Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution][Exceptions] - Make esTypes and subType available to index patterns #72336

Merged
merged 12 commits into from
Jul 20, 2020

Conversation

yctercero
Copy link
Contributor

@yctercero yctercero commented Jul 17, 2020

Summary

This PR updates the following:

  • useFetchIndexPatterns now returns indexPatterns whose fields include esTypes and subType
    • Why?? The exceptions builder needs these two fields to determine what fields are of ES type nested and parent paths
  • exceptions add and edit modals now use the rule.index field to pass into useFetchindexPatterns
    • Before we were using the signals index and alerts index for endpoint, needs to be rule's index patterns
    • if no index patterns exist on the rule (if rule created via API, it's not required), then uses DEFAULT_INDEX_PATTERN
  • updates the autocomplete validation to use IField.esTypes to check type instead of IField.type

We were noticing that when selecting is in list in the builder, the IFieldType.type does not match the ES type assigned to the large value list on creation and so the lists were not populating in the select dropdown. This should fix that issue.

index_fix

Checklist

@yctercero yctercero self-assigned this Jul 20, 2020
@yctercero yctercero marked this pull request as ready for review July 20, 2020 04:01
@yctercero yctercero requested review from a team as code owners July 20, 2020 04:01
@elasticmachine
Copy link
Contributor

Pinging @elastic/siem (Team:SIEM)

switch (type) {
case 'date':
const moment = dateMath.parse(params);
return Boolean(moment && moment.isValid());
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit, can you just do: return moment && moment.isValid() ? Won't that work as well without introducing the capital boolean boxing here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried removing it and the test yelled at me saying expected boolean not string. Leaving for now.

return Boolean(moment && moment.isValid());
case 'ip':
try {
return Boolean(new Ipv4Address(params));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This new object seems weird to me...Does this mean we only support ipv4 and not ipv6?

If this is only validating ipv4 but allowing ipv6 I am fine with it. If we begin hindering users or disallowing ipv6 though we are going to start to have issue relatively quickly.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did a bit of research and there isn't really great consensus on a good regex for ipv6. I didn't find a similar util like the one above for ipv4 in our code so I removed the validation here. I don't want to block users from adding exceptions. This can be something we can circle back on.

exceptionToEdit !== null &&
exceptionListTypeToEdit !== null && (
exceptionToEdit != null &&
exceptionListTypeToEdit != null && (
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 , using the != null is great here!

Copy link
Contributor

@FrankHassanabad FrankHassanabad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 Thanks adding the subType to the index patterns.

@@ -21,7 +21,6 @@ import {
EuiCallOut,
EuiText,
} from '@elastic/eui';
import { alertsIndexPattern } from '../../../../../common/endpoint/constants';
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for removing this!

@@ -16,4 +17,6 @@ export interface IndexFieldDescriptor {
type: string;
searchable: boolean;
aggregatable: boolean;
esTypes?: string[];
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Contributor

@peluja1012 peluja1012 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for improving the field validation in the builder! LGTM, only comment is about esTypes being an optional type, but we can leave as is if it makes sense.

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Build metrics

@kbn/optimizer bundle module count

id value diff baseline
securitySolution 1065 -1 1066

async chunks size

id value diff baseline
securitySolution 7.3MB +191.0B 7.3MB

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@yctercero yctercero merged commit 21977a7 into elastic:master Jul 20, 2020
yctercero added a commit to yctercero/kibana that referenced this pull request Jul 20, 2020
…to index patterns (elastic#72336)

## Summary

This PR updates the following:

- `useFetchIndexPatterns` now returns `indexPatterns` whose fields include `esTypes` and `subType`
  - Why?? The exceptions builder needs these two fields to determine what fields are of ES type `nested` and parent paths
- exceptions add and edit modals now use the `rule.index` field to pass into `useFetchindexPatterns`
  - Before we were using the signals index and alerts index for endpoint, needs to be rule's index patterns
  - if no index patterns exist on the rule (if rule created via API, it's not required), then uses `DEFAULT_INDEX_PATTERN`
- updates the autocomplete validation to use `IField.esTypes` to check type instead of `IField.type`
yctercero added a commit to yctercero/kibana that referenced this pull request Jul 20, 2020
…to index patterns (elastic#72336)

## Summary

This PR updates the following:

- `useFetchIndexPatterns` now returns `indexPatterns` whose fields include `esTypes` and `subType`
  - Why?? The exceptions builder needs these two fields to determine what fields are of ES type `nested` and parent paths
- exceptions add and edit modals now use the `rule.index` field to pass into `useFetchindexPatterns`
  - Before we were using the signals index and alerts index for endpoint, needs to be rule's index patterns
  - if no index patterns exist on the rule (if rule created via API, it's not required), then uses `DEFAULT_INDEX_PATTERN`
- updates the autocomplete validation to use `IField.esTypes` to check type instead of `IField.type`
yctercero added a commit that referenced this pull request Jul 21, 2020
…to index patterns (#72336) (#72554)

