Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

adds an 'owner' field to the siem-signals mapping, working authz get for security solution, need to work through rule registry changes #98746

Closed
wants to merge 16 commits into from
Closed

adds an 'owner' field to the siem-signals mapping, working authz get for security solution, need to work through rule registry changes #98746

wants to merge 16 commits into from

Conversation

dhurley14
Copy link
Contributor

adds an 'owner' field to the siem-signals mapping, working authz get for security solution, need to work through rule registry changes

Summary

Pull down this branch and run ES locally using the following steps..

Running ES locally

  1. Edit gradle/run.gradle and add setting 'xpack.security.authc.api_key.enabled', 'true' after line 24
  2. ./gradlew run # this runs with a trial license
  3. Execute below curl script to post kibana_elastic user
curl -u elastic:password -X POST "http://127.0.01:9200/_security/user/kibana_elastic?pretty" -H 'Content-Type: application/json' -d '{"password":"changeme","roles":["superuser"],"full_name":"kibana","email":"[email protected]"}'
  1. Set kibana.dev.yml to use kibana_elastic as the user
elasticsearch:
  username: 'kibana_elastic'
  password: 'changeme'
  hosts: 'http://127.0.0.1:9200'

Start up kibana

You should now be able to create a rule which generates alerts and then "find" those alerts (using the kibana system user) using the scripts located in x-pack/plugins/rule_registry/server/scripts/get_security_solution_alert.sh

yctercero and others added 16 commits April 19, 2021 21:29
@yctercero @dhurley14
adding alerts actions to security plugin
2861f01
@dhurley14
adds kibana security feature privileges and updates alerts actions to…
8eafdac 
… include space id in constructor rather than parameter as a part of the get since the spaceId will be available to us in the start phase of the plugin
@dhurley14 @yctercero
[RAC] [RBAC] adds rac client initialization to plugin setup / startup…
558db7b 
… and adds some rac client functions to be implemented (#3)

* wip - ignore

* adds rac client initialization to plugin setup / startup and adds scaffolding for CRUD client functions

Co-authored-by: Yara Tercero <[email protected]>
@yctercero @dhurley14
wip - updating kibana features plugin to include rac and some renamin…
26445e3 
…g from alerts to rac
@yctercero @dhurley14
still wip
8024caa
@dhurley14
testing out how to view owners for alerts when registering rac plugin…
6df1b18 
…, used no-verify for this commit
@dhurley14
adds a working racClient to request context and picks up owners suppl…
f0010f6 
…ed to rac feature in plugin feature registry
@dhurley14
adds elasticsearch client to provide functionality for rac client, sh…
a71ef10 
…ould be able to query for data but getting back 403 for internal user
@yctercero @dhurley14
adding tests, cleanup, almost there mvp
81f4f02
@dhurley14
updates unit tests to remove the 'spaceid' from the authz action and …
2ebdf71 
…adds an audit logger mock
@dhurley14
fixes bug where we did not assign getSpaces function in rac factory i…
38681fc 
…nitialization
@dhurley14
parameterized calls into racClient.get() to match solutions, adds mor…
1499169 
…e log statements, added security as a required plugin to rule_registry plugin without which, the rac authorization class was receiving an undefined security client so our calls to shouldCheckAuthorization were failing silently. Added some routes and scripts to test authz functionality. To test please see the README in the rule_registry/scripts.
@dhurley14
adds missing variables from rebase conflicts with master
d7b9b3f
@dhurley14
fixes changes from rebase with master
896deaf
@dhurley14
adds an 'owner' field to the siem-signals mapping, working authz get …
ed6df2a 
…for security solution, need to work through rule registry changes
@dhurley14
minor cleanup
9d1d1e5
@dhurley14 dhurley14 closed this Apr 29, 2021
@kibanamachine
Copy link
Contributor

kibanamachine commented Apr 29, 2021
edited
Loading

💔 Build Failed

Failed CI Steps

Test Failures

Kibana Pipeline / jest / Jest Tests.x-pack/plugins/security_solution/server/lib/detection_engine/signals.searchAfterAndBulkCreate should return success with number of searches less than max signals

