[Security Solution][Exceptions] Rule exceptions TTL - Expiration

packages/kbn-securitysolution-exception-list-components/src/exception_item_card/meta/details_info/index.tsx

@@ -15,7 +15,7 @@ import * as i18n from '../../translations';
 interface MetaInfoDetailsProps {
   label: string;
   lastUpdate: JSX.Element | string;
-  lastUpdateValue: string;
+  lastUpdateValue?: string;
   dataTestSubj?: string;
 }
 
@@ -42,20 +42,24 @@ export const MetaInfoDetails = memo<MetaInfoDetailsProps>(
             {lastUpdate}
           </EuiBadge>
         </EuiFlexItem>
-        <EuiFlexItem grow={false}>
-          <EuiText size="xs" css={euiBadgeFontFamily}>
-            {i18n.EXCEPTION_ITEM_CARD_META_BY}
-          </EuiText>
-        </EuiFlexItem>
-        <EuiFlexItem grow={false} data-test-subj={`${dataTestSubj || ''}lastUpdateValue`}>
-          <EuiFlexGroup responsive gutterSize="xs" alignItems="center">
+        {lastUpdateValue != null && (
+          <>
             <EuiFlexItem grow={false}>
-              <EuiBadge color="hollow" css={euiBadgeFontFamily}>
-                {lastUpdateValue}
-              </EuiBadge>
+              <EuiText size="xs" css={euiBadgeFontFamily}>
+                {i18n.EXCEPTION_ITEM_CARD_META_BY}
+              </EuiText>
             </EuiFlexItem>
-          </EuiFlexGroup>
-        </EuiFlexItem>
+            <EuiFlexItem grow={false} data-test-subj={`${dataTestSubj || ''}lastUpdateValue`}>
+              <EuiFlexGroup responsive gutterSize="xs" alignItems="center">
+                <EuiFlexItem grow={false}>
+                  <EuiBadge color="hollow" css={euiBadgeFontFamily}>
+                    {lastUpdateValue}
+                  </EuiBadge>
+                </EuiFlexItem>
+              </EuiFlexGroup>
+            </EuiFlexItem>
+          </>
+        )}
       </EuiFlexGroup>
     );
   }

packages/kbn-securitysolution-exception-list-components/src/exception_item_card/meta/index.tsx

@@ -44,6 +44,12 @@ export const ExceptionItemCardMetaInfo = memo<ExceptionItemCardMetaInfoProps>(
         }),
       [dataTestSubj, rules, securityLinkAnchorComponent]
     );
+
+    const isExpired = useMemo(
+      () => (item.expire_time ? new Date(item.expire_time) <= new Date() : false),
+      [item]
+    );
+
     return (
       <EuiFlexGroup alignItems="center" responsive gutterSize="s" data-test-subj={dataTestSubj}>
         {FormattedDateComponent !== null && (
@@ -77,6 +83,27 @@ export const ExceptionItemCardMetaInfo = memo<ExceptionItemCardMetaInfoProps>(
                 dataTestSubj={`${dataTestSubj || ''}UpdatedBy`}
               />
             </EuiFlexItem>
+            {item.expire_time != null && (
+              <>
+                <EuiFlexItem css={itemCss} grow={false}>
+                  <MetaInfoDetails
+                    label={
+                      isExpired
+                        ? i18n.EXCEPTION_ITEM_CARD_EXPIRED_LABEL
+                        : i18n.EXCEPTION_ITEM_CARD_EXPIRES_LABEL
+                    }
+                    lastUpdate={
+                      <FormattedDateComponent
+                        data-test-subj={`{dataTestSubj||''}formattedDateComponentExpireTime`}
+                        fieldName="expire_time"
+                        value={item.expire_time}
+                      />
+                    }
+                    dataTestSubj={`${dataTestSubj || ''}ExpireTime`}
+                  />
+                </EuiFlexItem>
+              </>
+            )}
           </>
         )}
         <EuiFlexItem>

packages/kbn-securitysolution-exception-list-components/src/exception_item_card/translations.ts

@@ -34,6 +34,20 @@ export const EXCEPTION_ITEM_CARD_UPDATED_LABEL = i18n.translate(
   }
 );
 
+export const EXCEPTION_ITEM_CARD_EXPIRES_LABEL = i18n.translate(
+  'exceptionList-components.exceptions.exceptionItem.card.expiresLabel',
+  {
+    defaultMessage: 'Expires at',
+  }
+);
+
+export const EXCEPTION_ITEM_CARD_EXPIRED_LABEL = i18n.translate(
+  'exceptionList-components.exceptions.exceptionItem.card.expiredLabel',
+  {
+    defaultMessage: 'Expired at',
+  }
+);
+
 export const EXCEPTION_ITEM_CARD_META_BY = i18n.translate(
   'exceptionList-components.exceptions.exceptionItem.card.metaDetailsBy',
   {

packages/kbn-securitysolution-exception-list-components/src/list_header/index.tsx