## Summary

This PR updates the following:

- `useFetchIndexPatterns` now returns `indexPatterns` whose fields include `esTypes` and `subType`
  - Why?? The exceptions builder needs these two fields to determine what fields are of ES type `nested` and parent paths
- exceptions add and edit modals now use the `rule.index` field to pass into `useFetchindexPatterns`
  - Before we were using the signals index and alerts index for endpoint, needs to be rule's index patterns
  - if no index patterns exist on the rule (if rule created via API, it's not required), then uses `DEFAULT_INDEX_PATTERN`
- updates the autocomplete validation to use `IField.esTypes` to check type instead of `IField.type`
yctercero added a commit that referenced this pull request Jul 21, 2020
…to index patterns (#72336) (#72555)

## Summary

This PR updates the following:

- `useFetchIndexPatterns` now returns `indexPatterns` whose fields include `esTypes` and `subType`
  - Why?? The exceptions builder needs these two fields to determine what fields are of ES type `nested` and parent paths
- exceptions add and edit modals now use the `rule.index` field to pass into `useFetchindexPatterns`
  - Before we were using the signals index and alerts index for endpoint, needs to be rule's index patterns
  - if no index patterns exist on the rule (if rule created via API, it's not required), then uses `DEFAULT_INDEX_PATTERN`
- updates the autocomplete validation to use `IField.esTypes` to check type instead of `IField.type`
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jul 21, 2020
* master: (28 commits)
  allow some env settings for ingest manager (elastic#72544)
  Add inspector for VEGA (elastic#70941)
  chore(NA): fix grunt task for test:coverage (elastic#72539)
  Archive e2e test results in ES (elastic#72575)
  preserve 401 errors from new es client (elastic#71248)
  [SIEM][Detections] Updates text for severity and risk_score overrides  (elastic#72244)
  fixing error occurences tooltip (elastic#72425)
  use KibanaClient interface instead of Client for new client interface (elastic#72388)
  [APM] Handle ML errors (elastic#72316)
  [Discover] Improve histogram tests (elastic#72235)
  [ftr/webdriver] retry on all errors, use Rx so that timers are canceled (elastic#72540)
  [pre-req] Move .storybook to storybook; standardize files (elastic#72384)
  [Security_Solution][Resolver][Bug]: Restore breadcrumb background (elastic#72538)
  [ML] Fix annotation detector linking & delayed_data(0) (elastic#72468)
  [Security Solution][Exceptions] - Make esTypes and subType available to index patterns (elastic#72336)
  [SIEM] Uses faster wait from testing-library and removes duplicate older wait idiom (elastic#72509)
  Fix long combo box items breaking out of flex item width (elastic#72512)
  [pipeline/commitStatus] update commit status in baseline-capture job (elastic#72366)
  [Security Solution][Resolver] Update the resolver element ref on scroll events if the position of the element has changed within the page (elastic#72461)
  [Maps] auto-fit to data bounds (elastic#72129)
  ...
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jul 21, 2020
…feature-privileges

* alerting/consumer-based-rbac: (30 commits)
  removed uneeded tests
  expclude security wrapper in SO client passed to ActionsClient
  allow some env settings for ingest manager (elastic#72544)
  Add inspector for VEGA (elastic#70941)
  chore(NA): fix grunt task for test:coverage (elastic#72539)
  Archive e2e test results in ES (elastic#72575)
  preserve 401 errors from new es client (elastic#71248)
  [SIEM][Detections] Updates text for severity and risk_score overrides  (elastic#72244)
  fixing error occurences tooltip (elastic#72425)
  use KibanaClient interface instead of Client for new client interface (elastic#72388)
  [APM] Handle ML errors (elastic#72316)
  [Discover] Improve histogram tests (elastic#72235)
  [ftr/webdriver] retry on all errors, use Rx so that timers are canceled (elastic#72540)
  [pre-req] Move .storybook to storybook; standardize files (elastic#72384)
  [Security_Solution][Resolver][Bug]: Restore breadcrumb background (elastic#72538)
  [ML] Fix annotation detector linking & delayed_data(0) (elastic#72468)
  [Security Solution][Exceptions] - Make esTypes and subType available to index patterns (elastic#72336)
  [SIEM] Uses faster wait from testing-library and removes duplicate older wait idiom (elastic#72509)
  Fix long combo box items breaking out of flex item width (elastic#72512)
  [pipeline/commitStatus] update commit status in baseline-capture job (elastic#72366)
  ...
@yctercero yctercero deleted the index_es_types branch October 14, 2020 12:01
@MindyRS MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Sep 23, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
release_note:enhancement Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM v7.9.0 v7.10.0 v8.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants