326b6f7
Disable writer cache for integration tests
madirey Oct 14, 2021
3ea134b
Disable writer cache for cases integration tests
madirey Oct 14, 2021
7a33db9
Fix types in rule_data_plugin_service
madirey Oct 14, 2021
84770a4
Fix ordering in exceptions tests
madirey Oct 15, 2021
d52431e
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Oct 15, 2021
5bcb1df
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Oct 18, 2021
f36b69b
Remove rule_registry.enabled flag
madirey Oct 18, 2021
eaa240b
Fix signals migration tests
madirey Oct 18, 2021
cb95db5
Don't check signals index before creation
madirey Oct 19, 2021
5769535
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Oct 19, 2021
3f9e8d2
Fix cypress config
madirey Oct 19, 2021
bc9d523
Fix type error
madirey Oct 19, 2021
3a1564a
create_migrations tests
madirey Oct 19, 2021
7915be4
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Oct 19, 2021
452de28
Skip flaky test
madirey Oct 20, 2021
430a223
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Oct 20, 2021
e1ad444
Helpful comment
madirey Oct 20, 2021
b2c6f59
Fixes from merge conflicts
madirey Oct 20, 2021
cb099da
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Oct 20, 2021
5f72ebe
Pretend that signals index exists
madirey Oct 20, 2021
dd39941
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Oct 20, 2021
1f33909
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Oct 20, 2021
27e951d
Fix type errors
madirey Oct 20, 2021
c56c804
Skip flaky tests
madirey Oct 20, 2021
faeecf1
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Oct 20, 2021
c3af87b
Fix threat matching test
madirey Oct 21, 2021
10a2a6e
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Oct 21, 2021
35d4619
Clean up
madirey Oct 21, 2021
f206aa9
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Oct 21, 2021
ec377c8
Reverting default ruleRegistry experimental flag (breaks unit tests)
madirey Oct 21, 2021
bea0900
Reenable rule registry experimental feature by default
madirey Oct 21, 2021
b2e66af
Execute DE rule migration in 8.0
madirey Oct 21, 2021
a68d386
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Oct 21, 2021
0881f6c
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Oct 22, 2021
1892b54
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Oct 25, 2021
d4bc86c
Cypress test fixes
madirey Oct 25, 2021
ba67a5f
Fixes to alerts table and timeline functionality
madirey Oct 25, 2021
9f2a6ca
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Oct 25, 2021
c82039c
Some additional cypress fixes (and skips)
madirey Oct 25, 2021
efb8319
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Oct 25, 2021
3531a2d
Updating some more UI refs to AAD fields
madirey Oct 25, 2021
b62e83e
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Oct 25, 2021
bb6816a
ECS fixes?
madirey Oct 26, 2021
a840df1
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Oct 26, 2021
595e979
Fix t-grid test
madirey Oct 26, 2021
47e46ab
building_block_type fixes
madirey Oct 26, 2021
44edd2a
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Oct 26, 2021
aa97b5d
Fix types
madirey Oct 26, 2021
e40d2de
Skip tests, remove commented code
madirey Oct 26, 2021
27fc6e6
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Oct 26, 2021
8ef98a7
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Oct 26, 2021
5f70fc6
Merge branch 'master' of github.com:elastic/kibana into security-rac-…
madirey Oct 26, 2021
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/developer/getting-started/monorepo-packages.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,7 @@ yarn kbn watch
- @kbn/securitysolution-list-constants
- @kbn/securitysolution-list-hooks
- @kbn/securitysolution-list-utils
- @kbn/securitysolution-rules
- @kbn/securitysolution-utils
- @kbn/server-http-tools
- @kbn/server-route-repository
Expand Down
1 change: 1 addition & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,7 @@
"@kbn/securitysolution-list-constants": "link:bazel-bin/packages/kbn-securitysolution-list-constants",
"@kbn/securitysolution-list-hooks": "link:bazel-bin/packages/kbn-securitysolution-list-hooks",
"@kbn/securitysolution-list-utils": "link:bazel-bin/packages/kbn-securitysolution-list-utils",
"@kbn/securitysolution-rules": "link:bazel-bin/packages/kbn-securitysolution-rules",
"@kbn/securitysolution-t-grid": "link:bazel-bin/packages/kbn-securitysolution-t-grid",
"@kbn/securitysolution-utils": "link:bazel-bin/packages/kbn-securitysolution-utils",
"@kbn/server-http-tools": "link:bazel-bin/packages/kbn-server-http-tools",
Expand Down
1 change: 1 addition & 0 deletions packages/BUILD.bazel
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ filegroup(
"//packages/kbn-securitysolution-list-api:build",
"//packages/kbn-securitysolution-list-hooks:build",
"//packages/kbn-securitysolution-list-utils:build",
"//packages/kbn-securitysolution-rules:build",
"//packages/kbn-securitysolution-utils:build",
"//packages/kbn-securitysolution-es-utils:build",
"//packages/kbn-securitysolution-t-grid:build",
Expand Down
3 changes: 3 additions & 0 deletions packages/kbn-rule-data-utils/src/technical_field_names.ts
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ const CONSUMERS = `${KIBANA_NAMESPACE}.consumers` as const;
const ECS_VERSION = 'ecs.version' as const;
const EVENT_ACTION = 'event.action' as const;
const EVENT_KIND = 'event.kind' as const;
const EVENT_MODULE = 'event.module' as const;
const SPACE_IDS = `${KIBANA_NAMESPACE}.space_ids` as const;
const TAGS = 'tags' as const;
const TIMESTAMP = '@timestamp' as const;
Expand Down Expand Up @@ -88,6 +89,7 @@ const fields = {
ECS_VERSION,
EVENT_KIND,
EVENT_ACTION,
EVENT_MODULE,
TAGS,
TIMESTAMP,
ALERT_ACTION_GROUP,
Expand Down Expand Up @@ -189,6 +191,7 @@ export {
ECS_VERSION,
EVENT_ACTION,
EVENT_KIND,
EVENT_MODULE,
KIBANA_NAMESPACE,
ALERT_RULE_UUID,
ALERT_RULE_CATEGORY,
Expand Down
95 changes: 95 additions & 0 deletions packages/kbn-securitysolution-rules/BUILD.bazel
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
load("@npm//@bazel/typescript:index.bzl", "ts_config", "ts_project")
load("@build_bazel_rules_nodejs//:index.bzl", "js_library", "pkg_npm")
load("//src/dev/bazel:index.bzl", "jsts_transpiler")