@@ -29,9 +29,9 @@ interface ExceptionListHeaderComponentProps {
   canUserEditList?: boolean;
   securityLinkAnchorComponent: React.ElementType; // This property needs to be removed to avoid the Prop Drilling, once we move all the common components from x-pack/security-solution/common
   onEditListDetails: (listDetails: ListDetails) => void;
-  onExportList: () => void;
   onDeleteList: () => void;
   onManageRules: () => void;
+  onExportList: () => void;
 }
 
 export interface BackOptions {
@@ -51,9 +51,9 @@ const ExceptionListHeaderComponent: FC<ExceptionListHeaderComponentProps> = ({
   backOptions,
   canUserEditList = true,
   onEditListDetails,
-  onExportList,
   onDeleteList,
   onManageRules,
+  onExportList,
 }) => {
   const { isModalVisible, listDetails, onEdit, onSave, onCancel } = useExceptionListHeader({
     name,
@@ -97,9 +97,9 @@ const ExceptionListHeaderComponent: FC<ExceptionListHeaderComponentProps> = ({
             isReadonly={isReadonly}
             canUserEditList={canUserEditList}
             securityLinkAnchorComponent={securityLinkAnchorComponent}
-            onExportList={onExportList}
             onDeleteList={onDeleteList}
             onManageRules={onManageRules}
+            onExportList={onExportList}
           />,
         ]}
         breadcrumbs={[

packages/kbn-securitysolution-exception-list-components/src/list_header/menu_items/index.tsx

@@ -18,9 +18,9 @@ interface MenuItemsProps {
   linkedRules: Rule[];
   canUserEditList?: boolean;
   securityLinkAnchorComponent: React.ElementType; // This property needs to be removed to avoid the Prop Drilling, once we move all the common components from x-pack/security-solution/common
-  onExportList: () => void;
   onDeleteList: () => void;
   onManageRules: () => void;
+  onExportList: () => void;
 }
 
 const MenuItemsComponent: FC<MenuItemsProps> = ({
@@ -29,9 +29,9 @@ const MenuItemsComponent: FC<MenuItemsProps> = ({
   securityLinkAnchorComponent,
   isReadonly,
   canUserEditList = true,
-  onExportList,
   onDeleteList,
   onManageRules,
+  onExportList,
 }) => {
   const referencedLinks = useMemo(
     () =>
@@ -78,7 +78,7 @@ const MenuItemsComponent: FC<MenuItemsProps> = ({
             data-test-subj={`${dataTestSubj || ''}ManageRulesButton`}
             fill
             onClick={() => {
-              if (typeof onExportList === 'function') onManageRules();
+              if (typeof onManageRules === 'function') onManageRules();
             }}
           >
             {i18n.EXCEPTION_LIST_HEADER_MANAGE_RULES_BUTTON}

packages/kbn-securitysolution-exception-list-components/src/list_header/menu_items/menu_items.test.tsx

@@ -108,7 +108,7 @@ describe('MenuItems', () => {
     fireEvent.click(wrapper.getByTestId('ManageRulesButton'));
     expect(onManageRules).toHaveBeenCalled();
   });
-  it('should call onExportList', () => {
+  it('should call onExportModalOpen', () => {
     const wrapper = render(
       <MenuItems
         isReadonly={false}

packages/kbn-securitysolution-exception-list-components/src/mocks/exception_list_item_schema.mock.ts

@@ -26,6 +26,7 @@ export const getExceptionListItemSchemaMock = (
     },
     { field: 'some.not.nested.field', operator: 'included', type: 'match', value: 'some value' },
   ],
+  expire_time: undefined,
   id: '1',
   item_id: 'endpoint_list_item',
   list_id: 'endpoint_list_id',

packages/kbn-securitysolution-io-ts-list-types/src/common/expire_time/index.ts

@@ -0,0 +1,14 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import * as t from 'io-ts';
+import { IsoDateString } from '@kbn/securitysolution-io-ts-types';
+
+export const expireTime = IsoDateString;
+export const expireTimeOrUndefined = t.union([expireTime, t.undefined]);
+export type ExpireTimeOrUndefined = t.TypeOf<typeof expireTimeOrUndefined>;

packages/kbn-securitysolution-io-ts-list-types/src/common/include_expired_exceptions/index.ts

