From a5d4083c7b620168c9bf885b50ba5efd7a75399b Mon Sep 17 00:00:00 2001 From: nnamdifrankie <56440728+nnamdifrankie@users.noreply.github.com> Date: Fri, 12 Jun 2020 12:45:20 -0400 Subject: [PATCH] [SECURITY SOLUTION] EMT-401: add policy data to metadata and fix tests (#68582) [SECURITY SOLUTION] EMT-401: add policy data to metadata and fix tests --- .../common/endpoint/generate_data.ts | 30 ++- .../common/endpoint/types.ts | 13 +- .../view/details/host_details.tsx | 8 +- .../endpoint/routes/metadata/metadata.test.ts | 114 +++++---- .../endpoint/test_data/all_metadata_data.json | 216 ------------------ .../api_integration/apis/endpoint/metadata.ts | 18 ++ .../alerts/host_api_feature/data.json.gz | Bin 855 -> 888 bytes .../endpoint/metadata/api_feature/data.json | 54 ++++- .../es_archives/endpoint/policy/data.json.gz | Bin 1329 -> 1326 bytes 9 files changed, 174 insertions(+), 279 deletions(-) delete mode 100644 x-pack/plugins/security_solution/server/endpoint/test_data/all_metadata_data.json diff --git a/x-pack/plugins/security_solution/common/endpoint/generate_data.ts b/x-pack/plugins/security_solution/common/endpoint/generate_data.ts index b17a5aa28ac6a..2d004d3315beb 100644 --- a/x-pack/plugins/security_solution/common/endpoint/generate_data.ts +++ b/x-pack/plugins/security_solution/common/endpoint/generate_data.ts @@ -61,14 +61,20 @@ const Mac: HostOS[] = []; const OS: HostOS[] = [...Windows, ...Mac, ...Linux]; -const POLICIES: Array<{ name: string; id: string }> = [ +const APPLIED_POLICIES: Array<{ + name: string; + id: string; + status: HostPolicyResponseActionStatus; +}> = [ { name: 'Default', id: '00000000-0000-0000-0000-000000000000', + status: HostPolicyResponseActionStatus.success, }, { name: 'With Eventing', id: 'C2A9093E-E289-4C0A-AA44-8C32A414FA7A', + status: HostPolicyResponseActionStatus.success, }, ]; @@ -181,7 +187,11 @@ interface HostInfo { host: Host; endpoint: { policy: { - id: string; + applied: { + id: string; + status: HostPolicyResponseActionStatus; + name: string; + }; }; }; } @@ -271,7 +281,12 @@ export class EndpointDocGenerator { * Creates new random policy id for the host to simulate new policy application */ public updatePolicyId() { - this.commonInfo.endpoint.policy.id = this.randomChoice(POLICIES).id; + this.commonInfo.endpoint.policy.applied.id = this.randomChoice(APPLIED_POLICIES).id; + this.commonInfo.endpoint.policy.applied.status = this.randomChoice([ + HostPolicyResponseActionStatus.success, + HostPolicyResponseActionStatus.failure, + HostPolicyResponseActionStatus.warning, + ]); } private createHostData(): HostInfo { @@ -293,7 +308,9 @@ export class EndpointDocGenerator { os: this.randomChoice(OS), }, endpoint: { - policy: this.randomChoice(POLICIES), + policy: { + applied: this.randomChoice(APPLIED_POLICIES), + }, }, }; } @@ -974,7 +991,7 @@ export class EndpointDocGenerator { status: HostPolicyResponseActionStatus.success, }, ], - id: this.commonInfo.endpoint.policy.id, + id: this.commonInfo.endpoint.policy.applied.id, response: { configurations: { events: { @@ -1015,8 +1032,9 @@ export class EndpointDocGenerator { ], }, }, - status: this.randomHostPolicyResponseActionStatus(), + status: this.commonInfo.endpoint.policy.applied.status, version: policyVersion, + name: this.commonInfo.endpoint.policy.applied.name, }, }, }, diff --git a/x-pack/plugins/security_solution/common/endpoint/types.ts b/x-pack/plugins/security_solution/common/endpoint/types.ts