Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] [Sourcerer] [Feature Branch] Update to use Kibana Data Views #114806

Merged
merged 243 commits into from
Nov 4, 2021
Merged
Show file tree
Hide file tree
Changes from 229 commits
Commits
Show all changes
243 commits
Select commit Hold shift + click to select a range
4deabab
initialize default KIP
stephmilovic Jul 19, 2021
8c452c2
rm configIndexPatterns
stephmilovic Jul 19, 2021
fde9056
no more config patterns
stephmilovic Jul 20, 2021
919a310
fix sourcerer jest
stephmilovic Jul 21, 2021
3b6cf6a
another test fix
stephmilovic Jul 21, 2021
957bb97
Merge branch 'master' into sourcerer_kip
stephmilovic Jul 21, 2021
8458b6f
more test fixes
stephmilovic Jul 21, 2021
c3df135
rm some comments
stephmilovic Jul 21, 2021
0342da6
Merge branch 'master' into sourcerer_kip
stephmilovic Jul 21, 2021
af76d50
Merge branch 'master' into sourcerer_kip
stephmilovic Jul 22, 2021
a386a11
why
stephmilovic Jul 22, 2021
d10ec88
fix cy
stephmilovic Jul 23, 2021
33d44f1
Merge branch 'master' into sourcerer_kip
stephmilovic Jul 23, 2021
e79a9b1
merge
stephmilovic Jul 26, 2021
3c13e86
k
stephmilovic Jul 26, 2021
6cc917c
move to server
stephmilovic Jul 27, 2021
343354d
rm cy com
stephmilovic Jul 27, 2021
86bc00d
ui for permissions and fix tests
stephmilovic Jul 27, 2021
255bc1f
pass as arg
stephmilovic Jul 27, 2021
434f9bb
fix mistakes
stephmilovic Jul 27, 2021
49098d4
fix types
stephmilovic Jul 27, 2021
de97889
merge master
stephmilovic Aug 3, 2021
ffc08eb
fix ml test
stephmilovic Aug 4, 2021
23fba2c
Merge branch 'master' into sourcerer_kip
stephmilovic Aug 4, 2021
385a91d
start
stephmilovic Aug 5, 2021
11c741d
Merge branch 'master' into sourcerer_kip
kibanamachine Aug 5, 2021
4e81552
wip
stephmilovic Aug 5, 2021
f4341d9
default sourcerer working me thinks
stephmilovic Aug 5, 2021
32025be
Merge branch 'sourcerer_kip' of github.com:stephmilovic/kibana into s…
stephmilovic Aug 5, 2021
e33abe3
Merge branch 'sourcerer_kip' into sourcerer_kip_as
stephmilovic Aug 5, 2021
bfeb49f
rm some logs
stephmilovic Aug 5, 2021
ff8aa1c
idk
stephmilovic Aug 9, 2021
e986d9d
fix conflicts
stephmilovic Aug 9, 2021
bc751f0
Merge branch 'sourcerer_kip' into sourcerer_kip_as
stephmilovic Aug 9, 2021
19a1e9a
Merge branch 'master' into sourcerer_kip
kibanamachine Aug 9, 2021
1431aa8
updates from advanced settings
stephmilovic Aug 9, 2021
2c81a43
combo box is back
stephmilovic Aug 9, 2021
6ea14db
working default need indicesExist
stephmilovic Aug 9, 2021
f7760d7
Merge branch 'master' into sourcerer_kip
stephmilovic Aug 10, 2021
51625e6
Merge branch 'sourcerer_kip' of github.com:stephmilovic/kibana into s…
stephmilovic Aug 10, 2021
7ddc9fb
Merge branch 'sourcerer_kip' into sourcerer_kip_as
stephmilovic Aug 10, 2021
f591809
working better
stephmilovic Aug 10, 2021
d687623
sanity check
stephmilovic Aug 11, 2021
5748a6c
merge w master
stephmilovic Aug 31, 2021
7ceef3a
merge master
stephmilovic Aug 31, 2021
68efdd2
Merge branch 'sourcerer_kip' into sourcerer_kip_as
stephmilovic Aug 31, 2021
09dd0e8
Merge branch 'master' into sourcerer_kip
stephmilovic Aug 31, 2021
45a1b15
Merge branch 'sourcerer_kip' into sourcerer_kip_as
stephmilovic Aug 31, 2021
74e4c31
logs
stephmilovic Aug 31, 2021
31c0b16
fix merge conflicts
stephmilovic Sep 1, 2021
232a520
fix conflicts
stephmilovic Sep 1, 2021
5e6331c
hey
stephmilovic Sep 1, 2021
eaebc6b
fix big ol bugsy wugsy
stephmilovic Sep 1, 2021
ffe5370
fixed some things, wrote a test
stephmilovic Sep 1, 2021
3492cb0
Merge branch 'master' into sourcerer_kip
stephmilovic Sep 2, 2021
bbd8616
Merge branch 'master' into sourcerer_kip_as
stephmilovic Sep 2, 2021
7db7a32
Merge branch 'sourcerer_kip' into sourcerer_kip_as
stephmilovic Sep 2, 2021
67ee52b
url state just works wow what a good morning
stephmilovic Sep 2, 2021
ebf9455