@@ -0,0 +1,20 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+/* eslint-disable @typescript-eslint/naming-convention */
+
+import * as t from 'io-ts';
+
+export const include_expired_exceptions = t.keyof({ true: null, false: null });
+export const includeExpiredExceptionsOrUndefined = t.union([
+  include_expired_exceptions,
+  t.undefined,
+]);
+export type IncludeExpiredExceptionsOrUndefined = t.TypeOf<
+  typeof includeExpiredExceptionsOrUndefined
+>;

packages/kbn-securitysolution-io-ts-list-types/src/common/index.ts

@@ -28,6 +28,7 @@ export * from './entry_nested';
 export * from './exception_export_details';
 export * from './exception_list';
 export * from './exception_list_item_type';
+export * from './expire_time';
 export * from './filter';
 export * from './id';
 export * from './immutable';

packages/kbn-securitysolution-io-ts-list-types/src/request/create_endpoint_list_item_schema/index.ts

@@ -22,6 +22,7 @@ import { description } from '../../common/description';
 import { name } from '../../common/name';
 import { meta } from '../../common/meta';
 import { tags } from '../../common/tags';
+import { ExpireTimeOrUndefined, expireTimeOrUndefined } from '../../common';
 
 export const createEndpointListItemSchema = t.intersection([
   t.exact(
@@ -39,6 +40,7 @@ export const createEndpointListItemSchema = t.intersection([
       meta, // defaults to undefined if not set during decode
       os_types: osTypeArrayOrUndefined, // defaults to empty array if not set during decode
       tags, // defaults to empty array if not set during decode
+      expire_time: expireTimeOrUndefined, // defaults to undefined if not set during decode
     })
   ),
 ]);
@@ -48,11 +50,12 @@ export type CreateEndpointListItemSchema = t.OutputOf<typeof createEndpointListI
 // This type is used after a decode since some things are defaults after a decode.
 export type CreateEndpointListItemSchemaDecoded = Omit<
   RequiredKeepUndefined<t.TypeOf<typeof createEndpointListItemSchema>>,
-  'tags' | 'item_id' | 'entries' | 'comments' | 'os_types'
+  'tags' | 'item_id' | 'entries' | 'comments' | 'os_types' | 'expire_time'
 > & {
   comments: CreateCommentsArray;
   tags: Tags;
   item_id: ItemId;
   entries: EntriesArray;
   os_types: OsTypeArray;
+  expire_time: ExpireTimeOrUndefined;
 };

packages/kbn-securitysolution-io-ts-list-types/src/request/create_exception_list_item_schema/index.ts

@@ -25,6 +25,7 @@ import { meta } from '../../common/meta';
 import { namespace_type } from '../../common/namespace_type';
 import { tags } from '../../common/tags';
 import { nonEmptyEntriesArray } from '../../common/non_empty_entries_array';
+import { ExpireTimeOrUndefined, expireTimeOrUndefined } from '../../common';
 
 export const createExceptionListItemSchema = t.intersection([
   t.exact(
@@ -39,6 +40,7 @@ export const createExceptionListItemSchema = t.intersection([
   t.exact(
     t.partial({
       comments: DefaultCreateCommentsArray, // defaults to empty array if not set during decode
+      expire_time: expireTimeOrUndefined,
       item_id: DefaultUuid, // defaults to GUID (uuid v4) if not set during decode
       meta, // defaults to undefined if not set during decode
       namespace_type, // defaults to 'single' if not set during decode
@@ -53,9 +55,10 @@ export type CreateExceptionListItemSchema = t.OutputOf<typeof createExceptionLis
 // This type is used after a decode since some things are defaults after a decode.
 export type CreateExceptionListItemSchemaDecoded = Omit<
   RequiredKeepUndefined<t.TypeOf<typeof createExceptionListItemSchema>>,
-  'tags' | 'item_id' | 'entries' | 'namespace_type' | 'comments'
+  'tags' | 'item_id' | 'entries' | 'namespace_type' | 'comments' | 'expire_time'
 > & {
   comments: CreateCommentsArray;
+  expire_time: ExpireTimeOrUndefined;
   tags: Tags;
   item_id: ItemId;
   entries: EntriesArray;

packages/kbn-securitysolution-io-ts-list-types/src/request/create_rule_exception_item_schema/index.ts

@@ -25,6 +25,8 @@ import {
   Tags,
   tags,
   name,
+  ExpireTimeOrUndefined,
+  expireTimeOrUndefined,
 } from '../../common';
 import { RequiredKeepUndefined } from '../../common/required_keep_undefined';
 