index 816f9b77115ec..cfbf8f176b32d 100644 --- a/x-pack/plugins/security_solution/common/endpoint/types.ts +++ b/x-pack/plugins/security_solution/common/endpoint/types.ts @@ -253,7 +253,11 @@ export type AlertEvent = Immutable<{ }; endpoint: { policy: { - id: string; + applied: { + id: string; + status: HostPolicyResponseActionStatus; + name: string; + }; }; }; process: { @@ -357,7 +361,11 @@ export type HostMetadata = Immutable<{ }; endpoint: { policy: { - id: string; + applied: { + id: string; + status: HostPolicyResponseActionStatus; + name: string; + }; }; }; agent: { @@ -700,6 +708,7 @@ export interface HostPolicyResponse { applied: { version: string; id: string; + name: string; status: HostPolicyResponseActionStatus; actions: HostPolicyResponseAppliedAction[]; response: { diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/host_details.tsx b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/host_details.tsx index 9b0ca73cf021f..a3862d4454c1d 100644 --- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/host_details.tsx +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/host_details.tsx @@ -86,7 +86,7 @@ export const HostDetails = memo(({ details }: { details: HostMetadata }) => { title: i18n.translate('xpack.securitySolution.endpoint.host.details.policy', { defaultMessage: 'Policy', }), - description: details.endpoint.policy.id, + description: details.endpoint.policy.applied.id, }, { title: i18n.translate('xpack.securitySolution.endpoint.host.details.policyStatus', { @@ -138,10 +138,10 @@ export const HostDetails = memo(({ details }: { details: HostMetadata }) => { }, ]; }, [ - details.endpoint.policy.id, - details.host.ip, - details.host.hostname, details.agent.version, + details.endpoint.policy.applied.id, + details.host.hostname, + details.host.ip, policyStatus, policyResponseUri, policyStatusClickHandler, diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/metadata.test.ts b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/metadata.test.ts index b2f5866a3ae7d..9b9d4a74e5970 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/metadata.test.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/metadata.test.ts @@ -27,7 +27,6 @@ import { } from '../../../../common/endpoint/types'; import { SearchResponse } from 'elasticsearch'; import { registerEndpointRoutes } from './index'; -import * as data from '../../test_data/all_metadata_data.json'; import { createMockAgentService, createMockMetadataIndexPatternRetriever, @@ -37,6 +36,7 @@ import { AgentService } from '../../../../../ingest_manager/server'; import Boom from 'boom'; import { EndpointAppContextService } from '../../endpoint_app_context_services'; import { createMockConfig } from '../../../lib/detection_engine/routes/__mocks__'; +import { EndpointDocGenerator } from '../../../../common/endpoint/generate_data'; describe('test endpoint route', () => { let routerMock: jest.Mocked<IRouter>; @@ -78,10 +78,7 @@ describe('test endpoint route', () => { it('test find the latest of all endpoints', async () => { const mockRequest = httpServerMock.createKibanaRequest({}); - - const response: SearchResponse<HostMetadata> = (data as unknown) as SearchResponse< - HostMetadata - >; + const response = createSearchResponse(new EndpointDocGenerator().generateHostMetadata()); mockScopedClient.callAsCurrentUser.mockImplementationOnce(() => Promise.resolve(response)); [routeConfig, routeHandler] = routerMock.post.mock.calls.find(([{ path }]) => path.startsWith('/api/endpoint/metadata') @@ -97,8 +94,8 @@ describe('test endpoint route', () => { expect(routeConfig.options).toEqual({ authRequired: true }); expect(mockResponse.ok).toBeCalled(); const endpointResultList = mockResponse.ok.mock.calls[0][0]?.body as HostResultList; - expect(endpointResultList.hosts.length).toEqual(2); - expect(endpointResultList.total).toEqual(2); + expect(endpointResultList.hosts.length).toEqual(1); + expect(endpointResultList.total).toEqual(1); expect(endpointResultList.request_page_index).toEqual(0); expect(endpointResultList.request_page_size).toEqual(10); }); @@ -119,7 +116,7 @@ describe('test endpoint route', () => { mockAgentService.getAgentStatusById = jest.fn().mockReturnValue('error'); mockScopedClient.callAsCurrentUser.mockImplementationOnce(() => - Promise.resolve((data as unknown) as SearchResponse<HostMetadata>) + Promise.resolve(createSearchResponse(new EndpointDocGenerator().generateHostMetadata())) ); [routeConfig, routeHandler] = routerMock.post.mock.calls.find(([{ path }]) => path.startsWith('/api/endpoint/metadata') @@ -138,8 +135,8 @@ describe('test endpoint route', () => { expect(routeConfig.options).toEqual({ authRequired: true }); expect(mockResponse.ok).toBeCalled(); const endpointResultList = mockResponse.ok.mock.calls[0][0]?.body as HostResultList; - expect(endpointResultList.hosts.length).toEqual(2); - expect(endpointResultList.total).toEqual(2); + expect(endpointResultList.hosts.length).toEqual(1); + expect(endpointResultList.total).toEqual(1); expect(endpointResultList.request_page_index).toEqual(10); expect(endpointResultList.request_page_size).toEqual(10); }); @@ -162,7 +159,7 @@ describe('test endpoint route', () => { mockAgentService.getAgentStatusById = jest.fn().mockReturnValue('error'); mockScopedClient.callAsCurrentUser.mockImplementationOnce(() => - Promise.resolve((data as unknown) as SearchResponse<HostMetadata>) + Promise.resolve(createSearchResponse(new EndpointDocGenerator().generateHostMetadata())) ); [routeConfig, routeHandler] = routerMock.post.mock.calls.find(([{ path }]) => path.startsWith('/api/endpoint/metadata') @@ -194,8 +191,8 @@ describe('test endpoint route', () => { expect(routeConfig.options).toEqual({ authRequired: true }); expect(mockResponse.ok).toBeCalled(); const endpointResultList = mockResponse.ok.mock.calls[0][0]?.body as HostResultList; - expect(endpointResultList.hosts.length).toEqual(2); - expect(endpointResultList.total).toEqual(2); + expect(endpointResultList.hosts.length).toEqual(1); + expect(endpointResultList.total).toEqual(1); expect(endpointResultList.request_page_index).toEqual(10); expect(endpointResultList.request_page_size).toEqual(10); }); @@ -203,25 +200,9 @@ describe('test endpoint route', () => { describe('Endpoint Details route', () => { it('should return 404 on no results', async () => { const mockRequest = httpServerMock.createKibanaRequest({ params: { id: 'BADID' } }); + mockScopedClient.callAsCurrentUser.mockImplementationOnce(() => - Promise.resolve({ - took: 3, - timed_out: false, - _shards: { - total: 1, - successful: 1, - skipped: 0, - failed: 0, - }, - hits: { - total: { - value: 9, - relation: 'eq', - }, - max_score: null, - hits: [], - }, - }) + Promise.resolve(createSearchResponse()) ); mockAgentService.getAgentStatusById = jest.fn().mockReturnValue('error'); [routeConfig, routeHandler] = routerMock.get.mock.calls.find(([{ path }]) => @@ -241,13 +222,10 @@ describe('test endpoint route', () => { }); it('should return a single endpoint with status online', async () => { + const response = createSearchResponse(new EndpointDocGenerator().generateHostMetadata()); const mockRequest = httpServerMock.createKibanaRequest({ - // eslint-disable-next-line @typescript-eslint/no-explicit-any - params: { id: (data as any).hits.hits[0]._id }, + params: { id: response.hits.hits[0]._id }, }); - const response: SearchResponse<HostMetadata> = (data as unknown) as SearchResponse< - HostMetadata - >; mockAgentService.getAgentStatusById = jest.fn().mockReturnValue('online'); mockScopedClient.callAsCurrentUser.mockImplementationOnce(() => Promise.resolve(response)); [routeConfig, routeHandler] = routerMock.get.mock.calls.find(([{ path }]) => @@ -269,9 +247,7 @@ describe('test endpoint route', () => { }); it('should return a single endpoint with status error when AgentService throw 404', async () => { - const response: SearchResponse<HostMetadata> = (data as unknown) as SearchResponse< - HostMetadata - >; + const response = createSearchResponse(new EndpointDocGenerator().generateHostMetadata()); const mockRequest = httpServerMock.createKibanaRequest({ params: { id: response.hits.hits[0]._id }, @@ -299,9 +275,7 @@ describe('test endpoint route', () => { }); it('should return a single endpoint with status error when status is not offline or online', async () => { - const response: SearchResponse<HostMetadata> = (data as unknown) as SearchResponse< - HostMetadata - >; + const response = createSearchResponse(new EndpointDocGenerator().generateHostMetadata()); const mockRequest = httpServerMock.createKibanaRequest({ params: { id: response.hits.hits[0]._id }, @@ -327,3 +301,59 @@ describe('test endpoint route', () => { }); }); }); + +function createSearchResponse(hostMetadata?: HostMetadata): SearchResponse<HostMetadata> { + return ({ + took: 15, + timed_out: false, + _shards: { + total: 1, + successful: 1, + skipped: 0, + failed: 0, + }, + hits: { + total: { + value: 5, + relation: 'eq', + }, + max_score: null, + hits: hostMetadata + ? [ + { + _index: 'metrics-endpoint.metadata-default-1', + _id: '8FhM0HEBYyRTvb6lOQnw', + _score: null, + _source: hostMetadata, + sort: [1588337587997], + inner_hits: { + most_recent: { + hits: { + total: { + value: 2, + relation: 'eq', + }, + max_score: null, + hits: [ + { + _index: 'metrics-endpoint.metadata-default-1', + _id: 'W6Vo1G8BYQH1gtPUgYkC', + _score: null, + _source: hostMetadata, + sort: [1579816615336], + }, + ], + }, + }, + }, + }, + ] + : [], + }, + aggregations: { + total: { + value: 1, + }, + }, + } as unknown) as SearchResponse<HostMetadata>; +} diff --git a/x-pack/plugins/security_solution/server/endpoint/test_data/all_metadata_data.json b/x-pack/plugins/security_solution/server/endpoint/test_data/all_metadata_data.json deleted file mode 100644 index 48952afb33f68..0000000000000 --- a/x-pack/plugins/security_solution/server/endpoint/test_data/all_metadata_data.json +++ /dev/null @@ -1,216 +0,0 @@ -{ - "took": 343, - "timed_out": false, - "_shards": { - "total": 1, - "successful": 1, - "skipped": 0, - "failed": 0 - }, - "hits": { - "total": { - "value": 4, - "relation": "eq" - }, - "max_score": null, - "hits": [ - { - "_index": "metadata-endpoint-default-1", - "_id": "WqVo1G8BYQH1gtPUgYkC", - "_score": null, - "_source": { - "@timestamp": 1579816615336, - "event": { - "created": "2020-01-23T21:56:55.336Z" - }, - "elastic": { - "agent": { - "id": "56a75650-3c8a-4e4f-ac17-6dd729c650e2" - } - }, - "endpoint": { - "policy": { - "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A" - } - }, - "agent": { - "version": "6.8.3", - "id": "56a75650-3c8a-4e4f-ac17-6dd729c650e2", - "name": "Elastic Endpoint" - }, - "host": { - "id": "7141a48b-e19f-4ae3-89a0-6e7179a84265", - "hostname": "larimer-0.example.com", - "ip": "10.21.48.136", - "mac": "77-be-30-f0-e8-d6", - "architecture": "x86_64", - "os": { - "name": "windows 6.2", - "full": "Windows Server 2012", - "version": "6.2", - "variant": "Windows Server" - } - } - }, - "fields": { - "host.id.keyword": ["7141a48b-e19f-4ae3-89a0-6e7179a84265"] - }, - "sort": [1579816615336], - "inner_hits": { - "most_recent": { - "hits": { - "total": { - "value": 2, - "relation": "eq" - }, - "max_score": null, - "hits": [ - { - "_index": "metadata-endpoint-default-1", - "_id": "WqVo1G8BYQH1gtPUgYkC", - "_score": null, - "_source": { - "@timestamp": 1579816615336, - "event": { - "created": "2020-01-23T21:56:55.336Z" - }, - "elastic": { - "agent": { - "id": "56a75650-3c8a-4e4f-ac17-6dd729c650e2" - } - }, - "endpoint": { - "policy": { - "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A" - } - }, - "agent": { - "version": "6.8.3", - "id": "56a75650-3c8a-4e4f-ac17-6dd729c650e2", - "name": "Elastic Endpoint" - }, - "host": { - "id": "7141a48b-e19f-4ae3-89a0-6e7179a84265", - "hostname": "larimer-0.example.com", - "ip": "10.21.48.136", - "mac": "77-be-30-f0-e8-d6", - "architecture": "x86_64", - "os": { - "name": "windows 6.2", - "full": "Windows Server 2012", - "version": "6.2", - "variant": "Windows Server" - } - } - }, - "sort": [1579816615336] - } - ] - } - } - } - }, - { - "_index": "metadata-endpoint-default-1", - "_id": "W6Vo1G8BYQH1gtPUgYkC", - "_score": null, - "_source": { - "@timestamp": 1579816615336, - "event": { - "created": "2020-01-23T21:56:55.336Z" - }, - "elastic": { - "agent": { - "id": "c2d84d8f-d355-40de-8b54-5d318d4d1312" - } - }, - "endpoint": { - "policy": { - "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A" - } - }, - "agent": { - "version": "6.4.3", - "id": "c2d84d8f-d355-40de-8b54-5d318d4d1312", - "name": "Elastic Endpoint" - }, - "host": { - "id": "f35ec6c1-6562-45b1-818f-2f14c0854adf", - "hostname": "hildebrandt-6.example.com", - "ip": "10.53.92.84", - "mac": "af-f1-8f-51-25-2a", - "architecture": "x86_64", - "os": { - "name": "windows 10.0", - "full": "Windows 10", - "version": "10.0", - "variant": "Windows Pro" - } - } - }, - "fields": { - "host.id.keyword": ["f35ec6c1-6562-45b1-818f-2f14c0854adf"] - }, - "sort": [1579816615336], - "inner_hits": { - "most_recent": { - "hits": { - "total": { - "value": 2, - "relation": "eq" - }, - "max_score": null, - "hits": [ - { - "_index": "metadata-endpoint-default-1", - "_id": "W6Vo1G8BYQH1gtPUgYkC", - "_score": null, - "_source": { - "@timestamp": 1579816615336, - "event": { - "created": "2020-01-23T21:56:55.336Z" - }, - "elastic": { - "agent": { - "id": "c2d84d8f-d355-40de-8b54-5d318d4d1312" - } - }, - "endpoint": { - "policy": { - "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A" - } - }, - "agent": { - "version": "6.4.3", - "id": "c2d84d8f-d355-40de-8b54-5d318d4d1312", - "name": "Elastic Endpoint" - }, - "host": { - "id": "f35ec6c1-6562-45b1-818f-2f14c0854adf", - "hostname": "hildebrandt-6.example.com", - "ip": "10.53.92.84", - "mac": "af-f1-8f-51-25-2a", - "architecture": "x86_64", - "os": { - "name": "windows 