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has not failed recently on tracked branches

Stack Trace

Error: expect(received).toEqual(expected) // deep equality

Expected: true
Received: false
    at Object.<anonymous> (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.test.ts:185:21)
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
    at _callCircusTest (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/run.js:212:5)
    at _runTest (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/run.js:149:3)
    at _runTestsForDescribeBlock (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/run.js:63:9)
    at _runTestsForDescribeBlock (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/run.js:57:9)
    at run (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/run.js:25:3)
    at runAndTransformResultsToJestFormat (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/legacy-code-todo-rewrite/jestAdapterInit.js:176:21)
    at jestAdapter (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/legacy-code-todo-rewrite/jestAdapter.js:109:19)
    at runTestInternal (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-runner/build/runTest.js:380:16)
    at runTest (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-runner/build/runTest.js:472:34)
    at Object.worker (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-runner/build/testWorker.js:133:12)
Kibana Pipeline / jest / Jest Tests.x-pack/plugins/security_solution/server/lib/detection_engine/signals.searchAfterAndBulkCreate should return success with number of searches less than max signals with gap

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has not failed recently on tracked branches

Stack Trace

Error: expect(received).toEqual(expected) // deep equality

Expected: true
Received: false
    at Object.<anonymous> (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.test.ts:288:21)
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
    at _callCircusTest (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/run.js:212:5)
    at _runTest (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/run.js:149:3)
    at _runTestsForDescribeBlock (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/run.js:63:9)
    at _runTestsForDescribeBlock (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/run.js:57:9)
    at run (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/run.js:25:3)
    at runAndTransformResultsToJestFormat (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/legacy-code-todo-rewrite/jestAdapterInit.js:176:21)
    at jestAdapter (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/legacy-code-todo-rewrite/jestAdapter.js:109:19)
    at runTestInternal (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-runner/build/runTest.js:380:16)
    at runTest (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-runner/build/runTest.js:472:34)
    at Object.worker (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-runner/build/testWorker.js:133:12)
Kibana Pipeline / jest / Jest Tests.x-pack/plugins/security_solution/server/lib/detection_engine/signals.searchAfterAndBulkCreate should return success when no search results are in the allowlist

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has not failed recently on tracked branches

Stack Trace

Error: expect(received).toEqual(expected) // deep equality

Expected: true
Received: false
    at Object.<anonymous> (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.test.ts:365:21)
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
    at _callCircusTest (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/run.js:212:5)
    at _runTest (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/run.js:149:3)
    at _runTestsForDescribeBlock (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/run.js:63:9)
    at _runTestsForDescribeBlock (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/run.js:57:9)
    at run (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/run.js:25:3)
    at runAndTransformResultsToJestFormat (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/legacy-code-todo-rewrite/jestAdapterInit.js:176:21)
    at jestAdapter (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/legacy-code-todo-rewrite/jestAdapter.js:109:19)
    at runTestInternal (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-runner/build/runTest.js:380:16)
    at runTest (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-runner/build/runTest.js:472:34)
    at Object.worker (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-runner/build/testWorker.js:133:12)

and 39 more failures, only showing the first 3.

Metrics [docs]

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id before after diff
features 89 92 +3
ruleRegistry 52 54 +2
securitySolution 90 91 +1
total +6

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 7.3MB 7.3MB -350.0B

Public APIs missing exports

Total count of every type that is part of your API that should be exported but is not. This will cause broken links in the API documentation system. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats exports for more detailed information.

id before after diff
ruleRegistry 4 5 +1

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
features 6.6KB 6.6KB +33.0B
Unknown metric groups

API count

id before after diff
features 199 208 +9
ruleRegistry 52 54 +2
securitySolution 99 100 +1
total +12

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dhurley14 @kibanamachine @yctercero