@@ -46,6 +48,7 @@ export const createRuleExceptionListItemSchema = t.intersection([
       namespace_type: namespaceType, // defaults to 'single' if not set during decode
       os_types: osTypeArrayOrUndefined, // defaults to empty array if not set during decode
       tags, // defaults to empty array if not set during decode
+      expire_time: expireTimeOrUndefined,
     })
   ),
 ]);
@@ -57,12 +60,13 @@ export type CreateRuleExceptionListItemSchema = t.OutputOf<
 // This type is used after a decode since some things are defaults after a decode.
 export type CreateRuleExceptionListItemSchemaDecoded = Omit<
   RequiredKeepUndefined<t.TypeOf<typeof createRuleExceptionListItemSchema>>,
-  'tags' | 'item_id' | 'entries' | 'namespace_type' | 'comments'
+  'tags' | 'item_id' | 'entries' | 'namespace_type' | 'comments' | 'expire_time'
 > & {
   comments: CreateCommentsArray;
   tags: Tags;
   item_id: ItemId;
   entries: EntriesArray;
   namespace_type: NamespaceType;
   os_types: OsTypeArray;
+  expire_time: ExpireTimeOrUndefined;
 };

packages/kbn-securitysolution-io-ts-list-types/src/request/export_exception_list_query_schema/index.mock.ts

@@ -14,4 +14,5 @@ export const getExportExceptionListQuerySchemaMock = (): ExportExceptionListQuer
   id: ID,
   list_id: LIST_ID,
   namespace_type: NAMESPACE_TYPE,
+  include_expired_exceptions: 'true',
 });

packages/kbn-securitysolution-io-ts-list-types/src/request/export_exception_list_query_schema/index.test.ts

@@ -45,6 +45,7 @@ describe('export_exception_list_schema', () => {
 
     expect(message.schema).toEqual({
       id: 'uuid_here',
+      include_expired_exceptions: 'true',
       list_id: 'some-list-id',
       namespace_type: 'single',
     });

packages/kbn-securitysolution-io-ts-list-types/src/request/export_exception_list_query_schema/index.ts

@@ -9,6 +9,7 @@
 import * as t from 'io-ts';
 
 import { id } from '../../common/id';
+import { includeExpiredExceptionsOrUndefined } from '../../common/include_expired_exceptions';
 import { list_id } from '../../common/list_id';
 import { namespace_type } from '../../common/namespace_type';
 
@@ -17,6 +18,7 @@ export const exportExceptionListQuerySchema = t.exact(
     id,
     list_id,
     namespace_type,
+    include_expired_exceptions: includeExpiredExceptionsOrUndefined,
     // TODO: Add file_name here with a default value
   })
 );

packages/kbn-securitysolution-io-ts-list-types/src/request/import_exception_item_schema/index.mock.ts

@@ -31,4 +31,5 @@ export const getImportExceptionsListItemSchemaDecodedMock = (
   namespace_type: 'single',
   os_types: [],
   tags: [],
+  expire_time: undefined,
 });

packages/kbn-securitysolution-io-ts-list-types/src/request/import_exception_item_schema/index.ts

@@ -30,7 +30,7 @@ import { exceptionListItemType } from '../../common/exception_list_item_type';
 import { ItemId } from '../../common/item_id';
 import { EntriesArray } from '../../common/entries';
 import { DefaultImportCommentsArray } from '../../common/default_import_comments_array';
-import { ImportCommentsArray } from '../../common';
+import { ExpireTimeOrUndefined, expireTimeOrUndefined, ImportCommentsArray } from '../../common';
 
 /**
  * Differences from this and the createExceptionsListItemSchema are
@@ -67,6 +67,7 @@ export const importExceptionListItemSchema = t.intersection([
       namespace_type, // defaults to 'single' if not set during decode
       os_types: osTypeArrayOrUndefined, // defaults to empty array if not set during decode
       tags, // defaults to empty array if not set during decode
+      expire_time: expireTimeOrUndefined,
     })
   ),
 ]);
@@ -76,12 +77,13 @@ export type ImportExceptionListItemSchema = t.OutputOf<typeof importExceptionLis
 // This type is used after a decode since some things are defaults after a decode.
 export type ImportExceptionListItemSchemaDecoded = Omit<
   ImportExceptionListItemSchema,
-  'tags' | 'item_id' | 'entries' | 'namespace_type' | 'comments'
+  'tags' | 'item_id' | 'entries' | 'namespace_type' | 'comments' | 'expire_time'
 > & {
   comments: ImportCommentsArray;
   tags: Tags;
   item_id: ItemId;
   entries: EntriesArray;
   namespace_type: NamespaceType;
   os_types: OsTypeArray;
+  expire_time: ExpireTimeOrUndefined;
 };