10.0", - "full": "Windows 10", - "version": "10.0", - "variant": "Windows Pro" - } - } - }, - "sort": [1579816615336] - } - ] - } - } - } - } - ] - }, - "aggregations": { - "total": { - "value": 2 - } - } -} diff --git a/x-pack/test/api_integration/apis/endpoint/metadata.ts b/x-pack/test/api_integration/apis/endpoint/metadata.ts index 6c6db10729ab6..61f294cbd6f9c 100644 --- a/x-pack/test/api_integration/apis/endpoint/metadata.ts +++ b/x-pack/test/api_integration/apis/endpoint/metadata.ts @@ -199,6 +199,24 @@ export default function ({ getService }: FtrProviderContext) { expect(body.request_page_index).to.eql(0); }); + it('metadata api should return the latest event for all the events where policy status is not success', async () => { + const { body } = await supertest + .post('/api/endpoint/metadata') + .set('kbn-xsrf', 'xxx') + .send({ + filter: `not endpoint.policy.applied.status:success`, + }) + .expect(200); + const statuses: Set<string> = new Set( + body.hosts.map( + (hostInfo: Record<string, any>) => hostInfo.metadata.endpoint.policy.applied.status + ) + ); + + expect(statuses.size).to.eql(1); + expect(Array.from(statuses)).to.eql(['failure']); + }); + it('metadata api should return the endpoint based on the elastic agent id, and status should be error', async () => { const targetEndpointId = 'fc0ff548-feba-41b6-8367-65e8790d0eaf'; const targetElasticAgentId = '023fa40c-411d-4188-a941-4147bfadd095'; diff --git a/x-pack/test/functional/es_archives/endpoint/alerts/host_api_feature/data.json.gz b/x-pack/test/functional/es_archives/endpoint/alerts/host_api_feature/data.json.gz index 49082ed3bec8b0876ab3ea453581b858ce2b3d81..2921abededde5a5f343bad81a7e3ac71d752ae55 100644 GIT binary patch literal 888 zcmV-;1Bd({iwFpqk=<SZ17u-zVJ>QOZ*BnXmP?P@HV}aC{uPGLI|3g=itMS*c8eSq zMT-Cpf})4v%d6J53`=&hUHHG3a@HGL@;<N)awq~=hCL6>kTd)^ccbxm(%!D(<cIMj z)P8c&3AQxfbdtOLC;zQNr@g)YWx?J~--Mq^_5S*=>kq%B-}mO7#WKWCozWt;>&iC} zmtj>`%eKe@3e*yWm}oO^fggODdb9RlqGZXBZMBF^ON&*Oa%GSqN~uuUi-QTx;<7#R zdB`qObQoQLL_Pv~QG!FJ!Dx@1h?R!9$;B71ZCp21z3g0dAqzXXSM44`#W^)?<xhhR z<3D7;IU3_Ag2|x(W9h&IVSvaBA{(ONdh+158^*ieveSU8dS3b4eneWW=2Z+maaJs8 zu`lKOs=XOsZF92Ka(1-tqkJ#L)G{lt;7S+^c*&+Pog#v{lwyh;f1Z}pzGp5@yJ<S_ zX5)Qqn#qxV_tfIHgSz>3q;|iClTr^{Z|bJ!*+~uyeVcy+xkb8Jc=h+@xWu2A>Cpx5 zT>@U(5->y#R(JsdO(~s~DwpfTt82bLjyIdLg0uXTtPoh9Y{_27Wg%F8>_BB?VR*su zsP2Crg<6pB$5Od>EpUWrAy>t*^PY9n?})US&p#J_8S0PC_+4D*79R`7#c5iHjr(|S zsEeM#mev*Ri`9Es&+PaBi8GBoI(+X&yV2<G<)C@vdZ3xjR^J3PTIm;nMg{F7CXn1? zcg%A?@gSh27+F3~${PD9XmnxzJ7|=1+&UEClu3YS@|nfRpk%(JV0@X>xq5sD&1tD$ z1Ddp+i@K#$(-1U~QxeKbNKtV>>Ka4vykL{>9!Z`H_5#pYQ*@l+1C|ISGKLDRhX4|$ z5K<M=ycjbmbAsSJBmtU$dgxLJ8kEaig%BX(Yazth)9lH~vuEM+>$-lFJo^`XMfCUq zdT!o*8}wN7JbFr>Y${2DFr@QU#v?d~3K&yF!X$12djdUQVa8$7Di?(YsbofvW+p>O z=c~#|lQU3gto)9iXV7EKYtZ9A{i9~{+)%4CGmeXfF(yG<-Q7tn<)cd+l0`3tLyT5E ziykxu&(n$!;>?JX`$y!@P{Tww<;X|olr!itu_KGKAP9_tV0!3bU|H^M5V@;5KK)My Opnn0M>kI*D4FCY?V7p2H literal 855 zcmV-d1E~BTiwFppBGFy|17u-zVJ>QOZ*BnHmP>ErHW0_}{uGAK8G(->MfOy0nqm(@ z(PDuvilT?%%W-R4hAn$H4f5SP$|hMyavn$*dkA0|5;>z8@<04(u14eWq`h3{$q(a6 zYU1Ri8`#rg*Nt5913%7FH+y;h%Tm0bzDqyV=HvO_=YRZGe!nsAELJIh?u?eX-OS?_ z@+z&H`KqmWfD*L?DHqx;T99`>+h(_kU!(BIkL`S!w=FH#JSvStfvB}X<4^8PXqH#) zfzN$*nR37!5)_IVFsd2?3JcCgltiL-B1}%cdhPROJ8xE<tF3h9C%04A_o4EFw(UGV z3^t5^pMjL<T%Zh&LjmSGfJ@2&QB*`eWhd?A-tBrA?{>=`23$9bdAvLx@l;K{@cInS zl=Fb6VhYnKBDhnnrYP~}X+1qyGyAP*d872ld3!NF+w)rHtJ#xD?FaiEH<{X;`VtLX zFPd%7vm3d~;62|1g=M)|M)S|^P?