Merge branch 'master' into sourcerer_kip
stephmilovic Sep 2, 2021
4312ac2
Merge branch 'sourcerer_kip' into sourcerer_kip_as
stephmilovic Sep 2, 2021
bff7ccc
start on timeline sourcerer
stephmilovic Sep 2, 2021
43661fa
fix bug
stephmilovic Sep 2, 2021
1fe521e
fix some tests and simplify
stephmilovic Sep 3, 2021
0705be6
fixing tests and types
stephmilovic Sep 3, 2021
a93d4c6
maeffn type pass wut
stephmilovic Sep 3, 2021
f80ca48
fixing
stephmilovic Sep 3, 2021
3d32cf5
About to do timeline stuff
stephmilovic Sep 7, 2021
26231bb
get rid of bad selector
stephmilovic Sep 7, 2021
bbc7865
Merge branch 'master' into sourcerer_kip
stephmilovic Sep 7, 2021
2f5d60a
Merge branch 'sourcerer_kip' into sourcerer_kip_as
stephmilovic Sep 7, 2021
8c1b8d0
server side dataViewId
stephmilovic Sep 7, 2021
f52c33b
added prop to timeline and passes type check
stephmilovic Sep 7, 2021
b035d4b
by golly i think i did it
stephmilovic Sep 7, 2021
08f22aa
rm logs
stephmilovic Sep 7, 2021
290a4e1
undo myob
stephmilovic Sep 7, 2021
415ad8d
revert whoops
stephmilovic Sep 7, 2021
d8c3f20
jest fixing
stephmilovic Sep 7, 2021
bcc8061
jest fixing
stephmilovic Sep 8, 2021
03be321
Merge branch 'master' into sourcerer_kip
stephmilovic Sep 8, 2021
38b679c
Merge branch 'sourcerer_kip' into sourcerer_kip_as
stephmilovic Sep 8, 2021
5ae36e5
make runtime fields return runtime values, duh
stephmilovic Sep 9, 2021
b35251c
fix test
stephmilovic Sep 9, 2021
c083cdd
merge master
stephmilovic Sep 9, 2021
7c86ed6
merge in masteR
stephmilovic Sep 9, 2021
e32f7af
renames
stephmilovic Sep 9, 2021
a7b851d
fix translations
stephmilovic Sep 9, 2021
26ef3ee
more renaming
stephmilovic Sep 10, 2021
6f856a4
updates fields api and enforce types
stephmilovic Sep 10, 2021
be70eca
better types
stephmilovic Sep 10, 2021
302f4a3
yay
stephmilovic Sep 10, 2021
0903dc1
add issue comments
stephmilovic Sep 10, 2021
0e209ff
Merge branch 'master' into sourcerer_kip
stephmilovic Sep 10, 2021
382d27c
Merge branch 'sourcerer_kip' into sourcerer_kip_as
stephmilovic Sep 10, 2021
352d437
fix index pattern when siem signal index is null
stephmilovic Sep 10, 2021
7e81988
Merge branch 'master' into sourcerer_kip
stephmilovic Sep 13, 2021
6f79940
Merge branch 'sourcerer_kip' into sourcerer_kip_as
stephmilovic Sep 13, 2021
a8483e0
fix private rtf
stephmilovic Sep 13, 2021
438a5c9
wip
stephmilovic Sep 14, 2021
10b7f27
Merge branch 'master' into sourcerer_kip
stephmilovic Sep 14, 2021
b9a8d40
why did i do this in one commit jeeeeez
stephmilovic Sep 14, 2021
c9a1905
merge in
stephmilovic Sep 14, 2021
85fac4b
fix
stephmilovic Sep 14, 2021
1c6c34e
cy wip
stephmilovic Sep 14, 2021
f50b40d
fix whoops
stephmilovic Sep 14, 2021
7e50a47
fix migration and add another test
stephmilovic Sep 15, 2021
03b7ba2
bs
stephmilovic Sep 16, 2021
5936acf
Merge branch 'master' into sourcerer_kip
stephmilovic Sep 16, 2021
cdf8171
merged
stephmilovic Sep 16, 2021
54be286
working on unit tests
stephmilovic Sep 16, 2021
d9588fd
jest wip
stephmilovic Sep 20, 2021
b9b224c
resolve
stephmilovic Sep 20, 2021
12f5ae5
fix conflicts
stephmilovic Sep 20, 2021
84865d3
fix conflicts
stephmilovic Sep 20, 2021
a7e31ec
add more tests
stephmilovic Sep 20, 2021
2c1aabe
more test
stephmilovic Sep 20, 2021
ddc4ffe
more tests wiP
stephmilovic Sep 20, 2021
dbfa580
Merge branch 'sourcerer_kip_as' into sourcerer_kip_bs
stephmilovic Sep 20, 2021
3d03457
ruleRegistry:false caps
stephmilovic Sep 21, 2021
a79e9eb
Merge branch 'master' into sourcerer_kip
stephmilovic Sep 21, 2021
d81fed2
Merge branch 'sourcerer_kip' into sourcerer_kip_as
stephmilovic Sep 21, 2021
2bc12b2
fix eslint and i18n
stephmilovic Sep 21, 2021
de87a9e
what happened
stephmilovic Sep 22, 2021
f3c8d41
Merge branch 'master' into sourcerer_kip
stephmilovic Sep 22, 2021
83cc7d2
fix merge conflicts
stephmilovic Sep 22, 2021