PKG_BASE_NAME = "kbn-securitysolution-rules"

PKG_REQUIRE_NAME = "@kbn/securitysolution-rules"

SOURCE_FILES = glob(
[
"src/**/*.ts",
],
exclude = [
"**/*.test.*",
"**/*.mock.*",
],
)

SRCS = SOURCE_FILES

filegroup(
name = "srcs",
srcs = SRCS,
)

NPM_MODULE_EXTRA_FILES = [
"package.json",
"README.md",
]

RUNTIME_DEPS = [
"@npm//lodash",
"@npm//tslib",
"@npm//uuid",
]

TYPES_DEPS = [
"@npm//tslib",
"@npm//@types/jest",
"@npm//@types/lodash",
"@npm//@types/node",
"@npm//@types/uuid"
]

jsts_transpiler(
name = "target_node",
srcs = SRCS,
build_pkg_name = package_name(),
)

ts_config(
name = "tsconfig",
src = "tsconfig.json",
deps = [
"//:tsconfig.base.json",
"//:tsconfig.bazel.json",
],
)

ts_project(
name = "tsc_types",
args = ["--pretty"],
srcs = SRCS,
deps = TYPES_DEPS,
declaration = True,
declaration_map = True,
emit_declaration_only = True,
out_dir = "target_types",
root_dir = "src",
source_map = True,
tsconfig = ":tsconfig",
)

js_library(
name = PKG_BASE_NAME,
srcs = NPM_MODULE_EXTRA_FILES,
deps = RUNTIME_DEPS + [":target_node", ":tsc_types"],
package_name = PKG_REQUIRE_NAME,
visibility = ["//visibility:public"],
)

pkg_npm(
name = "npm_module",
deps = [
":%s" % PKG_BASE_NAME,
],
)

filegroup(
name = "build",
srcs = [
":npm_module",
],
visibility = ["//visibility:public"],
)
3 changes: 3 additions & 0 deletions packages/kbn-securitysolution-rules/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# kbn-securitysolution-rules