|4`ix`rOp@6J?4Vbb7uc88luGYb8!`uA8t1Fs6 z4;L#%B?Vu#s1()@H=>)9x>ABKKbUg5a<Y<mpx0jqp_UZ;u?*Lo2Z@k9uogia_iVO( zCChHH_@c-vHJ`TQ4|&6-IaWfd<I;V)HMCXFU{9Ml-H6qDS<mdS@YNCRM|c0%qwCS= z>g9lV7kYr0&DP%q5Z2fi0Kz02GZxS?Vs|{bo@7!`Q_g}<k@3zy3J6=d{|^Wgg7g6u z1mg-IIzFkG1=J$elw7QfIi|;(00c|)8bFlILNzUwhK7L1l8Q23L&-)0QYWaAyiCWe z*A%4^F93vhRmTT8V1P1;@ljbj1c!2!(x%ex#dtu?2||ca6j%c4A;%zCFoAgpDM7~9 z!b6IunZe16XQA=yrg@YYH!t{x$cO`ETzvRG$nfrYWYn?vQj-Sd$nqyhW(WZd2w{kn zE7B$L1TwxsPa(87Au9{oXhwz=j^SbX6BD%K3=BH2-z+k`dkr$;=YP#?!G*9s(o=-& zgb*66x7{~D6h3k!p?Hj11;p&lv&cYKN$w7mQb$?})?M*$I3rZoRp>|hf+NUqxg$dG hpa`6S<a)>u;04ztD6WQ%D{rLX_z(6@!yl0h000txpKkyF diff --git a/x-pack/test/functional/es_archives/endpoint/metadata/api_feature/data.json b/x-pack/test/functional/es_archives/endpoint/metadata/api_feature/data.json index 0f9f86b36dec7..a8d868ebbec15 100644 --- a/x-pack/test/functional/es_archives/endpoint/metadata/api_feature/data.json +++ b/x-pack/test/functional/es_archives/endpoint/metadata/api_feature/data.json @@ -17,7 +17,11 @@ }, "endpoint": { "policy": { - "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A" + "applied": { + "name": "Default", + "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A", + "status": "failure" + } } }, "event": { @@ -66,7 +70,11 @@ }, "endpoint": { "policy": { - "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A" + "applied": { + "name": "Default", + "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A", + "status": "success" + } } }, "event": { @@ -114,7 +122,11 @@ }, "endpoint": { "policy": { - "id": "00000000-0000-0000-0000-000000000000" + "applied": { + "name": "Default", + "id": "00000000-0000-0000-0000-000000000000", + "status": "failure" + } } }, "event": { @@ -160,7 +172,11 @@ }, "endpoint": { "policy": { - "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A" + "applied": { + "name": "Default", + "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A", + "status": "failure" + } } }, "event": { @@ -209,7 +225,11 @@ }, "endpoint": { "policy": { - "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A" + "applied": { + "name": "Default", + "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A", + "status": "success" + } } }, "event": { @@ -256,7 +276,11 @@ }, "endpoint": { "policy": { - "id": "00000000-0000-0000-0000-000000000000" + "applied": { + "name": "With Eventing", + "id": "00000000-0000-0000-0000-000000000000", + "status": "failure" + } } }, "event": { @@ -303,7 +327,11 @@ }, "endpoint": { "policy": { - "id": "00000000-0000-0000-0000-000000000000" + "applied": { + "name": "With Eventing", + "id": "00000000-0000-0000-0000-000000000000", + "status": "failure" + } } }, "event": { @@ -351,7 +379,11 @@ }, "endpoint": { "policy": { - "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A" + "applied": { + "name": "Default", + "id": "C2A9093E-E289-4C0A-AA44-8C32A414FA7A", + "status": "success" + } } }, "event": { @@ -398,7 +430,11 @@ }, "endpoint": { "policy": { - "id": "00000000-0000-0000-0000-000000000000" + "applied": { + "name": "With Eventing", + "id": "00000000-0000-0000-0000-000000000000", + "status": "success" + } } }, "event": { diff --git a/x-pack/test/functional/es_archives/endpoint/policy/data.json.gz b/x-pack/test/functional/es_archives/endpoint/policy/data.json.gz index 2fab424d27cad68350e8ea2544f0005c44e6a688..f380785f021bbfa49f17206df174a6a44c9d69df 100644 GIT binary patch literal 1326 zcmV+}1=0E+iwFqfquyQs17u-zVJ>QOZ*BnXm`iWtHW0_}`4ogtyFh5@LA}~b-PAem zq1{DW6oo;Nl*5fA3X*JZcH!?{QV(0!Beny1y9Zr@n3@^>X88Vpy8~dBza(t-6PQs! zX7{RLi^Gj-`6hqJpPZ_%A09s^y1D%I@0Z^{Zhbra?c?XC!dzLzlzmY~5zA9fGRR_@ z2p;G2M1-8YK*|EV33I5|9+}vr<k*L7`6cHO%W@ngvQ@WS7a`NpY}2&wYZJU?ao+Gb zuwh-p#I{_BO`kv{|A!tz7}_rNe5w-*TWofJ^xCpC<04kB`dpi9Fcbubb3-#U4e9n= zn^m^^L*I;Kr#+v<K)o&@&T>vp-MTp(vLHV7v2MFi_oxd|;1TFD&w-9%7>?#K*LH*1 z!EN8|uPXX!hvf*gd&Ef+az<Ot>I2DTR$1qR{6s_?@bxBTt17dM;gmeBWP8jCw;nH` zCPkLXv{i~Hj(~_L%D^Ek1=)rWX&h|A@TD<che&dI<Qv5{t1M?Nn|<4<0sYL<n1yE% zA2AOlN-mCIpmKecD3E^A_8Ov4tk*nVpGEqkQI=-8YX7k-72$A)Q+Af?Q_Q|3a^xin zOH+{^*d!FFgN#-*HODR;#FL8gnCBda{Hx@Q<d1-dIZH>X8fCfSk}=szBrIOBtz6)J z>*p21EEh>4=~NV;qJSa_NLeD%e7qrU!tPR@vrB1@i$bB6oJD}!g7QfAFP90X*OygQ z6{l)$7EyqTa$DLY70UjNGoWOxV%!Q;?Bb%D>rnVOT**FpAb0$0CO{nnEdN@9NYHcp z;`MN4(94O`S@r@jC~75QAOes-vBPGBi^g~5&hdUESUD#0vQiE8s_g0qM=ol6A!+j< z1_@3xiG2b$CR24%TsZE_;-sN0V`;IetFz`X6@Lb?0P_0EX?^~b?eYwebfK*NNZ=_` zds6!vbV+GXmc0rCmaR+C_+>6>ubQh}%+mjMeC2Gvj<11Ny5A13x@=v_7jPC*@UHTj zQ|52hTh4ax<qXY1AU3f)nBod|OwM{Wy?LDLg;SntH!0{&q|ZSpc0bmRdGfmjT|Lnr zjD@Fp<`OOq*MsOmTfoHvA?QAs#scZ+ap5dloy$?l68WO)yH3we@CQ!eSFRIf1fr6r ztK-Y<pB}^30njbb3D5Bj&|~*+pL3(W(l1tbmX1|tA{0==Z=mba8@w|P<l1xg3|J0c zn{Qp5*B)YTDo!_r?~wAqBd<T@ESH;5G|r6Z&gQeze(<GV+cjUIqYnR7yHR&DYZ)}u zDGy;?Bg})IP7H`_&xfvIGH5W(p@Hcj-*(#WF^-D;_fMWbfu$Px7W5IXM~B*WWI7@T zH813*US;nn<oSl<F>FDsQw)(|nGh2LL&w1sA;X~-wVOiTGmi_uQsi14w%QKUlgN6N zLll_4=PKpUvnfPMc*CY)L&Mal<Jcy3WO3?fclF=>-Tv-Q#ky2G4O`mj*Y$_nYNxhk zPTJ|Doi-v(+Uca7PTJ`>u#<K=X{VER`c~LUI~|W{(oQGsbka`8;+(Y8NjvQ^Y#jhS z7NbgF<4K}Dd&8v)*sYTsPue^zh=J64itvWyuF`Es7BQQzw+r;z=2PlooqxdaTyX~< z8>7yjt9F}iz+r7v(_G&(s0)2eC`6PQ(6wwII)0#I6B&-LYu{NLZ7X+2iHn&;(z;3( kH6YR~3u59MkeQmrFtI%r=uM&Sf7C|*19C{>=T|BK0Q6XxKL7v# literal 1329 zcmV-11<v{(iwFp?Gq7F&17u-zVJ>QOZ*BnXSxax@HW0q&R}ebw0->P?^=dD5Q|Gvc zb_=v93WFjkhZ|WGB-z>QBLBUlB-?uWk;rX;>ati<GsABl9CE&VzX3qYpA)A205mFy zcB>Y)INGR{@A8NI$*KDK>HbS%Sc{+keE#+GHgKX}K7V;A#Fa!$*;ggBW_ij<23brK z!Q*_Eh=`MCNLh$CQ4WorMkY2XIqV@<e#-fpWjS6aa@DXs4<XCd9m{fVcOrPj;=HD_ z$A%3Z6UX)-wgLi?{6F*&!qD-kA5eqX*k;=8L2Jv>jEh*Q8Z&*S!$=Su%}m|Yb!0d* zU8`hY_IopuHFs{<K)osv&T>wgYF!`pUXXwW*l;{(_|$_a^a=Es??Tr!O;`7s=XjyE zS9|I1R|UPfVVQyUjyOpo&S+~{eIU8?D(ifZpNNP<zS^X0S$UQ*oRWv7T#s3y)}sYf zQDm8PTe;X!1VpUY8Q7bpAlnckg~Lr0J=gNJw<OCW-zaQaC8@P!UfN1E(2p#QS#%QO zJ?4>wl8XZ{P^lh86iPiQdkLaQtX4c;orLsTEiCnL?excv)EY-mIAtes{T{QgiOjr& z!qQZvdu$RE*clluXsX7}O=2TrJmxva5&tG}uH}!AM>$JJiW+6P!X<68rAS!3WLtT_ z`_9i1gjp_<M50qxfU*J#D<EZwNb~VhTnGD<@|>NE_HZZ^)DmZ5;JQHhTJA5838t5a zRYeu2sx}KNKv}si+9VZ9{*@I_Vy$dk3#fRCi)gMQ5#VSk_vE4M_?HyG&IVZgu>fm9 zPxZyi!IehON2KnuXMjNwD-i<`g8YH)n-MM+Ka`#0<49m-PUK^yO7*hb>YYO_VtXdi z`b7*9oMsYs1KgOHs+;1>yf2EIhO&&MMN?OI&At?W1hD|}`O4|;{wdex9U##~GWsI{ zPnqgT?Pt(Ap=}&{Wd<x-kD~FzT%x_GR=Y4u{p;Z?tNk*3HF%}^_25;Ht#k2(oJACT zsI+F31)J5Dv!{=;LURy`O)M{_xPm(-&fRHxb)I(zr@Ym!63{1+K8BHadS4y0@w)}O z8qw~|xv%@y0xnF?hv-h9!}%N`=-pZ792w|-?#^4A_YYuiv)LR!eI(~!!hGl(#DvK4 z1L&C+gC^5m8d@$299KK)T*|UU4t;$ueytJVfrrA87f)${sJzhSVYvLON3eBAb#vIj za~M;4<o@ncu9bk)i`BELBh{(Z0@U!BcA0yF&)NZBd#=X;$-$TXwS#kPR(w@(x-R?+ zE)UG1{Vr#@?33$pDxzD>C(C}2jM&N52jx-Ie^JBi_S=@g8#>rw=N=Yp+aU>w%vWBJ zUA?^Gfkq5W*Js#<*q|69)3zWcCWfwyDMF@8ZR*r%#77<%dS!=S?z?CQ(}T!*c}o;p zf$u5a(sw9CiuS{n=|I!csp~oxbq{`*o~nOeZeDI~l&y1_+o;9dep`LIE_3VH*2LUS z%x%rm#N1BI?Zn)U19oC=C+2oyZeI&_Vs6L7G%>dmb2~A&W8s{b+y5JLtLt9in{s3f zFp={=WhV4&CxC7c8rVXn8yLEF)VX)b-1bO}O2Car$o90abNRPxJ2@V)x<9i6uJr`r z70zA68jnn&)(6Zp*y8%MclKWy1_Vz9cW@pWwSF#Yh+Tuj%<QEd>TS$yn>RcVY|J7O nh^I(d6C&NVAtr$dnWftd6US$vQKt$2LuU3LlvaA7Q!4-f3D}nT