aa5b258
Merge branch 'sourcerer_kip_as' into sourcerer_kip_cs
stephmilovic Sep 22, 2021
70c5292
fix type err
stephmilovic Sep 22, 2021
935b551
Merge branch 'sourcerer_kip_as' into sourcerer_kip_cs
stephmilovic Sep 22, 2021
9fa9a2f
this is not elegant
stephmilovic Sep 22, 2021
8730d63
its A solution. not THE solution
stephmilovic Sep 22, 2021
d1ba923
news
stephmilovic Sep 22, 2021
0832cfe
works with no ruleRegistry
stephmilovic Sep 23, 2021
016d18b
fixed
stephmilovic Sep 23, 2021
cc98f56
comments
stephmilovic Sep 23, 2021
38e8f6e
Merge branch 'master' into sourcerer_kip_as
kibanamachine Sep 23, 2021
7c7a968
fixes for url state
stephmilovic Sep 23, 2021
883929a
Merge branch 'sourcerer_kip_as' of github.com:stephmilovic/kibana int…
stephmilovic Sep 23, 2021
9af3d1e
fix jest
stephmilovic Sep 23, 2021
a49893a
more jest fixing
stephmilovic Sep 23, 2021
26c30ff
Merge branch 'master' into sourcerer_kip_as
kibanamachine Sep 25, 2021
55020b1
push console logs for X
stephmilovic Sep 27, 2021
5f96a4d
fix bug
stephmilovic Sep 28, 2021
656739e
resolve conflicts
stephmilovic Sep 28, 2021
e7ae515
fixes
stephmilovic Sep 28, 2021
82b7327
merged w master
stephmilovic Sep 28, 2021
72cae51
cypress is one crazy mofo
stephmilovic Sep 29, 2021
bed0e0b
all ready
stephmilovic Sep 29, 2021
96558bc
make everything happy
stephmilovic Sep 29, 2021
9efc307
fix conflict
stephmilovic Sep 29, 2021
71b590a
wildcard to siem signals default index in sourcerer
stephmilovic Sep 30, 2021
be89ffb
fix lil whoops
stephmilovic Sep 30, 2021
377108d
rm useMemo from sourcerer components
stephmilovic Sep 30, 2021
fff38a7
cleanup comment
stephmilovic Sep 30, 2021
33760fd
Fix top n
stephmilovic Sep 30, 2021
552b64e
fix lil whoops again
stephmilovic Sep 30, 2021
4bdb491
fix jest
stephmilovic Oct 1, 2021
4c65fcb
merge in master
stephmilovic Oct 1, 2021
95516b0
stopping point commit
stephmilovic Oct 1, 2021
9b01c57
resolve tests
stephmilovic Oct 4, 2021
ab6c47e
merge in master
stephmilovic Oct 4, 2021
9c825e9
rm whoops
stephmilovic Oct 4, 2021
f6b7b38
fix trnslations and other cleanups
stephmilovic Oct 4, 2021
b202ff2
review i
stephmilovic Oct 4, 2021
c3471e6
add test for johnny
stephmilovic Oct 4, 2021
3b17d0f
Merge branch 'master' into sourcerer_kip_as
stephmilovic Oct 4, 2021
d535295
rm test comments
stephmilovic Oct 4, 2021
358cad8
review ii
stephmilovic Oct 5, 2021
d8cf285
fix cypress
stephmilovic Oct 5, 2021
4df9c41
revert
stephmilovic Oct 5, 2021
1d2e8ed
fix conflict
stephmilovic Oct 5, 2021
f715950
Merge branch 'master' into sourcerer_kip_as
stephmilovic Oct 5, 2021
aebe8e0
revert some stuff
stephmilovic Oct 5, 2021
1552c11
add trick to cypress
stephmilovic Oct 5, 2021
36c4a7b
rm wildcard from pattern
stephmilovic Oct 5, 2021
87bd0ab
fix jest
stephmilovic Oct 6, 2021
732e3dc
Merge branch 'master' into sourcerer_kip_as
stephmilovic Oct 6, 2021
8e8d84c
Merge branch 'master' into sourcerer_kip_as
kibanamachine Oct 6, 2021
b7a3caf
fix timeline bug
stephmilovic Oct 6, 2021
0f5c93b
resolve conflicts
stephmilovic Oct 7, 2021
e04ffb0
Merge branch 'master' into sourcerer_kip_as
stephmilovic Oct 7, 2021
6e2a364
fix routes
stephmilovic Oct 7, 2021
7d804a2
Resolve merge
stephmilovic Oct 11, 2021
f6635c8
Fix types
stephmilovic Oct 11, 2021
f4d8061
resolve conflicts
stephmilovic Oct 13, 2021
ffcd6ed
fix cases privileges test
stephmilovic Oct 14, 2021
8441b4e
Merge branch 'master' into sourcerer_kip_as
stephmilovic Oct 14, 2021
5a4f97d
fix bug pablo found
stephmilovic Oct 15, 2021
64e1232
pick events merge conflict
stephmilovic Oct 15, 2021
79699a5
Merge branch 'master' into sourcerer_kip_as
stephmilovic Oct 15, 2021
9cad466
Merge branch 'master' into sourcerer_kip_as
kibanamachine Oct 18, 2021
9d0fc8f
Merge branch 'master' into sourcerer_kip_as
kibanamachine Oct 18, 2021
d592c1b
hide signal index on default sourcerer
stephmilovic Oct 18, 2021
13e6971
Merge branch 'sourcerer_kip_as' of github.com:elastic/kibana into sou…
stephmilovic Oct 18, 2021
fc516ea
Merge branch 'master' into sourcerer_kip_as
kibanamachine Oct 18, 2021
6a167d8
rm validatePatterns
stephmilovic Oct 19, 2021
770f206
Merge branch 'sourcerer_kip_as' of github.com:elastic/kibana into sou…
stephmilovic Oct 19, 2021
db06e55
simplify
stephmilovic Oct 19, 2021
2a868e4
Merge branch 'master' into sourcerer_kip_as
kibanamachine Oct 19, 2021
a7eafca
review iii
stephmilovic Oct 19, 2021
becd6bc
Merge branch 'master' into sourcerer_kip_as
stephmilovic Oct 19, 2021
33caa21
Merge branch 'master' into sourcerer_kip_as
stephmilovic Oct 19, 2021
27f153c
Merge branch 'master' into sourcerer_kip_as
stephmilovic Oct 19, 2021
53bd342
replace validatePatternListActive
stephmilovic Oct 19, 2021
fc4c9bf
revert silly
stephmilovic Oct 19, 2021
856cfe7
fix merge
stephmilovic Oct 20, 2021
6699b29
ok dont do the migration fine
stephmilovic Oct 21, 2021
e1721d5
merge in masteR
stephmilovic Oct 21, 2021
db696c9
Add `.catch()` statement to ES calls in order to get better stacktraces
paul-tavares Oct 21, 2021
b6d8110
Improve efficiency of getHostEndpoint() search strategy method
paul-tavares Oct 21, 2021
62a9811
Refactor `getHostEndpoint()` to use new Metadata service as well as t…
paul-tavares Oct 25, 2021
ca81cd9
Resolve conflicts
stephmilovic Oct 25, 2021
90b87a1
Merge remote-tracking branch 'upstream/master' into task/olm-1926-all…
paul-tavares Oct 26, 2021
1f4ea7c
doing this
stephmilovic Oct 26, 2021
f882d4a
fix test thanks angela
stephmilovic Oct 26, 2021
a848216
Merge remote-tracking branch 'upstream/master' into task/olm-1926-all…
paul-tavares Oct 26, 2021
052e07e
Merge remote-tracking branch 'upstream/master' into task/olm-1926-all…
paul-tavares Oct 26, 2021
c4c22f7
resolve conflicts
stephmilovic Oct 27, 2021
0e63da9
fix type
stephmilovic Oct 27, 2021
39b6f71
rm todos
stephmilovic Oct 27, 2021
3ca181d
rm todos
stephmilovic Oct 27, 2021
0ef0126
Merge branch 'master' into task/olm-1926-allow-non-superuser-to-read-…
kibanamachine Oct 27, 2021
2e4c7bd
fix type
stephmilovic Oct 27, 2021
2578fe3
Merge branch 'master' into sourcerer_kip_as
stephmilovic Oct 27, 2021
cdcf869
as const message
stephmilovic Oct 27, 2021
acea7a6
Merge branch 'master' into task/olm-1926-allow-non-superuser-to-read-…
kibanamachine Oct 27, 2021
7e8cadb
Merge acea7a6d04749b25dbff4f6e98e75ee5158dc6bf into 4be1d8f4384dd6b66…
paul-tavares Oct 27, 2021
be170e1
Merge commit 'refs/pull/116202/merge' of https://github.com/elastic/k…
stephmilovic Oct 27, 2021
4e14750
Merge branch 'master' into sourcerer_kip_as
kibanamachine Oct 27, 2021
f92432c
fix detections roles
stephmilovic Oct 27, 2021
08fba07
Merge branch 'sourcerer_kip_as' of https://github.com/elastic/kibana …
stephmilovic Oct 27, 2021
748d97a
better comments
stephmilovic Oct 27, 2021
0db5636
Revert "Merge commit 'refs/pull/116202/merge' of https://github.com/e…
stephmilovic Oct 27, 2021
2332990
Merge branch 'master' into sourcerer_kip_as
stephmilovic Oct 28, 2021
585668d
Merge branch 'master' into sourcerer_kip_as
stephmilovic Oct 28, 2021
2e7c4e6
wip
stephmilovic Oct 28, 2021
fc5a57e
this might work
stephmilovic Oct 28, 2021
e4972f4
fix
stephmilovic Oct 28, 2021
3704a28
Show results if sourcerer initiates signal index, whether or not it e…
stephmilovic Oct 28, 2021
479014c
fix mock
stephmilovic Oct 29, 2021
2c8adfd
Merge branch 'main' into sourcerer_kip_as
kibanamachine Nov 1, 2021
7b13681
fix merge
stephmilovic Nov 2, 2021
8286a33
Merge branch 'main' into sourcerer_kip_as
stephmilovic Nov 3, 2021
ac0b022
[Security Solution] [Sourcerer] Store and type cleanup (#116640)
stephmilovic Nov 4, 2021
6a68772
Small cleanup
stephmilovic Nov 4, 2021
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/

import { IndexPatternsFetcher } from '.';
import { ElasticsearchClient } from 'kibana/server';
import * as indexNotFoundException from './index_not_found_exception.json';
Expand All @@ -15,36 +14,36 @@ describe('Index Pattern Fetcher - server', () => {
let esClient: ElasticsearchClient;
const emptyResponse = {
body: {
count: 0,
indices: [],
},
};
const response = {
body: {
count: 1115,
indices: ['b'],
fields: [{ name: 'foo' }, { name: 'bar' }, { name: 'baz' }],
},
};
const patternList = ['a', 'b', 'c'];
beforeEach(() => {
jest.clearAllMocks();
esClient = {
count: jest.fn().mockResolvedValueOnce(emptyResponse).mockResolvedValue(response),
fieldCaps: jest.fn().mockResolvedValueOnce(emptyResponse).mockResolvedValue(response),
} as unknown as ElasticsearchClient;
indexPatterns = new IndexPatternsFetcher(esClient);
});

it('Removes pattern without matching indices', async () => {
const result = await indexPatterns.validatePatternListActive(patternList);
expect(result).toEqual(['b', 'c']);
});

it('Returns all patterns when all match indices', async () => {
esClient = {
count: jest.fn().mockResolvedValue(response),
fieldCaps: jest.fn().mockResolvedValue(response),
} as unknown as ElasticsearchClient;
indexPatterns = new IndexPatternsFetcher(esClient);
const result = await indexPatterns.validatePatternListActive(patternList);
expect(result).toEqual(patternList);
});
it('Removes pattern when "index_not_found_exception" error is thrown', async () => {
it('Removes pattern when error is thrown', async () => {
class ServerError extends Error {
public body?: Record<string, any>;
constructor(
Expand All @@ -56,9 +55,8 @@ describe('Index Pattern Fetcher - server', () => {
this.body = errBody;
}
}

esClient = {
count: jest
fieldCaps: jest
.fn()
.mockResolvedValueOnce(response)
.mockRejectedValue(
Expand All @@ -69,4 +67,22 @@ describe('Index Pattern Fetcher - server', () => {
const result = await indexPatterns.validatePatternListActive(patternList);
expect(result).toEqual([patternList[0]]);
});
it('When allowNoIndices is false, run validatePatternListActive', async () => {
const fieldCapsMock = jest.fn();
esClient = {
fieldCaps: fieldCapsMock.mockResolvedValue(response),
} as unknown as ElasticsearchClient;
indexPatterns = new IndexPatternsFetcher(esClient);
await indexPatterns.getFieldsForWildcard({ pattern: patternList });
expect(fieldCapsMock.mock.calls).toHaveLength(4);
});
it('When allowNoIndices is true, do not run validatePatternListActive', async () => {
const fieldCapsMock = jest.fn();
esClient = {
fieldCaps: fieldCapsMock.mockResolvedValue(response),
} as unknown as ElasticsearchClient;
indexPatterns = new IndexPatternsFetcher(esClient, true);
await indexPatterns.getFieldsForWildcard({ pattern: patternList });
expect(fieldCapsMock.mock.calls).toHaveLength(1);
});
});
44 changes: 18 additions & 26 deletions src/plugins/data_views/server/fetcher/index_patterns_fetcher.ts
Original file line number Diff line number Diff line change
Expand Up @@ -36,12 +36,10 @@ interface FieldSubType {
export class IndexPatternsFetcher {
private elasticsearchClient: ElasticsearchClient;
private allowNoIndices: boolean;

constructor(elasticsearchClient: ElasticsearchClient, allowNoIndices: boolean = false) {
this.elasticsearchClient = elasticsearchClient;
this.allowNoIndices = allowNoIndices;
}

/**
* Get a list of field objects for an index pattern that may contain wildcards
*
Expand All @@ -60,23 +58,22 @@ export class IndexPatternsFetcher {
}): Promise<FieldDescriptor[]> {
const { pattern, metaFields, fieldCapsOptions, type, rollupIndex } = options;
const patternList = Array.isArray(pattern) ? pattern : pattern.split(',');
const allowNoIndices = fieldCapsOptions
? fieldCapsOptions.allow_no_indices
: this.allowNoIndices;
let patternListActive: string[] = patternList;
// if only one pattern, don't bother with validation. We let getFieldCapabilities fail if the single pattern is bad regardless
if (patternList.length > 1) {
if (patternList.length > 1 && !allowNoIndices) {
patternListActive = await this.validatePatternListActive(patternList);
}
const fieldCapsResponse = await getFieldCapabilities(
this.elasticsearchClient,
// if none of the patterns are active, pass the original list to get an error
patternListActive.length > 0 ? patternListActive : patternList,
patternListActive,
metaFields,
{
allow_no_indices: fieldCapsOptions
? fieldCapsOptions.allow_no_indices
: this.allowNoIndices,
allow_no_indices: allowNoIndices,
}
);

if (type === 'rollup' && rollupIndex) {
const rollupFields: FieldDescriptor[] = [];
const rollupIndexCapabilities = getCapabilitiesForRollupIndices(
Expand All @@ -87,13 +84,11 @@ export class IndexPatternsFetcher {
).body
)[rollupIndex].aggs;
const fieldCapsResponseObj = keyBy(fieldCapsResponse, 'name');

// Keep meta fields
metaFields!.forEach(
(field: string) =>
fieldCapsResponseObj[field] && rollupFields.push(fieldCapsResponseObj[field])
);

