elastic · tiansivive · Jan 31, 2024 · Jan 31, 2024
diff --git a/commands/entity-store.mjs b/commands/entity-store.mjs
@@ -4,11 +4,13 @@ import { chunk } from "lodash-es";
 import moment from "moment";
 import auditbeatMappings from "../mappings/auditbeat.json" assert { type: "json" };
 import { assignAssetCriticality, enableRiskScore, createRule } from "./api.mjs";
-import { ENTITY_STORE_OPTIONS } from "../constants.mjs";
+import { ENTITY_STORE_OPTIONS, generateNewSeed } from "../constants.mjs";
 
 let client = getEsClient();
 let EVENT_INDEX_NAME = "auditbeat-8.12.0-2024.01.18-000001";
 
+const offset = () => Math.random() * 1000;
+
 const ASSET_CRITICALITY = [
   "very_important",
   "not_important",
@@ -33,7 +35,7 @@ export const createRandomHost = () => {
 
 export const createFactoryRandomEventForHost = (name) => () => {
   return {
-    "@timestamp": moment().format("yyyy-MM-DDTHH:mm:ss.SSSSSSZ"),
+    "@timestamp": moment().subtract(offset(), "h").format("yyyy-MM-DDTHH:mm:ss.SSSSSSZ"),
     message: `Host ${faker.hacker.phrase()}`,
     service: {
       type: "system",
@@ -52,7 +54,7 @@ export const createFactoryRandomEventForHost = (name) => () => {
 
 export const createFactoryRandomEventForUser = (name) => () => {
   return {
-    "@timestamp": moment().format("yyyy-MM-DDTHH:mm:ss.SSSSSSZ"),
+    "@timestamp": moment().subtract(offset(), "h").format("yyyy-MM-DDTHH:mm:ss.SSSSSSZ"),
     message: `User ${faker.hacker.phrase()}`,
     service: {
       type: "system",
@@ -114,9 +116,9 @@ const assignAssetCriticalityToEntities = async (entities, field) => {
  * Then Generate events, assign asset criticality, create rule and enable risk engine
  * @param {*} param0
  */
-export const generateEntityStore = async ({ users = 10, hosts = 10, options}) => {
-  if(options.includes(ENTITY_STORE_OPTIONS.seed)) {
-    faker.seed(12345);
+export const generateEntityStore = async ({ users = 10, hosts = 10, seed = generateNewSeed(), options }) => {
+  if (options.includes(ENTITY_STORE_OPTIONS.seed)) {
+    faker.seed(seed);
   }
   try {
     const generatedUsers = faker.helpers.multiple(createRandomUser, {
@@ -141,24 +143,24 @@ export const generateEntityStore = async ({ users = 10, hosts = 10, options}) =>
     await ingestEvents(eventsForHosts);
     console.log("Hosts events ingested");
 
-    if(options.includes(ENTITY_STORE_OPTIONS.criticality)) {
+    if (options.includes(ENTITY_STORE_OPTIONS.criticality)) {
       await assignAssetCriticalityToEntities(generatedUsers, "user.name");
       console.log("Assigned asset criticality to users");
       await assignAssetCriticalityToEntities(generatedHosts, "host.name");
       console.log("Assigned asset criticality to hosts");
     }
-    
-    if(options.includes(ENTITY_STORE_OPTIONS.riskEngine)) {
+
+    if (options.includes(ENTITY_STORE_OPTIONS.riskEngine)) {
       await enableRiskScore();
       console.log("Risk score enabled");
     }
-
 
-    if(options.includes(ENTITY_STORE_OPTIONS.rule)) {
+
+    if (options.includes(ENTITY_STORE_OPTIONS.rule)) {
       await createRule();
       console.log("Rule created");
     }
-  
+
 
     console.log("Finished generating entity store");
   } catch (error) {

diff --git a/constants.mjs b/constants.mjs
@@ -4,3 +4,7 @@ export const ENTITY_STORE_OPTIONS = {
   riskEngine: "riskEngine",
   rule: "rule",
 };
+
+export const generateNewSeed = () => {
+  return Math.round(Math.random() * 100000);
+}
diff --git a/index.mjs b/index.mjs
@@ -14,41 +14,41 @@ import {
 } from "./commands/entity-store.mjs";
 import config from "./config.json" assert { type: "json" };
 import inquirer from "inquirer";
-import { ENTITY_STORE_OPTIONS } from "./constants.mjs";
+import { ENTITY_STORE_OPTIONS, generateNewSeed } from "./constants.mjs";
 
 const withEsValidation =
   (fn) =>
-  (...args) => {
-    if (!config.elastic.node) {
-      return console.log("Please provide elastic node in config.json");
-    }
-    const hasApiKey = config.elastic.apiKey;
-    const hasPassword = config.elastic.username && config.elastic.password;
-    if (!hasApiKey && !hasPassword) {
-      console.log(
-        "Please provide elastic apiKey or username/password in config.json"
-      );
-      return;
-    }
-    return fn(...args);
-  };
+    (...args) => {
+      if (!config.elastic.node) {
+        return console.log("Please provide elastic node in config.json");
+      }
+      const hasApiKey = config.elastic.apiKey;
+      const hasPassword = config.elastic.username && config.elastic.password;
+      if (!hasApiKey && !hasPassword) {
+        console.log(
+          "Please provide elastic apiKey or username/password in config.json"
+        );
+        return;
+      }
+      return fn(...args);
+    };
 
 const withKibanaValidation =
   (fn) =>
-  (...args) => {
-    if (!config.kibana.node) {
-      return console.log("Please provide kibana node in config.json");
-    }
-    const hasPassword = config.kibana.username && config.kibana.password;
-    const hasApiKey = config.kibana.apiKey;
-    if (!hasApiKey && !hasPassword) {
-      console.log(
-        "Please provide kibana apiKey or username/password in config.json"
-      );
-      return;
-    }
-    return fn(...args);
-  };
+    (...args) => {
+      if (!config.kibana.node) {
+        return console.log("Please provide kibana node in config.json");
+      }
+      const hasPassword = config.kibana.username && config.kibana.password;
+      const hasApiKey = config.kibana.apiKey;
+      if (!hasApiKey && !hasPassword) {
+        console.log(
+          "Please provide kibana apiKey or username/password in config.json"
+        );
+        return;
+      }
+      return fn(...args);
+    };
 
 program
   .command("generate-alerts")
@@ -135,12 +135,33 @@ program
               },
             },
           ])
+          .then(answers => {
+            const seed = generateNewSeed();
+            if (answers.options.includes(ENTITY_STORE_OPTIONS.seed)) {
+              return inquirer.prompt([
+                {
+                  type: "input",
+                  name: "seed",
+                  message: `Enter seed to generate stable random data or <enter> to use a new seed`,
+                  default() {
+                    return seed;
+                  },
+                },
+              ]).then(seedAnswer => {
+                return { ...answers, ...seedAnswer };
+              })
+            }
+            return { ...answers, seed }
+          })
           .then((answers) => {
+
             const users = parseInt(answers.users);
             const hosts = parseInt(answers.hosts);
+            const seed = parseInt(answers.seed)
             generateEntityStore({
               users,
               hosts,
+              seed,
               options: answers.options,
             });
           });