This contains alerts-as-data rule-specific constants and mappings that can be used across plugins.
13 changes: 13 additions & 0 deletions packages/kbn-securitysolution-rules/jest.config.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/

module.exports = {
preset: '@kbn/test',
rootDir: '../..',
roots: ['<rootDir>/packages/kbn-securitysolution-rules'],
};
9 changes: 9 additions & 0 deletions packages/kbn-securitysolution-rules/package.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
{
"name": "@kbn/securitysolution-rules",
"version": "1.0.0",
"description": "security solution rule utilities to use across plugins",
"license": "SSPL-1.0 OR Elastic License 2.0",
"main": "./target_node/index.js",
"types": "./target_types/index.d.ts",
"private": true
}
11 changes: 11 additions & 0 deletions packages/kbn-securitysolution-rules/src/index.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/

export * from './rule_type_constants';
export * from './rule_type_mappings';
export * from './utils';
23 changes: 23 additions & 0 deletions packages/kbn-securitysolution-rules/src/rule_type_constants.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/

/**
* Id for the legacy siem signals alerting type
*/
export const SIGNALS_ID = `siem.signals` as const;

/**
* IDs for alerts-as-data rule types
*/
const RULE_TYPE_PREFIX = `siem` as const;
export const EQL_RULE_TYPE_ID = `${RULE_TYPE_PREFIX}.eqlRule` as const;
export const INDICATOR_RULE_TYPE_ID = `${RULE_TYPE_PREFIX}.indicatorRule` as const;
export const ML_RULE_TYPE_ID = `${RULE_TYPE_PREFIX}.mlRule` as const;
export const QUERY_RULE_TYPE_ID = `${RULE_TYPE_PREFIX}.queryRule` as const;
export const SAVED_QUERY_RULE_TYPE_ID = `${RULE_TYPE_PREFIX}.savedQueryRule` as const;
export const THRESHOLD_RULE_TYPE_ID = `${RULE_TYPE_PREFIX}.thresholdRule` as const;
32 changes: 32 additions & 0 deletions packages/kbn-securitysolution-rules/src/rule_type_mappings.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/

import {
EQL_RULE_TYPE_ID,
INDICATOR_RULE_TYPE_ID,
ML_RULE_TYPE_ID,
QUERY_RULE_TYPE_ID,
SAVED_QUERY_RULE_TYPE_ID,
THRESHOLD_RULE_TYPE_ID,
} from './rule_type_constants';

/**
* Maps legacy rule types to RAC rule type IDs.
*/
export const ruleTypeMappings = {
eql: EQL_RULE_TYPE_ID,
machine_learning: ML_RULE_TYPE_ID,
query: QUERY_RULE_TYPE_ID,
saved_query: SAVED_QUERY_RULE_TYPE_ID,
threat_match: INDICATOR_RULE_TYPE_ID,
threshold: THRESHOLD_RULE_TYPE_ID,
};
type RuleTypeMappings = typeof ruleTypeMappings;

export type RuleType = keyof RuleTypeMappings;
export type RuleTypeId = RuleTypeMappings[keyof RuleTypeMappings];
Original file line number Diff line number Diff line change
@@ -1,12 +1,23 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/

import { isPlainObject } from 'lodash';
import { SearchTypes } from '../../../../../../common/detection_engine/types';
import { RuleType, RuleTypeId, ruleTypeMappings } from './rule_type_mappings';

export const isRuleType = (ruleType: unknown): ruleType is RuleType => {
return Object.keys(ruleTypeMappings).includes(ruleType as string);
};

export const isRuleTypeId = (ruleTypeId: unknown): ruleTypeId is RuleTypeId => {
return Object.values(ruleTypeMappings).includes(ruleTypeId as RuleTypeId);
};