return mergeCapabilitiesWithFields(
rollupIndexCapabilities,
fieldCapsResponseObj,
Expand Down Expand Up @@ -137,23 +132,20 @@ export class IndexPatternsFetcher {
async validatePatternListActive(patternList: string[]) {
const result = await Promise.all(
patternList
.map((pattern) =>
this.elasticsearchClient.count({
index: pattern,
})
)
.map((p) =>
p.catch((e) => {
if (e.body.error.type === 'index_not_found_exception') {
return { body: { count: 0 } };
}
throw e;
})
)
.map(async (index) => {
const searchResponse = await this.elasticsearchClient.fieldCaps({
index,
fields: '_id',
ignore_unavailable: true,
allow_no_indices: false,
});
return searchResponse.body.indices.length > 0;
})
.map((p) => p.catch(() => false))
);
return result.reduce(
(acc: string[], { body: { count } }, patternListIndex) =>
count > 0 ? [...acc, patternList[patternListIndex]] : acc,
(acc: string[], isValid, patternListIndex) =>
isValid ? [...acc, patternList[patternListIndex]] : acc,
[]
);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -412,6 +412,8 @@ export function AlertsTableTGrid(props: AlertsTableTGridProps) {
},
renderCellValue: getRenderCellValue({ setFlyoutAlert }),
rowRenderers: NO_ROW_RENDER,
// TODO: implement Kibana data view runtime fields in observability
runtimeMappings: {},
start: rangeFrom,
setRefetch,
sort: [
Expand Down
24 changes: 21 additions & 3 deletions x-pack/plugins/security_solution/common/constants.ts
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,19 @@ import { ENABLE_ITOM } from '../../actions/server/constants/connectors';
import type { TransformConfigSchema } from './transforms/types';
import { ENABLE_CASE_CONNECTOR } from '../../cases/common';
import { METADATA_TRANSFORMS_PATTERN } from './endpoint/constants';
import { SavedObjectReference } from '../../../../src/core/types';
import { DATA_VIEW_SAVED_OBJECT_TYPE } from '../../../../src/plugins/data/common';

/**
* as const
*
* The const assertion ensures that type widening does not occur
* https://mariusschulz.com/blog/literal-type-widening-in-typescript
* Please follow this convention when adding to this file
*/

export const APP_ID = 'securitySolution' as const;
export const APP_UI_ID = 'securitySolutionUI';
export const APP_UI_ID = 'securitySolutionUI' as const;
export const CASES_FEATURE_ID = 'securitySolutionCases' as const;
export const SERVER_APP_ID = 'siem' as const;
export const APP_NAME = 'Security' as const;
Expand All @@ -26,6 +36,8 @@ export const DEFAULT_DATE_FORMAT_TZ = 'dateFormat:tz' as const;
export const DEFAULT_DARK_MODE = 'theme:darkMode' as const;
export const DEFAULT_INDEX_KEY = 'securitySolution:defaultIndex' as const;
export const DEFAULT_NUMBER_FORMAT = 'format:number:defaultPattern' as const;
export const DEFAULT_DATA_VIEW_ID = 'security-solution' as const;
export const DEFAULT_TIME_FIELD = '@timestamp' as const;
export const DEFAULT_TIME_RANGE = 'timepicker:timeDefaults' as const;
export const DEFAULT_REFRESH_RATE_INTERVAL = 'timepicker:refreshIntervalDefaults' as const;
export const DEFAULT_APP_TIME_RANGE = 'securitySolution:timeDefaults' as const;
Expand All @@ -51,7 +63,6 @@ export const DEFAULT_TIMEPICKER_QUICK_RANGES = 'timepicker:quickRanges' as const
export const DEFAULT_TRANSFORMS = 'securitySolution:transforms' as const;
export const SCROLLING_DISABLED_CLASS_NAME = 'scrolling-disabled' as const;
export const GLOBAL_HEADER_HEIGHT = 96 as const; // px
export const GLOBAL_HEADER_HEIGHT_WITH_GLOBAL_BANNER = 128 as const; // px
export const FILTERS_GLOBAL_HEIGHT = 109 as const; // px
export const FULL_SCREEN_TOGGLED_CLASS_NAME = 'fullScreenToggled' as const;
export const NO_ALERT_INDEX = 'no-alert-index-049FC71A-4C2C-446F-9901-37XMC5024C51' as const;
Expand Down Expand Up @@ -152,6 +163,12 @@ export const DEFAULT_INDEX_PATTERN = [
'winlogbeat-*',
];

export const defaultDataViewRef: SavedObjectReference = {
id: DEFAULT_DATA_VIEW_ID,
name: 'dataViewId',
type: DATA_VIEW_SAVED_OBJECT_TYPE,
};

export const DEFAULT_INDEX_PATTERN_EXPERIMENTAL = [
// TODO: Steph/ueba TEMP for testing UEBA data
'ml_host_risk_score_*',
Expand Down Expand Up @@ -256,6 +273,7 @@ export const TIMELINE_PREPACKAGED_URL = `${TIMELINE_URL}/_prepackaged` as const;

export const NOTE_URL = '/api/note' as const;
export const PINNED_EVENT_URL = '/api/pinned_event' as const;
export const SOURCERER_API_URL = '/api/sourcerer' as const;

