Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Risk engine initialisation, update from legacy risk engine workflow and status change #162400

Merged
merged 54 commits into from
Aug 4, 2023
Merged
Show file tree
Hide file tree
Changes from 51 commits
Commits
Show all changes
54 commits
Select commit Hold shift + click to select a range
34a040e
Risk engine API start
nkhristinin Jul 12, 2023
62b04b6
Add saved objects and status
nkhristinin Jul 24, 2023
ef9d3e5
[CI] Auto-commit changed files from 'node scripts/eslint --no-cache -…
kibanamachine Jul 24, 2023
9f2e3d9
[CI] Auto-commit changed files from 'node scripts/check_mappings_upda…
kibanamachine Jul 24, 2023
347f4ff
Error handling
nkhristinin Jul 27, 2023
ad59803
Return who last updated
nkhristinin Jul 27, 2023
8423d5c
Add risk_score_update_panel
nkhristinin Jul 28, 2023
fdc0084
Risk update panel
nkhristinin Jul 28, 2023
05f28c5
Add risk score update panels
nkhristinin Jul 28, 2023
e7079c9
Delete old transforms
nkhristinin Jul 28, 2023
4ffaa99
Add mapping for SO
nkhristinin Jul 28, 2023
1b74331
fix name
nkhristinin Jul 28, 2023
8518cbb
Fix types
nkhristinin Jul 28, 2023
27e39c2
type
nkhristinin Jul 28, 2023
b4c212d
[CI] Auto-commit changed files from 'node scripts/eslint --no-cache -…
kibanamachine Jul 28, 2023
805d243
add tests
nkhristinin Jul 28, 2023
34fa0ed
Wrong rebase
nkhristinin Jul 28, 2023
2cce865
clean
nkhristinin Jul 28, 2023
189e941
[CI] Auto-commit changed files from 'node scripts/eslint --no-cache -…
kibanamachine Jul 28, 2023
6d7c016
Merge branch 'main' into enable-risk-score
kibanamachine Jul 30, 2023
b99c3e1
Typos and PR fixes
nkhristinin Jul 31, 2023
b4f5955
add api tets
nkhristinin Jul 31, 2023
a835c61
fix unit tests
nkhristinin Jul 31, 2023
e1ed39e
Try to enable feature in cypress tests
nkhristinin Jul 31, 2023
e6dcad4
udpate mappings
nkhristinin Jul 31, 2023
e31d85b
Merge branch 'main' into enable-risk-score
kibanamachine Jul 31, 2023
8373a58
[CI] Auto-commit changed files from 'node scripts/eslint --no-cache -…
kibanamachine Jul 31, 2023
e72b7d4
Refactoring
nkhristinin Aug 1, 2023
38e23bc
Fix jest tests
nkhristinin Aug 1, 2023
9a53d21
Merge branch 'main' into enable-risk-score
kibanamachine Aug 1, 2023
450871a
Try to fix types
nkhristinin Aug 1, 2023
1527f2a
Merge branch 'main' into enable-risk-score
kibanamachine Aug 1, 2023
b47ec84
Merge branch 'main' into enable-risk-score
kibanamachine Aug 2, 2023
5dffa4d
Change enable risk button
nkhristinin Aug 2, 2023
ca8329b
Add cy tests
nkhristinin Aug 2, 2023
7aad6cb
PR fixes
nkhristinin Aug 2, 2023
dac1f34
[CI] Auto-commit changed files from 'node scripts/check_mappings_upda…
kibanamachine Aug 2, 2023
6265ac3
[CI] Auto-commit changed files from 'node scripts/eslint --no-cache -…
kibanamachine Aug 2, 2023
7fd2016
Merge branch 'main' into enable-risk-score
kibanamachine Aug 3, 2023
b31ab04
Remove last updated_by
nkhristinin Aug 3, 2023
a77a838
fix hest integration tests
nkhristinin Aug 3, 2023
ba83b7b
Fix cypress tetss
nkhristinin Aug 3, 2023
9742878
Fix jest tests
nkhristinin Aug 3, 2023
c77a82e
fix cypress tests
nkhristinin Aug 3, 2023
96b6ddc
Access for license and serverless
nkhristinin Aug 3, 2023
3b1bb9f
Chaange approach for link with license and capabilities
nkhristinin Aug 3, 2023
f8cf032
Fix links
nkhristinin Aug 3, 2023
7237b5f
[CI] Auto-commit changed files from 'node scripts/precommit_hook.js -…
kibanamachine Aug 3, 2023
7df7d22
fix ts problems
nkhristinin Aug 3, 2023
ddbe593
Merge branch 'main' into enable-risk-score
rylnd Aug 3, 2023
1bc3314
Simplify logic for showing EA management page
rylnd Aug 3, 2023
d9b03b0
Fix tesxt
nkhristinin Aug 4, 2023
b8b638e
Hide update panel for serverless
nkhristinin Aug 4, 2023
b44c3b6
Merge branch 'main' into enable-risk-score
kibanamachine Aug 4, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
62 changes: 35 additions & 27 deletions packages/kbn-check-mappings-update-cli/current_mappings.json
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,25 @@
}
}
},
"url": {
"dynamic": false,
"properties": {
"slug": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"accessDate": {
"type": "date"
},
"createDate": {
"type": "date"
}
}
},
"usage-counters": {
"dynamic": false,
"properties": {
Expand Down Expand Up @@ -131,25 +150,6 @@
}
}
},
"url": {
"dynamic": false,
"properties": {
"slug": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword"
}
}
},
"accessDate": {
"type": "date"
},
"createDate": {
"type": "date"
}
}
},
"index-pattern": {
"dynamic": false,
"properties": {
Expand Down Expand Up @@ -1407,6 +1407,14 @@
"dynamic": false,
"properties": {}
},
"infrastructure-monitoring-log-view": {
"dynamic": false,
"properties": {
"name": {
"type": "text"
}
}
},
"canvas-element": {
"dynamic": false,
"properties": {
Expand Down Expand Up @@ -2262,14 +2270,6 @@
}
}
},
"infrastructure-monitoring-log-view": {
"dynamic": false,
"properties": {
"name": {
"type": "text"
}
}
},
"ml-job": {
"properties": {
"job_id": {
Expand Down Expand Up @@ -2938,6 +2938,14 @@
}
}
},
"risk-engine-configuration": {
"dynamic": false,
"properties": {
"enabled": {
"type": "boolean"
}
}
},
"infrastructure-ui-source": {
"dynamic": false,
"properties": {}
Expand Down
26 changes: 25 additions & 1 deletion packages/kbn-test/src/kbn_client/kbn_client_saved_objects.ts
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,10 @@

import { chunk } from 'lodash';
import type { ToolingLog } from '@kbn/tooling-log';
import type { SavedObjectsBulkDeleteResponse } from '@kbn/core-saved-objects-api-server';
import type {
SavedObjectsBulkDeleteResponse,
SavedObjectsFindResponse,
} from '@kbn/core-saved-objects-api-server';

import { KbnClientRequester, uriencode } from './kbn_client_requester';

Expand All @@ -30,6 +33,11 @@ interface SavedObjectResponse<Attributes extends Record<string, any>> {
version?: string;
}

interface FindOptions {
type: string;
space?: string;
}

interface GetOptions {
type: string;
id: string;
Expand Down Expand Up @@ -152,6 +160,22 @@ export class KbnClientSavedObjects {
return data;
}

/**
* Find saved objects
*/
public async find<Attributes extends Record<string, any>>(options: FindOptions) {
this.log.debug('Find saved objects: %j', options);

const { data } = await this.requester.request<SavedObjectsFindResponse<Attributes>>({
description: 'find saved objects',
path: options.space
? uriencode`/s/${options.space}/internal/ftr/kbn_client_so/_find?type=${options.type}`
: uriencode`/internal/ftr/kbn_client_so/_find?type=${options.type}`,
method: 'GET',
});
return data;
}

/**
* Create a saved object
*/
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,7 @@ describe('checking migration metadata changes on all registered SO types', () =>
"osquery-pack-asset": "b14101d3172c4b60eb5404696881ce5275c84152",
"osquery-saved-query": "44f1161e165defe3f9b6ad643c68c542a765fcdb",
"query": "8db5d48c62d75681d80d82a42b5642f60d068202",
"risk-engine-configuration": "1b8b175e29ea5311408125c92c6247f502b2d79d",
"rules-settings": "892a2918ebaeba809a612b8d97cec0b07c800b5f",
"sample-data-telemetry": "37441b12f5b0159c2d6d5138a494c9f440e950b5",
"search": "8d5184dd5b986d57250b6ffd9ae48a1925e4c7a3",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,7 @@ const previouslyRegisteredTypes = [
'search-telemetry',
'security-rule',
'security-solution-signals-migration',
'risk-engine-configuration',
'server',
'siem-detection-engine-rule-actions',
'siem-detection-engine-rule-execution-info',
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -246,6 +246,7 @@ describe('split .kibana index into multiple system indices', () => {
"osquery-pack-asset",
"osquery-saved-query",
"query",
"risk-engine-configuration",
"rules-settings",
"sample-data-telemetry",
"search-session",
Expand Down
6 changes: 6 additions & 0 deletions x-pack/plugins/security_solution/common/constants.ts
Original file line number Diff line number Diff line change
Expand Up @@ -253,6 +253,12 @@ export const RISK_SCORE_CREATE_STORED_SCRIPT = `${INTERNAL_RISK_SCORE_URL}/store
export const RISK_SCORE_DELETE_STORED_SCRIPT = `${INTERNAL_RISK_SCORE_URL}/stored_scripts/delete`;
export const RISK_SCORE_PREVIEW_URL = `${INTERNAL_RISK_SCORE_URL}/preview`;