type SearchTypes = string | number | boolean | object | SearchTypes[] | undefined;

export const flattenWithPrefix = (
prefix: string,
Expand Down
19 changes: 19 additions & 0 deletions packages/kbn-securitysolution-rules/tsconfig.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{
"extends": "../../tsconfig.bazel.json",
"compilerOptions": {
"declaration": true,
"declarationMap": true,
"emitDeclarationOnly": true,
"outDir": "target_types",
"rootDir": "src",
"sourceMap": true,
"sourceRoot": "../../../../packages/kbn-securitysolution-rules/src",
"types": [
"jest",
"node"
]
},
"include": [
"src/**/*"
]
}
30 changes: 26 additions & 4 deletions x-pack/plugins/alerting/server/saved_objects/migrations.ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
* 2.0.
*/

import { isRuleType, ruleTypeMappings } from '@kbn/securitysolution-rules';
Copy link
Contributor Author

@madirey madirey Sep 28, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test actions (probably have to unflatten the flattened fields for Mustache).

import { isString } from 'lodash/fp';
import {
LogMeta,
Expand Down Expand Up @@ -52,7 +53,8 @@ export const isAnyActionSupportIncidents = (doc: SavedObjectUnsanitizedDoc<RawAl
SUPPORT_INCIDENTS_ACTION_TYPES.includes(action.actionTypeId)
);

export const isSecuritySolutionRule = (doc: SavedObjectUnsanitizedDoc<RawAlert>): boolean =>
// Deprecated in 8.0
export const isLegacySecuritySolutionRule = (doc: SavedObjectUnsanitizedDoc<RawAlert>): boolean =>
doc.attributes.alertTypeId === 'siem.signals';

/**
Expand Down Expand Up @@ -96,19 +98,19 @@ export function getMigrations(

const migrationSecurityRules713 = createEsoMigration(
encryptedSavedObjects,
(doc): doc is SavedObjectUnsanitizedDoc<RawAlert> => isSecuritySolutionRule(doc),
(doc): doc is SavedObjectUnsanitizedDoc<RawAlert> => isLegacySecuritySolutionRule(doc),
madirey marked this conversation as resolved.
Show resolved Hide resolved
pipeMigrations(removeNullsFromSecurityRules)
);

const migrationSecurityRules714 = createEsoMigration(
encryptedSavedObjects,
(doc): doc is SavedObjectUnsanitizedDoc<RawAlert> => isSecuritySolutionRule(doc),
(doc): doc is SavedObjectUnsanitizedDoc<RawAlert> => isLegacySecuritySolutionRule(doc),
pipeMigrations(removeNullAuthorFromSecurityRules)
);

const migrationSecurityRules715 = createEsoMigration(
encryptedSavedObjects,
(doc): doc is SavedObjectUnsanitizedDoc<RawAlert> => isSecuritySolutionRule(doc),
(doc): doc is SavedObjectUnsanitizedDoc<RawAlert> => isLegacySecuritySolutionRule(doc),
pipeMigrations(addExceptionListsToReferences)
);

Expand All @@ -118,6 +120,7 @@ export function getMigrations(
pipeMigrations(
setLegacyId,
getRemovePreconfiguredConnectorsFromReferencesFn(isPreconfigured),
addRACRuleTypes,
addRuleIdsToLegacyNotificationReferences,
extractRefsFromGeoContainmentAlert
)
Expand Down Expand Up @@ -647,6 +650,25 @@ function setLegacyId(
};
}

function addRACRuleTypes(
doc: SavedObjectUnsanitizedDoc<RawAlert>
): SavedObjectUnsanitizedDoc<RawAlert> {
const ruleType = doc.attributes.params.type;
return isLegacySecuritySolutionRule(doc) && isRuleType(ruleType)
? {
...doc,
attributes: {
...doc.attributes,
alertTypeId: ruleTypeMappings[ruleType],
params: {
...doc.attributes.params,
outputIndex: '',
},
},
}
: doc;
}

function getRemovePreconfiguredConnectorsFromReferencesFn(
isPreconfigured: (connectorId: string) => boolean
) {
Expand Down
Loading