/**
* Default signals index key for kibana.dev.yml
Expand Down Expand Up @@ -343,7 +361,7 @@ export const ELASTIC_NAME = 'estc' as const;

export const METADATA_TRANSFORM_STATS_URL = `/api/transform/transforms/${METADATA_TRANSFORMS_PATTERN}/_stats`;

export const RISKY_HOSTS_INDEX_PREFIX = 'ml_host_risk_score_latest_';
export const RISKY_HOSTS_INDEX_PREFIX = 'ml_host_risk_score_latest_' as const;

export const TRANSFORM_STATES = {
ABORTING: 'aborting',
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,79 +5,15 @@
* 2.0.
*/

import type { IFieldSubType } from '@kbn/es-query';

import type {
IEsSearchRequest,
IEsSearchResponse,
IIndexPattern,
} from '../../../../../../src/plugins/data/common';
import type { DocValueFields, Maybe } from '../common';

interface FieldInfo {
category: string;
description?: string;
example?: string | number;
format?: string;
name: string;
type?: string;
}

export interface IndexField {
/** Where the field belong */
category: string;
/** Example of field's value */
example?: Maybe<string | number>;
/** whether the field's belong to an alias index */
indexes: Array<Maybe<string>>;
/** The name of the field */
name: string;
/** The type of the field's values as recognized by Kibana */
type: string;
/** Whether the field's values can be efficiently searched for */
searchable: boolean;
/** Whether the field's values can be aggregated */
aggregatable: boolean;
/** Description of the field */
description?: Maybe<string>;
format?: Maybe<string>;
/** the elastic type as mapped in the index */
esTypes?: string[];
subType?: IFieldSubType;
readFromDocValues: boolean;
}

export type BeatFields = Record<string, FieldInfo>;

export interface IndexFieldsStrategyRequest extends IEsSearchRequest {
indices: string[];
onlyCheckIfIndicesExist: boolean;
}

export interface IndexFieldsStrategyResponse extends IEsSearchResponse {
indexFields: IndexField[];
indicesExist: string[];
}

export interface BrowserField {
aggregatable: boolean;
category: string;
description: string | null;
example: string | number | null;
fields: Readonly<Record<string, Partial<BrowserField>>>;
format: string;
indexes: string[];
name: string;
searchable: boolean;
type: string;
subType?: IFieldSubType;
}

export type BrowserFields = Readonly<Record<string, Partial<BrowserField>>>;

export const EMPTY_BROWSER_FIELDS = {};
export const EMPTY_DOCVALUE_FIELD: DocValueFields[] = [];
export const EMPTY_INDEX_PATTERN: IIndexPattern = {
fields: [],
title: '',
};
export {
FieldInfo,
IndexField,
BeatFields,
IndexFieldsStrategyRequest,
IndexFieldsStrategyResponse,
BrowserField,
BrowserFields,
EMPTY_BROWSER_FIELDS,
EMPTY_DOCVALUE_FIELD,
EMPTY_INDEX_PATTERN,
} from '../../../../timelines/common';
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ export { LastEventIndexKey } from '../../../../../../timelines/common';
export type {
LastTimeDetails,
TimelineEventsLastEventTimeStrategyResponse,
TimelineKpiStrategyRequest,
TimelineKpiStrategyResponse,
TimelineEventsLastEventTimeRequestOptions,
} from '../../../../../../timelines/common';
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
* 2.0.
*/

import { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
import { IEsSearchRequest } from '../../../../../../src/plugins/data/common';
import { ESQuery } from '../../typed_json';
import {
Expand Down Expand Up @@ -41,6 +42,7 @@ export interface TimelineRequestBasicOptions extends IEsSearchRequest {
defaultIndex: string[];
docValueFields?: DocValueFields[];
factoryQueryType?: TimelineFactoryQueryTypes;
runtimeMappings: MappingRuntimeFields;
}

export interface TimelineRequestSortField<Field = string> extends SortField<Field> {
Expand Down Expand Up @@ -171,6 +173,7 @@ export interface SortTimelineInput {
export interface TimelineInput {
columns?: Maybe<ColumnHeaderInput[]>;
dataProviders?: Maybe<DataProviderInput[]>;
dataViewId?: Maybe<string>;
description?: Maybe<string>;
eqlOptions?: Maybe<EqlOptionsInput>;
eventType?: Maybe<string>;
Expand Down
2 changes: 1 addition & 1 deletion x-pack/plugins/security_solution/common/test/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,12 @@

// For the source of these roles please consult the PR these were introduced https://github.com/elastic/kibana/pull/81866#issue-511165754
export enum ROLES {
soc_manager = 'soc_manager',
reader = 'reader',
t1_analyst = 't1_analyst',
t2_analyst = 't2_analyst',
hunter = 'hunter',
rule_author = 'rule_author',
soc_manager = 'soc_manager',
platform_engineer = 'platform_engineer',
detections_admin = 'detections_admin',
}
Loading