export const RISK_ENGINE_URL = `${INTERNAL_RISK_SCORE_URL}/engine`;
export const RISK_ENGINE_STATUS_URL = `${RISK_ENGINE_URL}/status`;
export const RISK_ENGINE_INIT_URL = `${RISK_ENGINE_URL}/init`;
export const RISK_ENGINE_ENABLE_URL = `${RISK_ENGINE_URL}/enable`;
export const RISK_ENGINE_DISABLE_URL = `${RISK_ENGINE_URL}/disable`;

/**
* Public Risk Score routes
*/
Expand Down
14 changes: 14 additions & 0 deletions x-pack/plugins/security_solution/common/risk_engine/types.ts
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,17 @@ export enum RiskScoreEntity {
host = 'host',
user = 'user',
}

export enum RiskEngineStatus {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: I tend to pluralize enums to distinguish them from other types:

Suggested change
export enum RiskEngineStatus {
export enum RiskEngineStatuses {

NOT_INSTALLED = 'NOT_INSTALLED',
DISABLED = 'DISABLED',
ENABLED = 'ENABLED',
}

export interface InitRiskEngineResult {
legacyRiskEngineDisabled: boolean;
riskEngineResourcesInstalled: boolean;
riskEngineConfigurationCreated: boolean;
riskEngineEnabled: boolean;
errors: string[];
}
Original file line number Diff line number Diff line change
Expand Up @@ -12,83 +12,142 @@ import {
USER_RISK_PREVIEW_TABLE,
USER_RISK_PREVIEW_TABLE_ROWS,
RISK_PREVIEW_ERROR,
RISK_PREVIEW_ERROR_BUTTON,
LOCAL_QUERY_BAR_SELECTOR,
RISK_SCORE_ERROR_PANEL,
RISK_SCORE_STATUS,
} from '../../screens/entity_analytics_management';

import { deleteRiskScore, installRiskScoreModule } from '../../tasks/api_calls/risk_scores';
import { RiskScoreEntity } from '../../tasks/risk_scores/common';
import { login, visit, visitWithoutDateRange } from '../../tasks/login';
import { cleanKibana } from '../../tasks/common';
import { ENTITY_ANALYTICS_MANAGEMENT_URL, ALERTS_URL } from '../../urls/navigation';
import { getNewRule } from '../../objects/rule';
import { createRule } from '../../tasks/api_calls/rules';
import {
deleteConfiguration,
interceptRiskPreviewError,
interceptRiskPreviewSuccess,
interceptRiskInitError,
} from '../../tasks/api_calls/risk_engine';
import { updateDateRangeInLocalDatePickers } from '../../tasks/date_picker';
import { fillLocalSearchBar, submitLocalSearch } from '../../tasks/search_bar';
import {
riskEngineStatusChange,
updateRiskEngine,
updateRiskEngineConfirm,
previewErrorButtonClick,
} from '../../tasks/entity_analytics';

describe(
'Entity analytics management page',
{ env: { ftrConfig: { enableExperimental: ['riskScoringRoutesEnabled'] } } },
() => {
before(() => {
cleanKibana();
cy.task('esArchiverLoad', 'all_users');
});

describe('Entity analytics management page', () => {
before(() => {
cleanKibana();
cy.task('esArchiverLoad', 'all_users');
});
beforeEach(() => {
login();
visitWithoutDateRange(ALERTS_URL);
createRule(getNewRule({ query: 'user.name:* or host.name:*', risk_score: 70 }));
deleteConfiguration();
visit(ENTITY_ANALYTICS_MANAGEMENT_URL);
});

beforeEach(() => {
login();
visitWithoutDateRange(ALERTS_URL);
createRule(getNewRule({ query: 'user.name:* or host.name:*', risk_score: 70 }));
visit(ENTITY_ANALYTICS_MANAGEMENT_URL);
});
after(() => {
cy.task('esArchiverUnload', 'all_users');
});

after(() => {
cy.task('esArchiverUnload', 'all_users');
});
it('renders page as expected', () => {
cy.get(PAGE_TITLE).should('have.text', 'Entity Risk Score');
});

it('renders page as expected', () => {
cy.get(PAGE_TITLE).should('have.text', 'Entity Risk Score');
});
describe('Risk preview', () => {
it('risk scores reacts on change in datepicker', () => {
const START_DATE = 'Jan 18, 2019 @ 20:33:29.186';
const END_DATE = 'Jan 19, 2019 @ 20:33:29.186';

describe('Risk preview', () => {
it('risk scores reacts on change in datepicker', () => {
const START_DATE = 'Jan 18, 2019 @ 20:33:29.186';
const END_DATE = 'Jan 19, 2019 @ 20:33:29.186';
cy.get(HOST_RISK_PREVIEW_TABLE_ROWS).should('have.length', 5);
cy.get(USER_RISK_PREVIEW_TABLE_ROWS).should('have.length', 5);

cy.get(HOST_RISK_PREVIEW_TABLE_ROWS).should('have.length', 5);
cy.get(USER_RISK_PREVIEW_TABLE_ROWS).should('have.length', 5);
updateDateRangeInLocalDatePickers(LOCAL_QUERY_BAR_SELECTOR, START_DATE, END_DATE);

updateDateRangeInLocalDatePickers(LOCAL_QUERY_BAR_SELECTOR, START_DATE, END_DATE);
cy.get(HOST_RISK_PREVIEW_TABLE).contains('No items found');
cy.get(USER_RISK_PREVIEW_TABLE).contains('No items found');
});

cy.get(HOST_RISK_PREVIEW_TABLE).contains('No items found');
cy.get(USER_RISK_PREVIEW_TABLE).contains('No items found');
});
it('risk scores reacts on change in search bar query', () => {
cy.get(HOST_RISK_PREVIEW_TABLE_ROWS).should('have.length', 5);
cy.get(USER_RISK_PREVIEW_TABLE_ROWS).should('have.length', 5);

fillLocalSearchBar('host.name: "test-host1"');
submitLocalSearch(LOCAL_QUERY_BAR_SELECTOR);

cy.get(HOST_RISK_PREVIEW_TABLE_ROWS).should('have.length', 1);
cy.get(HOST_RISK_PREVIEW_TABLE_ROWS).contains('test-host1');
cy.get(USER_RISK_PREVIEW_TABLE_ROWS).should('have.length', 1);
cy.get(USER_RISK_PREVIEW_TABLE_ROWS).contains('test1');
});

it('show error panel if API returns error and then try to refetch data', () => {
interceptRiskPreviewError();

cy.get(RISK_PREVIEW_ERROR).contains('Preview failed');

it('risk scores reacts on change in search bar query', () => {
cy.get(HOST_RISK_PREVIEW_TABLE_ROWS).should('have.length', 5);
cy.get(USER_RISK_PREVIEW_TABLE_ROWS).should('have.length', 5);
interceptRiskPreviewSuccess();

fillLocalSearchBar('host.name: "test-host1"');
submitLocalSearch(LOCAL_QUERY_BAR_SELECTOR);
previewErrorButtonClick();

cy.get(HOST_RISK_PREVIEW_TABLE_ROWS).should('have.length', 1);
cy.get(HOST_RISK_PREVIEW_TABLE_ROWS).contains('test-host1');
cy.get(USER_RISK_PREVIEW_TABLE_ROWS).should('have.length', 1);
cy.get(USER_RISK_PREVIEW_TABLE_ROWS).contains('test1');
cy.get(RISK_PREVIEW_ERROR).should('not.exist');
});
});

it('show error panel if API returns error and then try to refetch data', () => {
cy.intercept('POST', '/internal/risk_score/preview', {
statusCode: 500,
describe('Risk engine', () => {
it('should init, disable and enable risk engine', () => {
cy.get(RISK_SCORE_STATUS).should('have.text', 'Off');

// init
riskEngineStatusChange();

cy.get(RISK_SCORE_STATUS).should('have.text', 'On');

// disable
riskEngineStatusChange();

cy.get(RISK_SCORE_STATUS).should('have.text', 'Off');

// enable
riskEngineStatusChange();

cy.get(RISK_SCORE_STATUS).should('have.text', 'On');
});

cy.get(RISK_PREVIEW_ERROR).contains('Preview failed');
it('should show error panel if API returns error ', () => {
cy.get(RISK_SCORE_STATUS).should('have.text', 'Off');

cy.intercept('POST', '/internal/risk_score/preview', {
statusCode: 200,
body: {
scores: { host: [], user: [] },
},
interceptRiskInitError();

// init
riskEngineStatusChange();

cy.get(RISK_SCORE_ERROR_PANEL).contains('Sorry, there was an error');
});

cy.get(RISK_PREVIEW_ERROR_BUTTON).click();
it('should update if there legacy risk score installed', () => {
installRiskScoreModule();
visit(ENTITY_ANALYTICS_MANAGEMENT_URL);

cy.get(RISK_SCORE_STATUS).should('not.exist');

cy.get(RISK_PREVIEW_ERROR).should('not.exist');
updateRiskEngine();
updateRiskEngineConfirm();

cy.get(RISK_SCORE_STATUS).should('have.text', 'On');

deleteRiskScore({ riskScoreEntity: RiskScoreEntity.host, spaceId: 'default' });
});
});
});
});
}
);
Loading